I have been asked many times for the port information and tried many ways to try and portray this in a manner which is simple to understand. For further URL’s IP’s please review the following Microsoft information – https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity. I will maintain the separate workloads from this blog but it sometimes it is not always kept up to date 100%!
| Server/Service | Port | Protocol | Direction |
| ADFS (Internal) | 443 | TCP | Inbound/Outbound |
| ADFS (Proxy DMZ) or WAP Server | 443 | TCP | Inbound/Outbound |
| Microsoft Online Portal (Website) | 443 | TCP | Inbound/Outbound |
| Outlook Web Access (Website) | 443 | TCP | Inbound/Outbound |
| Lync/Skype for Business Client | 443 | TCP | Inbound/Outbound |
| SharePoint Online (Website) | 443 | TCP | Inbound/Outbound |
| Outlook for Mac | 443 | TCP | Inbound/Outbound |
| Outlook Client | 443 | TCP | Inbound/Outbound |
| Mail Routing | 25 | TCP | Inbound/Outbound |
| SMTP Relay (requires TLS) | 587 | TCP | Inbound/Outbound |
| Simple IMAP4 migration Tool | 143/993 | TCP | Inbound/Outbound |
| POP3 (requires SSL) | 995 | TCP | Inbound/Outbound |
| DirSync/Azure Active Directory Connect | 80/443 | TCP | Inbound/Outbound |
| Exchange Migration Tool | 80/443 | TCP | Inbound/Outbound |
| IMAP Migration Tool | 80/443 | TCP | Inbound/Outbound |
| Exchange Management Console | 80/443 | TCP | Inbound/Outbound |
| Exchange Management Shell | 80/443 | TCP | Inbound/Outbound |
| SfB (Data Sharing Sessions) | 443 | TCP | Outbound |
| SfB (Video, Audio, Application Sharing) | 443 | TCP | Outbound |
| SfB (Audio & Video) | 3478 | UDP | Outbound |
| SfB (Audio & Video) | 50000-59999 | TCP/UDP | Outbound |
| SfB/Lync Mobile Push iOS Only | 5223 | TCP | Outbound |
It should be noted that 3rd party certificate revocation will be required which is carried out normally anonymously on port 80 so any proxies/firewalls routing the traffic should expect this. Depending on your provider you may be able to get the CRL URL in advance but for Office 365 this is not as simple.
What about 5061, out for Lync (logon) ?
Is it correct you nee inbound, 443 for the Microsoft Online Portal (Website) ?
For Lync Online logon is TCP 443 and not 5061.
The MS portal website requires a stateful bi-directional firewall rule (443) to allow traffic to flow freely between the client and the portal.
Hi There,
Maybe you can help me. I’ve logged a support call with MS and got nothing back and posted on the MS forum with no positive feedback.
I’m trying to connect to Exchange Online using the EMC but it’s just not working. I keep getting an error saying “The attempt to connect to https://ps.outlook.com/Poershell/Powershell.htm using “Basic authentication failed……..”
I have NO on-premise exchange but I have successfully installed the EMC (ran schema and AD updates etc). I connect to the internet via a proxy and although I have federation in place I am using a non-federated account (as suggested by a forum member) to authenticate with the EMC.
The correct firewall ports are open as I can successfully connect to Exchange online from the same server with PS using the same credentials that I use with the EMC. Which seems strange as the EMC is just a GUI to push PS commands out.
Any ideas?
Hi Craig
The command I always use to connect is as follows:
import-module msonline
$cred=get-credential
$Sess = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell/ -Credential $Cred -Authentication Basic -AllowRedirection
Import-PSSession $Sess
Using this in PS and you should connect successfully if you are using the correct credentials.
Yeah, I can connect with PS OK, it’s the EMC I can’t connect with.
For the account you are using to connect to Exchange Online is it the admin@vanitydomain.onmicrosoft.com account? Also is the error complaining about certificates at all? Also is there any proxy servers in the way for the server to go out to the internet?