I was recently working on an Office 365 deployment when the question about firewall ports came up. So I thought I would share this information: Server/Service Port Protocol Direction ADFS (Internal) 443 TCP Inbound/Outbound ADFS (Proxy DMZ) or WAP Server 443 TCP Inbound/Outbound Microsoft Online Portal (Website) 443 TCP Inbound/Outbound Outlook Web Access (Website) 443.
This was a question for a large university in Arizona moving faculty, staff and students to Office 365.Here are the ports from the deployment guide (note: these are subject to change so refer to the latest Port and IP list):. SMTP Relay with Exchange Online requires TCP port 587 and requires TLS. See for details on how to configure SMTP Relay with Exchange Online. Note: you will need to provide the SMTP server which is specific to the mailbox used for relay. See the TechNet article. POP3 access with Exchange Online requires TCP port 995 ) and requires SSL.
Gavin,For our federation services using ADFS it is using TCP port 443. I don't know if F5 APM SAML is tested or supported with Office 365. See here for a list of tested 3rd party STS/IdPs: and this for Shibb as an STS/IdP:.Typically, the request for SAML tokens occurs directly to the STS (ADFS, Shibb, or other tested STS/IdPs) in some cases the token request will come from Office 365 or directly from the requesting client to the STS via 443 when request is made from off network (Internet) e.g. Mobile device, Outlook, remote web or Lync, etc. Hi there,Sorry if the answer is already on the page staring at me, but I'm just not 100% which of these ranges applies to my scenarioI'm configuring Office 365 for federated security using our inhouse F5 APM SAML Service as a SAML IdP. I need to know which IP ranges to allow into our site so that Office 365 can redirect clients to our IdP for authentication, and of course the reverse for my outbound rule.
Is it the range for Exchange online or Office 365 Portal? Where will these authentication requests come from?
And wha ports? Thanks in advance!. When will Microsoft finally start to publish all thes IP lists in ONE place and up to date with IP's/ranges added BEFORE they are used in production.We manage Firewalls for many customers and these customers don't like to open the Internet for all ports required for all Office365 services.It would be useful for anyone supporting these solutions if there would be a mailinglist you could subscribe to that would tell you when a new IP block is taken to production.WPAD.DAT or Proxy.pac zfiles need to be updated, to allow access while bypassing proxies.