Microsoft online services: FQDN firewall openings

article #947, updated 173 days ago

Some firewalls have FQDN capability (e.g., Watchguards), which makes careful rule creation practical for a behemoth like Microsoft Office 365 and all of its related services. The info below is condensed from here. I have omitted a very few items (e.g., ports 25, 465, and 993, and *.msn.com), for reasons which I hope are reasonably obvious.

Create one rule with these ports:

80, TCP
443, TCP
587, TCP
3478, UDP
5223, TCP
50000-59999, TCP and UDP

to the following list of locations, and it is done.

*.office365.com
*.office.com
*.office.net
*.microsoftonline.com
*.msocdn.com
*.microsoft.com
*.live.com
*.onmicrosoft.com
*.msedge.net
*.aadrm.com
*.azurerms.com
*.virtualearth.net
*.cloudapp.net
*.visualstudio.com
*.windowsazure.com
*.cloudappsecurity.com
*.microsoftonline-p.net
*.microsoftonline-p.com
*.msecnd.net
*.azure.com
*.msft.net
*.outlook.com
*.azurewebsites.net
*.lync.com
*.trafficmanager.net
*.skype.com
*.skypeforbusiness.com
*.sharepoint.com
*.sharepointonline.com
spoprod-a.akamaihd.net
*.aspnetcdn.com
*.onenote.com
*.onenote.net
*.yammer.com
*.yammerusercontent.com
ajax.googleapis.com
*.cloudfront.net
*.edgesuite.net
*.edgekey.net
*.sway.com
*.sway-cdn.com
*.sway-extensions.com
ms.tific.com
*.apple.com
auth.gfx.ms
view.atdmt.com
*.msecnd.net
m.webtrends.com
*.getmicrosoftkey.com

Categories:   Firewalls   Exchange and Exchange Online