Transport Relay Evaluation - CQD

As we've shared at Ignite and in other blogs, there is a change underway to Office 365 Skype for Business. With the new IP and Port ranges in use for both Skype for Business and Teams when using Transport Relay there are customers who are having challenges completing media setup using these IPS and ports.  When reviewing quality metrics a problem could be detected which indicates users in the tenants organization will fail when attempting to join meetings, share video, share audio, or share applications. Among the possible causes for this failure we know that customer firewall, proxy, or VPN device/software and client level software can influence customers ability to use Skype for Business and Teams.


As we work to complete this change it is paramount that customers review and update Skype For Business Online or Microsoft Teams rules on their firewalls, proxies, and VPN devices/software. Specific attention should be given to the following IP ranges, ports, and protocols that are used for media connectivity:

IPV6 Ranges:






IPV4 Ranges:


TCP 443

UDP 3478, 3479,3480, 3481


For additional information please reference the following articles:



We have also prepared a template for CQD online that you can import that will help narrow down network infrastructure devices in a customer environment that could be impacting the ability to establish media.  Please see the template attached to this blog and we would love to hear from you.




This template is great @Aaron Steele! this will give us some more insight in the failures.


Nice report @Aaron Steele thanks.

I'm not sure I'm 100% appreciating the difference between the two subreports?

Thanks Tom. We created two, so you as the end could see one increasing in quantity (UDP) and the other decreasing (TCP), as well in the UDP one, you as the admin could also add second server reflexive for the possibility to see the egress IP that is most impacting this problems for you and your users. That same thing doesn't render in the TCP filtered view any additional information and in the UDP might break out the subnet into other buckets depending on your routing and IP allocations so we left it to you to decide.