Jan 23 2017 05:58 PM
Does your company policy have restrictions on which ports can be opened? We are simplifying our port requirements and removing the need to have 50K port ranges opened. If you are interested in this change and helping us validate please contact chermali@microsoft.com for more information.
Thanks,
Chermaine
Mar 02 2017 04:23 PM
Hi all,
We are ready to expand this program and invite more customers to participate. Details of the port simplification is listed below. If you are interested, please reach out to me prior to making this change so we can ensure a smooth experience for your organization.
Port requirements for audio/video is located at: https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-ab... "Skype for Business Online" - "Expand to see the Skype for Business Online FQDNs" section, row # 5. We currently require Destination Ports to include TCP/443, UDP 3478-3481, and TCP/UDP 50, 000 – 59, 000. We are reducing the ports by removing the requirement for TCP/UDP 50000-59000.
Row |
Purpose |
Source | Credentials |
Source Port |
Destination |
CDN |
ExpressRoute for Office 365 |
Destination IP |
Destination Port |
5 |
Required: Audio, Video, & Desktop sharing |
Client Computer | Logged on user |
TCP/UDP 50,000-50019, TCP/UDP 50,020-50039, & TCP/UDP 50,040-50059 |
*.lync.com |
No |
Yes |
TCP 443, UDP 3478, 3479, 3480, & 3481, TCP/UDP 50,000-59,999 |
New recommendation for customers is to open the following firewall ports for Skype for Business Online media services:
Outbound TCP src=any dst=<edge/TR public IP range, both VIP & DIP>:443
Outbound UDP src=any dst=<edge/TR public IP range, both VIP&DIP>:3478
In addition, we will add 3 new ports for forward compatibility with future m-turn protocol:
Outbound UDP src=any, dst=<TR public IP range, DIP only>:3479 - 3481
Additional notes:
Sanity check after making the changes:
Thanks,
Chermaine