Nov 18 2021 07:51 PM
Looking for information on the specific MSFT 365 ranges that a Teams Survivable Branch Appliance requires access to.
The planning guide, Direct Routing SBA - Microsoft Teams | Microsoft Docs, details that tcp/443 is used by Microsoft SBA Server to communicate with Microsoft 365 and should be allowed on the firewall.
Customer does not allow unfiltered access to the internet from the server on tcp/443 - can anyone help with the specific service tags that a Teams SBA requires access to ?
Nov 20 2021 01:24 PM
Nov 21 2021 01:20 PM
@PeterRising Thanks for the reply Peter.
The customer in question does not allow servers default access to the internet as rule. Access is allowed based on application to specific IP / IP ranges.
I have not yet attempted to add the IP ranges referenced in point 1 (mostly the two 52.x.x.x /14 ranges) as I suspect that the SBA is specifically talking to Azure AD given that you have to created the application instance for the SBAs
The MSFT documentation you reference in your second point is rather vague as it mentions
Port 443 is used by Microsoft SBA Server to communicate with Microsoft 365 and should be allowed on the firewall.
Nov 25 2021 02:44 PM