We are happy to announce that the 50,000-59,999 port range (UDP and TCP) is no longer a requirement for Skype for Business endpoints to communicate with Skype for Business Online.
Earlier this year we talked about making simplification for network connectivity for Skype for Business Online (see blog article here) and we recently updated our guidance and removed the mentioned port range as a requirement: Office 365 URLs and IP address ranges
So which ports are required for clients?
All clients need to be able to directly connect to Skype for Business Online on the following destination ports: (the IP addresses and FQDNs can be found in the Office 365 URLs and IP address ranges)
TCP 80, 443
UDP 3478, 3479, 3480, 3481
Optional: UDP/TCP 50,000-59,999
Is there a minimum client version required to benefit from the port changes?
This change applies to all clients supported against Skype for Business Online. No clients are excluded and there are no specific minimum version required (although we always recommend to run the latest version).
For the sake of the example, the direct connection between User A and User B is blocked (e.g. User and User B are at different branch offices behind firewalls), so the media traffic cannot go directly peer to peer and needs to flow via Skype for Business Online
There are now the following possible media paths
The 50,000-59,999 port range can be leveraged to include only a single Relay Server in the media path
Without the 50,000-59,999 port range, the traffic needs to travel via two Relay Server.
As you can see, closing the 50,000-59,999 port range will force the traffic to travel via an additional hop. While logic tells us that usually we want to avoid additional hops under all circumstances, the analysis on call quality data has shown us, that this additional hop does not significantly affect call quality - since both these Relay Servers are homed on the Microsoft Network, all traffic between the Relay Servers is sent over a highly reliable pipe designed for real-time communication.
Our organization has these ports open, should we close them?
Having the 50,000-59,999 port range open can still have (some) benefits when it comes to call setup times and under some circumstances on call quality. However in our data analysis and pilot deployments with some customers these differences did not show significance. If you have the ports open today, it makes sense to leave them open.
What does this change for hybrid between Skype for Business Server and Skype for Business Online?
This change only applies to users who are homed in Skype for Business Online. If you have an on-premises deployment of Skype for Business, the requirements for your Edge Server to communicate to Skype for Business Online remain unchanged (and also for any Federation scenarios including Skype for Business on-premises).
The A/V Edge Server in your environment will need to be configured liked this. Please note that the Source Port is only relevant, if your firewall requires a source port to be specified (and a lot of firewalls do not require this setting):