Office 365 URLs and IP address ranges

 

Topic Last Modified: 2014-11-10

Summary: Lists the URLs and IP address ranges used by Office 365 and provides links to RSS feeds that help you stay up-to-date on the latest changes.

Subscribe via RSS RSS Icon to receive notice when URLs and IP addresses are changed.

If your organization restricts computers on your network from connecting to the Internet, this article lists the URLs you should include in your outbound allow list to ensure your computers can successfully use Office 365 URL allow lists are the recommended approach due to the modern web architecture of Office 365. For guidance on how to best implement URL or IP allow lists, please work with the manufacturer of the hardware or software you use to protect your internet connection.

While IP allow lists will work, there are a number of downsides to this approach, including:

  • Web clients such as the Office 365 admin portal or Outlook Web App won’t be able to authenticate.

  • Future non-web based clients may not be able to authenticate.

  • Additional Office 365 infrastructure won’t become instantly available to client computers.

  • Updates will be required as frequently as weekly.

Microsoft uses its own Content Delivery Networks (CDNs) and 3rd party CDNs such as Akamai and others depending on the region and service in question. Manually adding these IP addresses to your allow list isn’t feasible. If you would like to understand more about CDNs and regional datacenters, please see our further explanation of Content Delivery Networks and client connectivity.

If you’re using Active Directory Federation Services (AD FS) with your deployment, you can also use AD FS client access policies to further restrict and control access to Office 365.

Don’t forget to allow client computers to access the Certificate Revocation Lists (CRLs) over TCP 80 from both Microsoft crl.microsoft.com, and third parties such as *.verisign.com, *.symcb.com, *.symcd.com, *.verisign.net, *.geotrust.com, and *.public-trust.com.

How should I use this page?

When you’re planning your outbound allow lists, you want to ensure the computers on your network can connect to the URLs or IP addresses listed for each service you’ve licensed. You’ll want to open the heading for each service and add them to both the outbound allow list rules and to the Internet Explorer Trusted Sites Zone of client computers.

For example, if you have licensed the entire Office 365 suite, you will need to select the URLs listed in each of the headings such as Office 365, Exchange Online, Office 365 ProPlus, and so on, then enter them all into both the outbound allow list rules and to the Internet Explorer Trusted Sites Zone of client computers.

Most connections use TCP 443 or initially connect over TCP 80 and are redirected. There are also some connections that use different ports and protocols depending on the services licensed and how those services are used.

ImportantImportant:
You won’t want to miss changes to our URLs and IP addresses. Updates are made to this page as soon as we can; however, we currently can’t guarantee that changes will be announced ahead of time. We recommend you subscribe to the RSS feed to receive notifications of changes. You can subscribe via Outlook or have the RSS feed updates emailed to you. An ongoing record of changes is maintained in our change log.

Some of our services do overlap with one another and you will notice the overlap or duplication in the lists of URLs and IP addresses. There is also some domain name overlapping with our consumer services; while the root domain name is the same, Office 365 operates from a separate sub-domain.

If you’re going to add IP addresses to your allow lists, keep in mind that IPv6 is optional and not required. We provide it here for customers who wish to use IPv6.

Office 365 portal and identity

To use any of the Office 365 services, you must be able to reach these URLs. If you have licensed additional services or the full suite, you will also need to ensure client computers can connect to these URLs plus the URLs for each of the services licensed below.

 

Office 365 URLs Office 365 IPv4 Addresses Office 365 IPv6 Addresses


*.live.com
*.officeapps.live.com
*.microsoft.com
*.glbdns.microsoft.com
*.microsoftonline.com
*.office365.com
*.office.com
Portal.Office.com
*.onmicrosoft.com

*.microsoftonline-p.com^
*.microsoftonline-p.net^
*.microsoftonlineimages.com^
*.microsoftonlinesupport.net^
*.msecnd.net^
*.msocdn.com^
*.msn.com^
*.msn.co.jp^
*.msn.co.uk^
*.office.net^

*.aadrm.com^^
*.cloudapp.net^^

*.activedirectory.windowsazure.com^^^
*.phonefactor.net^^^

23.96.208.238
23.97.64.252
23.97.66.110
23.97.68.113
23.97.70.147
23.97.72.158
23.97.72.161
23.97.72.165
23.97.98.128
23.97.99.4
23.97.99.164
23.97.100.76
23.97.100.92
23.97.100.105
23.97.100.152
23.97.102.90
23.97.103.118
23.97.145.9
23.97.148.36
23.97.148.228
23.98.66.168
23.98.69.116
23.98.70.90
23.99.128.120
23.99.129.26
23.99.129.173
23.99.193.105
23.99.194.77
23.99.196.232
23.99.226.167
23.99.227.124
23.101.19.99
23.101.25.224
23.101.178.227
23.101.187.91
23.102.64.16
23.102.64.138
23.102.64.255
23.102.65.171
23.102.65.203
23.102.65.221
65.52.64.61
65.52.64.230
65.52.136.224
65.52.144.125
65.52.148.27
65.52.176.72
65.52.184.75
65.52.196.64
65.52.228.75
65.52.228.99
65.52.228.100
65.52.232.52
65.52.233.128
65.52.236.160
65.52.240.73
65.52.244.66
65.54.54.32/27
65.54.55.201
65.54.74.0/23
65.54.80.0/20
65.54.165.0/25
65.55.86.0/23
65.55.233.0/27
65.55.239.168
70.37.56.152
70.37.97.234
70.37.128.0/23
70.37.142.0/23
70.37.150.128/25
70.37.159.0/24
70.37.160.72
70.37.160.202
94.245.68.0/22
94.245.82.0/23
94.245.84.0/24
94.245.86.0/24
94.245.88.223
94.245.88.194
94.245.117.53
94.245.108.85
104.41.1.233
111.221.16.0/21
111.221.24.0/21
111.221.70.0/25
111.221.71.0/25
111.221.111.196
111.221.127.112/28
132.245.0.0/16
134.170.0.0/16
137.135.47.6
137.135.47.4
137.135.47.28
137.116.32.43
137.116.32.61
137.116.32.101
137.116.48.66
137.116.48.69
137.116.49.27
137.116.64.162
137.116.80.106
137.116.129.62/32
137.116.242.169
137.117.99.175
137.117.103.21
137.135.41.12/32
137.135.42.195/32
137.135.43.100/32
137.135.44.5/32
137.135.44.73/32
137.135.48.128/32
138.91.1.59
138.91.17.43
138.91.17.108
138.91.18.52
138.91.2.208
138.91.2.210
138.91.2.212
157.55.45.128/25
157.55.59.128/25
157.55.80.175
157.55.80.182
157.55.84.13/32
157.55.84.19/32
157.55.84.80/32
157.55.84.237/32
157.55.130.0/25
157.55.145.0/25
157.55.155.0/25
157.55.161.59
157.55.161.75
157.55.168.18
157.55.176.63
157.55.185.100
157.55.194.46
157.55.208.58
157.55.208.198
157.55.208.218
157.55.227.192/26
157.55.252.101
157.56.0.0/16
157.56.8.78
157.56.28.192
168.61.32.214
168.61.33.178/32
168.61.35.252/32
168.61.36.121
168.61.37.63/32
168.61.38.105
168.61.39.14/32
168.61.82.81/32
168.61.83.48/32
168.61.85.180/32
168.61.85.193/32
168.61.144.76
168.61.208.197
168.62.4.28
168.62.11.24
168.62.11.117
168.62.16.112
168.62.16.140
168.62.16.149
168.62.16.252
168.62.24.38
168.62.24.104
168.62.24.114
168.62.24.150
168.62.41.25
168.62.42.89
168.62.52.198
168.62.52.203
168.62.56.108
168.62.60.71
168.62.60.80
168.62.104.146
168.62.105.126
168.62.105.217
168.62.176.34
168.62.179.4
168.62.180.151
168.63.16.66/32
168.63.16.112/32
168.63.16.114/32
168.63.16.141
168.63.17.221/32
168.63.25.227
168.63.27.2
168.63.166.200
168.63.165.67
168.63.164.177
168.63.208.73/32
168.63.213.203/32
168.63.214.35/32
168.63.216.117/32
168.63.250.173/32
168.63.252.39/32
168.63.252.71/32
191.232.2.128/25
191.233.32.111
191.233.32.201
191.233.37.141
191.234.6.0/24
191.235.135.139
191.235.135.222
191.236.192.179
191.237.128.159
191.238.80.160
191.238.80.241
191.238.81.69
191.238.83.220
191.239.64.124
191.239.64.125
191.239.64.129
191.239.64.130
191.239.64.131
191.239.64.132
191.239.64.133
191.239.64.134
191.239.160.4
191.239.160.93
191.239.160.143
191.239.160.140
191.239.160.144
191.239.160.145
191.239.160.141
191.239.160.142
207.46.57.128/25
207.46.70.0/24
207.46.73.250
207.46.198.0/25
207.46.206.0/23
207.46.216.54
213.199.128.58
213.199.128.91
213.199.132.97
213.199.148.0/23
213.199.182.128/25

2801:80:1d0:1c00::/64
2a01:111:f406:1000::/64
2a01:111:f406:1801::/64
2a01:111:f406:1::/64
2a01:111:f406:a003::/64

^ Content Delivery Network

^^ Azure Rights Management

^^^ Windows Azure Active Directory

Exchange Online

If you have licensed Exchange Online as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the Exchange Online URLs or IP addresses.

The Microsoft Federation Gateway is used with Exchange Online with federated delegation and mixed hybrid deployments. Learn more about federation with Exchange Online. The Microsoft Federation Gateway does not have additional URLs beyond those included under the Exchange Online and the portal and identity sections.

 

Exchange Online URLs Exchange Online IP Addresses The Microsoft Federation Gateway IP Addresses

*.outlook.com
*.office365.com

r1.res.office365.com^
r3.res.outlook.com^
r4.res.outlook.com^
prod.msocdn.com^

65.54.62.0/25
65.55.39.128/25
65.55.78.128/25
65.55.94.0/25
65.55.113.64/26
65.55.126.0/25
65.55.174.0/25
65.55.181.128/25
70.37.151.128/25
94.245.117.128/25
111.221.23.128/25
111.221.66.0/25
111.221.69.128/25
111.221.112.0/21
132.245.0.0/16
191.234.192.0/19
157.55.9.128/25
157.55.11.0/25
157.55.47.0/24
157.55.49.0/24
157.55.61.0/24
157.55.157.128/25
157.55.224.128/25
157.55.225.0/25
157.56.0.0/16
191.234.140.0/22
191.234.224.0/22
207.46.4.128/25
207.46.58.128/25
207.46.198.0/25
207.46.203.128/26
213.199.174.0/25
213.199.177.0/26

65.55.79.128/25
207.46.150.128/25
207.46.164.0/24

^ Content Delivery Network

Lync Online

If you have licensed Lync Online as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the Lync Online URLs or IP addresses.

 

Lync Online URLs Lync Online IPv4 Addresses

*.Lync.com
evsecure-ocsp.verisign.com
evsecure-aia.verisign.com
evsecure-crl.verisign.com
sa.symcb.com

65.55.121.128/27
65.55.127.0/24
111.221.17.128/27
111.221.22.64/26
111.221.76.96/27
111.221.76.128/25
111.221.77.0/26
134.170.0.0/25
157.55.40.128/25
157.55.46.0/27
157.55.46.64/26
157.55.229.128/27
157.55.232.128/26
157.55.238.0/25
207.46.5.0/24
207.46.7.128/27
207.46.57.0/25

SharePoint Online

If you have licensed SharePoint Online as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the SharePoint Online URLs or IP addresses.

 

SharePoint Online

SharePoint Online URLs and IP Address Ranges

Exchange Online Protection (EOP)

If you have licensed Exchange Online Protection (EOP) as a standalone or as part of a suite, you must be able to reach the Office 365 portal and identity URLs as well as the EOP IP addresses. EOP does not have additional URLs beyond those included in the portal and identity section.

 

Exchange Online Protection

Exchange Online Protection IP Addresses

Office 365 remote analyzer tools

This list of IPv4 IP addresses is the current list required for the Office 365 remote analyzer tools. EOP does not have additional URLs beyond those included in the portal and identity section.

 

Office 365 remote analyzer tools IP Addresses

65.55.150.61
65.55.150.158
65.55.150.160
134.170.52.122 
134.170.52.123 
134.170.52.124 
157.56.138.141
157.56.138.142
157.56.138.143
207.46.14.52
207.46.14.62
207.46.14.63

Yammer

This list of URLs and IPv4 IP addresses is the current list required for Yammer.

 

Yammer URLs Yammer IPv4 Addresses

*.assets-yammer.com
ajax.googleapis.com^
*.cloudfront.net^
*.crocodoc.com^
*.yammer.com
*.yammerusercontent.com

204.152.18.0/23

^These URLs are for third party services used by Yammer to provide the ability of viewing documents, videos and images uploaded by your users into Yammer. These URLs are not required to be on the allow list if your organization is administratively disabling the ability of uploading files into Yammer

Office 365 ProPlus

This list of URLs and IPv4 IP addresses is the current list required for Office 365 ProPlus. You’ll note that these URLs include the full URI path and secure vs. unsecure connection requirements. The Office 365 ProPlus URLs are more explicit due to the fact that they change less frequently and have less moving parts.

 

Office 365 ProPlus URLs Office 365 ProPlus IPv4 Addresses

https://activation.sls.microsoft.com
http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunicationsPCA.crl
http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunicationsPCA.crl
https://odc.officeapps.live.com
https://ols.officeapps.live.com/olsc
http://officecdn.microsoft.com
go.microsoft.com
office15client.microsoft.com
sls.microsoft.com

65.52.98.231:443
157.55.44.71:443
157.55.160.109:443


Office Online

This list of IP addresses is the current list required for Office Online. Office Online does not have additional URLs beyond those included in the portal and identity section.

 

Office Online IPv4 Addresses Office Online IPv6 Addresses

134.170.27.64/26
134.170.48.0/26
134.170.65.64/26
134.170.128.192/26
134.170.170.64/26
191.232.2.64/26

2a01:111:f406:8800::/64
2a01:111:f406:400::/64
2a01:111:f406:9400::/64
2a01:111:f406:2402::/64
2a01:111:f406:a804::/64 

Office for iPad

This is the current list of Office for iPad URLs. If you’re using allow lists to filter iPad connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

 

Office for iPad URLs

directory.services.live.com
odc.officeapps.live.com
docs.live.net
roaming.officeapps.live.com
nexus.officeapps.live.com
sqm.microsoft.com
watson.telemetry.microsoft.com
login.live.com
wer.microsoft.com         
microsoft-my.sharepoint.com
login.microsoftonline.com
ms.tific.com
msft.sts.microsoft.com
p100-sandbox.itunes.apple.com
signup.live.com
auth.gfx.ms
view.atdmt.com
client.hip.live.com
dc2.client.hip.live.com
c.live.com
go.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
account.live.com
c.bing.com
partnerservices.getmicrosoftkey.com
client.hip.live.com
clientconfig.microsoftonline-p.net
cl2.apple.com
sas.office.microsoft.com
foodanddrink.services.appex.bing.com
en-US.appex-rf.msn.com
weather.tile.appex.bing.com

Office Mobile

This is the current list of Office Mobile URLs. Office Mobile runs on Android devices, Windows Phones, and iPhones. If you’re filtering your mobile connectivity differently than other computers on your network, you can use just this list of URLs to create those allow lists.

 

Office Mobile URLs

office15client.microsoft.com
odc.officeapps.live.com
go.microsoft.com
login.microsoftonline.com
msft.sts.microsoft.com
odcsm.officeapps.live.com
microsoft-my.sharepoint.com
ms.tific.com
roaming.officeapps.live.com
o15.officeredir.microsoft.com
office.microsoft.com
officeimg.vo.msecnd.net
m.webtrends.com
d.docs.live.net
login.live.com
auth.gfx.ms
wer.microsoft.com
*.appex.bing.com
*.appex-rf.msn.com
appexsin.stb.s-msn.com