Teams Phone handset not signing in - network issue

Question

Teams Phone handset not signing in - network issue

Jonathan / Spud 56

Hi!

The setup:

Teams Direct routing
User's sign-in to handsets and have E5 licenses (with phone system) - handsets are Polycom CTX 400 and Yealink MP54
Firewall is to allow traffic outbound on port TCP:80, 443 and UDP: 3478, 3479, 3480, and 3481 to 52.112.0.0/14 and 52.120.0.0/14

Issue:

Cannot sign into Teams Phone handset devices

Troubleshooting steps thus far:

Open all outbound traffic to port 80 and 443 - this allows the handset to sign-in
Ran a packet trace and when signing in, it returns different IP addresses to the allotted: 52.112.0.0/14 and 52.120.0.0/14
In the process of running a connectivity checker

According to this article, computers and devices must reach the Microsoft 365 network outbound on the ports: TCP:80, 443 and UDP: 3478, 3479, 3480, and 3481. This does not mention the IP range used to login.

Question:
So my question - what is the IP range I need to whitelist outbound to Microsoft 365 Teams to allow the handsets to login?

Note: we cannot open any traffic to port 80 and 443 outbound, due to security restrictions.

3 answers

Your answer

Answer 1

Kael Yao 37,746 Moderator

Hi @Jonathan / Spud

Here is a link about the Microsoft 365 ip address ranges.
Please refer to the Teams part: Office 365 URLs and IP address ranges

Would you see the ip address in packet trace in these ips?

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Jonathan / Spud 56 Reputation points

2022-07-01T08:16:31.027+00:00

Hi @Kael Yao

I've already whitelisted all the Teams IP addresses and we still cannot authenticate.

In this article, Microsoft states "The Office 365 suite is broken down into major service areas. These can be selectively enabled for connectivity and there's a Common area, which is a dependency for all and is always required."

So I'm in the middle of adding all the Common area addresses too - hoping this will resolve my issue.
Kael Yao 37,746 Reputation points Moderator

2022-07-04T01:14:13.563+00:00

Thanks in advance for the update.

Answer 2

Jonathan / Spud 56

Resolution - add the following endpoint addresses and ports below to Outbound traffic:

Add all Teams addresses - this allows Teams calling
Add all MS 365 Common and Office Online addresses - this allows you to login to the handsets

For further users reading - should the above not work, please ensure the following:

If using MFA conditional access, ensure that the Terms of Use conditional access option is not enabled along side it. This will cause a sign-in loop and is not supported (currently), by Microsoft.
See the following article

Kael Yao 37,746 Reputation points Moderator

2022-07-08T03:07:34.693+00:00

Thanks for the sharing!

Answer 3

Subasi Malwatta 0

Hi Jonathan

Exactly which TCP/UDP ports Inbound/Outbound did you open on the firewall for poly CCX 400 to function please ?

Thanks

Share via

Teams Phone handset not signing in - network issue

3 answers

Your answer