This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 59%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EF%3C/text%3E%3C/svg%3E)
My company is beginning a project to use Azure, InTune, Teams, and some calendar syncing between O365 and on-premise Exchange. This project requires Microsoft to have access to our autodiscover URL. Is there a document that explains what firewall rules are needed for this?
Our firewall admins were told to allow access from the Office 365 URLs and IP address ranges listed here (https://learn.microsoft.com/en-us/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide). That seems like a lot of IPs. Are those IPs strictly used by Microsoft's internal infrastructure? Or could Company XYZ, or hacker John Doe, using O365 or an Azure service like a virtual workstation also source from those IP addresses? Trying to understand the risk of allowing inbound access from all the IPs in that document.
Any information is appreciated.
Regards,
Fred
Strictly used by Microsoft infrastructure from Exchange Online. Those IPs are not available to from a Azure workstation or other process.
And I have full trust in Microsoft's ability to protect those IPs for that purpose, not just saying that, but mean it. They take this stuff seriously.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 71%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELZ%3C/text%3E%3C/svg%3E)
anonymous user-0179
Agree with AndyDavid, that official document is trustworthy and make sure the needed endpoint sets are not blocked.
Additionally, do you have to deploy the hybrid? You can check this article for more information about Hybrid deployment protocols, ports, and endpoints, and the link you provided is also included in it.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.