Events
Microsoft 365 Community Conference
May 6, 2 PM - May 9, 12 AM
Skill up for the era of AI at the ultimate community-led Microsoft 365 event, May 6-8 in Las Vegas.
Learn moreThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Applies To: Microsoft 365 operated by 21Vianet - Small Business Admin, Microsoft 365 operated by 21Vianet - Admin
Summary: The following endpoints (FQDNs, ports, URLs, IPv4, and IPv6 prefixes) apply to Microsoft 365 operated by 21 Vianet and are designed to deliver productivity services to organizations using only these plans.
Microsoft 365 endpoints: Worldwide (including GCC) | Microsoft 365 operated by 21 Vianet | Microsoft 365 U.S. Government DoD | Microsoft 365 U.S. Government GCC High |
Last updated: 01/30/2025 - Change Log subscription
Download: all required and optional destinations in one JSON formatted list.
Start with Managing Microsoft 365 endpoints to understand our recommendations for managing network connectivity using this data. Endpoints data is updated as needed at the beginning of each month with new IP Addresses and URLs published 30 days in advance of being active. This allows for customers who don't yet have automated updates to complete their processes before new connectivity is required. Endpoints may also be updated during the month if needed to address support escalations, security incidents, or other immediate operational requirements. The data shown on this page below is all generated from the REST-based web services. If you're using a script or a network device to access this data, you should go to the Web service directly.
Endpoint data below lists requirements for connectivity from a user’s machine to Microsoft 365. It doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.
The Microsoft 365 suite is broken down into four major service areas representing the three primary workloads and a set of common resources. These service areas may be used to associate traffic flows with a particular application, however given that features often consume endpoints across multiple workloads, these service areas cannot effectively be used to restrict access.
Data columns shown are:
ID: The ID number of the row, also known as an endpoint set. This ID is the same as is returned by the web service for the endpoint set.
Category: Shows whether the endpoint set is categorized as “Optimize”, “Allow”, or “Default”. You can read about these categories and guidance for management of them at https://aka.ms/pnc. This column also lists which endpoint sets are required to have network connectivity. For endpoint sets, which aren't required to have network connectivity, we provide notes in this field to indicate what functionality would be missing if the endpoint set is blocked. If you're excluding an entire service area, the endpoint sets listed as required don't require connectivity.
ER: This is Yes if the endpoint set is supported over Azure ExpressRoute with Microsoft 365 route prefixes. The BGP community that includes the route prefixes shown aligns with the service area listed. When ER is No, this means that ExpressRoute isn't supported for this endpoint set. However, it shouldn't be assumed that no routes are advertised for an endpoint set where ER is No.
Addresses: Lists the FQDNs or wildcard domain names and IP Address ranges for the endpoint set. Note that an IP Address range is in CIDR format and may include many individual IP Addresses in the specified network.
Ports: Lists the TCP or UDP ports that are combined with the Addresses to form the network endpoint. You may notice some duplication in IP Address ranges where there are different ports listed.
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
1 | Optimize Required |
No | partner.outlook.cn 40.73.132.0/24, 40.73.164.128/25, 40.73.165.0/26, 42.159.40.0/24, 42.159.44.0/22, 42.159.163.128/25, 42.159.165.0/24, 42.159.172.0/22, 2406:e500:4010::/48, 2406:e500:4030::/53, 2406:e500:4030:800::/54, 2406:e500:4040::/53, 2406:e500:4040:800::/54, 2406:e500:4040:1000::/54, 2406:e500:4040:1400::/54, 2406:e500:4110::/48, 2406:e500:4210::/48, 2406:e500:4310::/48 |
TCP: 443, 80 |
2 | Allow Required |
No | *.protection.partner.outlook.cn 42.159.33.192/27, 42.159.36.0/24, 42.159.161.192/27, 42.159.164.0/24, 139.219.16.0/27, 139.219.17.0/24, 139.219.24.0/22, 139.219.145.0/27, 139.219.146.0/24, 139.219.156.0/22, 2406:e500:4420::/43, 2406:e500:4440::/43, 2406:e500:c020::/44, 2406:e500:c120::/44 |
TCP: 25, 443, 53, 80 |
12 | Default Required |
No | *.partner.outlook.cn, attachments.office365-net.cn |
TCP: 443, 80 |
20 | Allow Required |
No | *.partner.outlook.cn 40.73.132.0/24, 40.73.164.128/25, 40.73.165.0/26, 42.159.40.0/24, 42.159.44.0/22, 42.159.163.128/25, 42.159.165.0/24, 42.159.172.0/22, 2406:e500:4010::/48, 2406:e500:4030::/53, 2406:e500:4030:800::/54, 2406:e500:4040::/53, 2406:e500:4040:800::/54, 2406:e500:4040:1000::/54, 2406:e500:4040:1400::/54, 2406:e500:4110::/48, 2406:e500:4210::/48, 2406:e500:4310::/48 |
TCP: 587, 993, 995 |
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
4 | Allow Required |
No | *.sharepoint.cn 40.73.129.0/24, 40.73.161.0/24, 42.159.38.0/23, 2406:e500:4600::/39 |
TCP: 443, 80 UDP: 443 |
21 | Default Required |
No | *.wns.windows.com |
TCP: 443, 80 |
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
3 | Optimize Required |
No | 42.159.34.32/27, 42.159.34.64/27, 42.159.34.96/28, 42.159.162.32/27, 42.159.162.64/27, 42.159.162.96/28, 159.27.160.0/21, 2406:e500:4a00::/39 |
UDP: 3479, 3480, 3481, 3478 |
19 | Allow Required |
No | *.partner.lync.cn, *.teams.microsoftonline.cn, teams.microsoftonline.cn 40.72.124.128/28, 42.159.34.32/27, 42.159.34.64/27, 42.159.34.96/28, 42.159.162.32/27, 42.159.162.64/27, 42.159.162.96/28, 159.27.160.0/21, 2406:e500:4a00::/39 |
TCP: 443, 80 |
ID | Category | ER | Addresses | Ports |
---|---|---|---|---|
7 | Allow Required |
No | *.azure-mobile.cn, *.chinacloud-mobile.cn, *.chinacloudapi.cn, *.chinacloudapp.cn, *.chinacloudsites.cn, *.partner.microsoftonline-m-i.net.cn, *.partner.microsoftonline-m.net.cn, *.partner.microsoftonline-p.net.cn, *.partner.officewebapps.cn, *.windowsazure.cn, portal.partner.microsoftonline.cdnsvc.com, r4.partner.outlook.cn 23.236.126.0/24, 40.73.240.0/24, 40.73.242.0/24, 58.68.168.0/24, 112.25.33.0/24, 123.150.49.0/24, 125.65.247.0/24, 171.107.84.0/24, 180.210.232.0/24, 180.210.234.0/24, 209.177.86.0/24, 209.177.90.0/24, 209.177.94.0/24, 222.161.226.0/24, 2406:e500:4900::/48 |
TCP: 443, 80 |
8 | Allow Required |
No | *.onmschina.cn, *.partner.microsoftonline-i.net.cn, *.partner.microsoftonline.net.cn 101.28.252.0/24, 115.231.150.0/24, 123.235.32.0/24, 171.111.154.0/24, 175.6.10.0/24, 180.210.229.0/24, 211.90.28.0/24 |
TCP: 443, 80 |
9 | Allow Required |
No | *.partner.microsoftonline-p.cn 182.50.87.0/24 |
TCP: 443, 80 |
10 | Allow Required |
No | *.partner.microsoftonline.cn 103.9.8.0/22 |
TCP: 443, 80 |
11 | Default Required |
No | activation.sls.microsoft.com, crl.microsoft.com, odc.officeapps.live.com, officecdn.microsoft.com, officeclient.microsoft.com |
TCP: 443, 80 |
13 | Default Required |
No | *.msauth.cn, *.msauthimages.cn, *.msftauth.cn, *.msftauthimages.cn, login.microsoftonline.com |
TCP: 443, 80 |
15 | Default Required |
No | loki.office365.cn |
TCP: 443 |
16 | Default Required |
No | *.cdn.office.net, shellprod.msocdn.com |
TCP: 443 |
17 | Allow Required |
No | *.auth.microsoft.cn, login.partner.microsoftonline.cn, microsoftgraph.chinacloudapi.cn 40.72.70.0/23, 52.130.2.32/27, 52.130.3.64/27, 52.130.17.192/27, 52.130.18.32/27, 2406:e500:5500::/48 |
TCP: 443, 80 |
18 | Default Optional Notes: If using Exchange Online, follow Allow category guidance for *.protection.partner.outlook.cn |
No | *.aadrm.cn, *.protection.partner.outlook.cn |
TCP: 443 |
22 | Default Required |
No | *.partner.office365.cn |
TCP: 443, 80 |
23 | Default Required |
No | *.microsoftonline.cn |
TCP: 443, 80 |
26 | Default Required |
No | <tenant>.officewebapps.cn |
TCP: 443, 80 |
Events
Microsoft 365 Community Conference
May 6, 2 PM - May 9, 12 AM
Skill up for the era of AI at the ultimate community-led Microsoft 365 event, May 6-8 in Las Vegas.
Learn moreTraining
Module
Plan and configure network settings for Microsoft Teams. - Training
Learn about the network requirements for Microsoft Teams and associated settings, including Network Planner, Quality of Service (QoS), configuration for location-enhanced reports, and Microsoft 365 network connectivity test tool.
Certification
Microsoft 365 Certified: Endpoint Administrator Associate - Certifications
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.
Documentation
Microsoft 365 IP Address and URL web service - Microsoft 365 Enterprise
Learn how to use the Microsoft 365 IP Address and URL web service to help you better identify and differentiate Microsoft 365 network traffic.
Microsoft 365 URLs and IP address ranges - Microsoft 365 Enterprise
Summary: Microsoft 365 requires connectivity to the Internet. The endpoints in this article should be reachable for customers using Microsoft 365 plans, including Government Community Cloud (GCC).
Managing Microsoft 365 endpoints - Microsoft 365 Enterprise
Learn how to manage Microsoft 365 endpoints so that they work with your enterprise organization network architecture.