Link to home
Create AccountLog in
Microsoft 365

Microsoft 365

--

Questions

--

Followers

Top Experts

Avatar of amigan_99
amigan_99🇺🇸

Address range to permit imap/993 to outlook.office365.com?
I have a client that wants to run imap to outlook.office365.com:993.
The problem I am running into is that when I look at firewall logs I
see his traffic going to addresses not seen in the nslookup of
outlook.office365.com. So my question: what is the range of addresses
required to permit imap to outlook.office365.com?

https://itservices.usc.edu/office365/emailclients/

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

ASKER CERTIFIED SOLUTION
Avatar of Vasil Michev (MVP)Vasil Michev (MVP)🇧🇬

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of MichelangeloMichelangelo🇮🇹

One note:
To check IMAP you just need IMAP port open which is 993. Authentication is done on that port only (proxy authentication)
Find details here
https://answers.microsoft.com/en-us/msoffice/forum/msoffice_o365admin-mso_security-mso_o365b/office-365-imap-and-pop3-authentication-flow/8f214fd6-5434-4a1f-bd2b-c414b810d0fa
IMAP/POP clients use basic authentication. For AD FS, what basic authentication have in common is that Exchange Online does the authentication with AD FS on behalf of the client, which is also known as proxy authentication.

More specifically, the client sends the Basic authentication credentials to exchange Online over SSL/TLS and Exchange Online sends the authentication credentials to Azure AD (Office 365 Identity Platform) using something called proxy authentication. Azure AD returns the respective endpoint for the on-premise AD FS for Exchange Online. Then Exchange Online contacts the on-premise AD FS server for authentication, which afterwards authenticate with Active Directory and is provided with a logon token containing the necessary user claims. Then AD FS server sends this token back to Exchange Online, which again sends it to Azure AD. Then Azure AD returns another token to Exchange Online which can be used to authenticate the client.
Avatar of amigan_99amigan_99🇺🇸

ASKER

Thanks for the replies! I was mostly looking for the IP blocks. But thanks for the confirmation on the 993 port.
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Microsoft 365

Microsoft 365

--

Questions

--

Followers

Top Experts

Office 365 is a group of software plus services subscriptions that provides productivity software and related services to its subscribers. Office 365 allows the use of Microsoft Office apps on Windows and OS X, provides storage space on Microsoft's cloud storage service OneDrive, and grants 60 Skype minutes per month. Office 365 includes e-mail and social networking services through hosted versions of Exchange Server, Skype for Business Server, SharePoint and Office Online, integration with Yammer, as well as access to the Office software. All of Office 365's components can be managed and configured through an online portal; users can be added manually, imported from a CSV file, or Office 365 can be set up for single sign-on with a local Active Directory using Active Directory Federation Services.