1. Home
  2. Training Library
  3. Microsoft 365
  4. Microsoft 365 Courses
  5. Planning for Microsoft 365 Implementation and Migration

Networking - Office 365 URLs and IP Address Ranges

Start course
1h 10m

Microsoft 365 represents a combination of Office 365, Windows 10 and Enterprise Mobility offerings – providing the most complete set of SaaS technologies that Microsoft has to offer. With Microsoft 365, organizations can deploy a complete solution encompassing both devices and applications, along with applying security and compliance policies to protect the entire suite.

This course will help you as you plan your migration of users and data to Microsoft 365, including planning your identity and authentication solution, and the on-premises infrastructure needed to support your migration. We’ll also help you understand and identify your business requirements and use cases, to help drive your decision-making process when planning to transition your infrastructure to the Microsoft cloud. We’ll spend some time focusing on networking and discuss some of the networking decisions that need to be made to ensure an optimal migration experience, as well as the best experience for your users after migration.

This course will also help you to identify which data needs to be migrated to the cloud, and what the best migration method will be based on your scenario – we’re also going to cover the different types of user identities, how your users will authenticate, and how that’s going to affect your migration planning.

In addition to talking about these different components, we’re also going to run through a few demos – showing you some of the practical steps involved, along with some tips and tricks we’ve picked up along the way. 

Learning Objectives

By the end of this course, you should be able to:

  • Plan a Microsoft 365 Implementation, including the supporting infrastructure
  • Plan your identity and authentication solution, both on-premises and in the cloud
  • Identify your users, data, and mailboxes to be migrated to Microsoft 365
  • Plan the migration of your groups and user data to Microsoft 365

Intended Audience

This course is intended for people who:

  • Want to become a Microsoft 365 administrator
  • Are preparing to take the Microsoft’s MS-100 exam 


To get the most from this course, you should have a general understanding of networking & server administration as well as IT fundamentals such as DNS, Active Directory and PowerShell.


One of the ways to tighten your network security when establishing connectivity to Office 365 is to restrict network traffic to a set number of IP ranges. Office 365 network traffic is going to only ever be coming from a known set of IP addresses over known network ports. Microsoft has made all this data available on the Office 365 URLs and IP Ranges site found at aka.ms/o365endpoints. 

Now if you don't have restrictive network requirements, you might already have a very straightforward network setup. For instance, your MX record might resolve to an IP address on your firewall which routes web requests to the Client Access Servers on port 443 and SMTP traffic to your transport service on port 25. In this case, network traffic to and from Exchange Online will function normally with little or no changes required. However, if you have all network traffic routing through multiple network appliances for message hygiene, SSL inspection, or any number of security and compliance controls, you are going to end up, at best, introducing delays to mail flow, and at worst, breaking secure traffic between Exchange on premises and Exchange Online. 

In cases like these, your best option is to use the list of IP addresses provided by Microsoft and configure a separate, more direct network path for this traffic. Since this traffic can be treated as trusted, you can require less network hops and breaks in the flow of information, and greatly improve the performance without sacrificing security. It's important to note that if you are restricting network traffic to the IP address ranges that Microsoft provides, you also need to be prepared for these IP addresses to be updated, changed, or even potentially removed from the networking pool entirely. The Office 365 Endpoints page updates on a monthly basis and all new IP addresses that are being added are published 30 days in advance of becoming active. 

Microsoft has also made a REST-based web service available to endpoint providers and network administrators, which will allow them to automate the process of downloading and applying the latest list of approved IP addresses to your network firewalls and security appliances. More information on that service is also available on the Office 365 Endpoints page.

About the Author

Jeremy Dahl is a Senior Technology Consultant who has spent the last 8 years focusing on Microsoft 365 technologies and has been an Office 365 MVP for the last 6 years. Jeremy is a self-proclaimed cloud addict who architects technology solutions that combine cloud technologies with on-premises solutions, allowing organizations to make the most of their existing infrastructure while still taking full advantage of the agility and scalability of what the cloud has to offer.

Jeremy can be found blogging about Microsoft 365 technologies on his website, masterandcmdr.com, and evangelizing the Microsoft cloud on Twitter.