Validating resources located at non public ip addresses
To use Exchange Online, including mail retrieval, OWA, Unified Messaging, and so on, you must be able to connect to the endpoints marked required below.
If your organization uses Exchange Hybrid or is migrating email to Office 365, you'll find the associated endpoints below.
Destinations are listed with FQDN/domain only, CIDR prefixes only, or a pairing of FQDNs that represent specific CIDR prefixes along with port information.
The FQDN api.login.clientconfig.device.login.graph.hip.hipservice.login.login.logincert.loginex.login-us.login.nexus.stamp2.login.login.*.adhybridhealth.*core.*.*.*.servicebus.management.net secure.aadcdn.Note: The sub-FQDN login.is advertised via Expressroute and included in the office 365 BGP communities.In addition to the suite-wide FQDNs, CDNs, and telemetry listed above, you'll need to also add these endpoints.Azure RMS requires port 443 for all communications, does not rely on CDNs, has no published IP addresses, and is not accessible over Express Route for Office 365..account.agent.apc.delve.aus.delve.can.delve.delve.eur.delve.gbr.delve.home.ind.delve.jpn.delve.kor.delve.lam.delve.nam.delve.portal.outlook.office365suite. appsforoffice.assets.az826701aria.c.c1.dgps.support.docs.groupsapi-prod.groupsapi2-prod.groupsapi3-prod.groupsapi4-prod.aria.msdn.platform.products.prod.r1office365r4office365res.delve.shellprod.support.content.support.support.technet.templates.*.*.analytics.api.connect.firstpartyapps.outlook.prod.firstpartyapps.rink.sdk.telemetryservice.firstpartyapps.web.webanalytics.wus-firstpartyapps.**core.*.*.*.staffhub.api.enterpriseregistration.dc.applicationinsights.dc.services.forms.forms.graph.manage.ms office365servicehealthcommunications.securescore.signup.staffhubweb.staffhub.staffhub.weu-000.wus-000.neu-000.eus2-000.ea-000.watson.telemetry.wu.Note: The domains and nodes that the wildcards such as *.office365& *.portal.represent are a list of application, functional, and regional domains and nodes used for the Office 365 suite.Some are dynamically assigned and all of these sub-domains and nodes are subject to change at any time as the service improves.