| Server/Service | Port | Protocol | Direction |
| ADFS (Internal) | 443 | TCP | Inbound/Outbound |
| ADFS (Proxy DMZ) or WAP Server | 443 | TCP | Inbound/Outbound |
| Microsoft Online Portal (Website) | 443 | TCP | Inbound/Outbound |
| Outlook Web Access (Website) | 443 | TCP | Inbound/Outbound |
| Lync/Skype for Business Client | 443 | TCP | Inbound/Outbound |
| SharePoint Online (Website) | 443 | TCP | Inbound/Outbound |
| Outlook for Mac | 443 | TCP | Inbound/Outbound |
| Outlook Client | 443 | TCP | Inbound/Outbound |
| Mail Routing | 25 | TCP | Inbound/Outbound |
| SMTP Relay (requires TLS) | 587 | TCP | Inbound/Outbound |
| Simple IMAP4 migration Tool | 143/993 | TCP | Inbound/Outbound |
| POP3 (requires SSL) | 995 | TCP | Inbound/Outbound |
| DirSync/Azure Active Directory Sync | 80/443 | TCP | Inbound/Outbound |
| Exchange Migration Tool | 80/443 | TCP | Inbound/Outbound |
| IMAP Migration Tool | 80/443 | TCP | Inbound/Outbound |
| Exchange Management Console | 80/443 | TCP | Inbound/Outbound |
| Exchange Management Shell | 80/443 | TCP | Inbound/Outbound |
| Lync (Data Sharing Sessions) | 443 | TCP | Outbound |
| Lync (Video, Audio, Application Sharing) | 443 | TCP | Outbound |
| Lync (Audio & Video) | 3478 | UDP | Outbound |
| Lync (Audio & Video) | 50000-59999 | TCP/UDP | Outbound |
| Lync Mobile Push iOS Only | 5223 | TCP | Outbound |
It should be noted that 3rd party certificate revocation will be required which is carried out normally anonymously on port 80 so any proxies/firewalls routing the traffic should expect this. Depending on your provider you may be able to get the CRL URL in advance but for Office 365 this is not as simple.