Certero Microsoft 365 Connector Firewall Considerations v1
Document version control table
Attribute | Setting |
Document title | Certero Microsoft 365 Connector Firewall Considerations |
Document subject | Which firewalls need opening when creating a Microsoft 365 connector |
Document version | 1a |
Document category | Standard |
Document published date | 13/12/2024 |
Technical level | 300 |
Hosting type | On premise only |
Product name | Certero Unified Platform UI |
Product version | All |
Module | Certero for SaaS Microsoft 365 |
Connector | Certero for SaaS Microsoft 365 Microsoft 365 Connector |
Certero Microsoft 365 on-premises connector
When creating a Microsoft 365 Connector in an on-premises environment, the connector requires access to certain URL's via HTTPS port 443 without the traffic being sent via a proxy server. This is to receive data from the Microsoft Graph API.
A point to consider here is that it is recommended that customers open URL’s rather than ports as Microsoft may change the ports without notice. Please see the below table below for the protocols, ports and URL's that are required for the Microsoft 365 connector to work:
Certero Microsoft 365 Connector protocols, ports and URL’s
Protocol | Port | From | To |
HTTPS | 443 | Certero Endpoint Server | graph.microsoft.com |
HTTPS | 443 | Certero Endpoint Server | login.microsoftonline.com |
HTTPS | 443 | Certero Endpoint Server | reports.office.com |
Some firewalls only allow IP address ranges to be added rather than the DNS name. The table below shows the protocols, ports and IP address ranges that are required for the Microsoft 365 connector to work:
Protocol | Port | From | To |
HTTPS | 443 | Certero Endpoint Server | 20.190.128.0/18 |
HTTPS | 443 | Certero Endpoint Server | 13.69.128.0/18 |
HTTPS | 443 | Certero Endpoint Server | 40.126.0.0/18 |
HTTPS | 443 | Certero Endpoint Server | 20.166.33.29/18 |
1
I