Share via

Networking requirements

Microsoft eCDN setup has some networking requirements mainly in the following areas.

  1. When a user browses to the event page, the client needs to download the Microsoft eCDN script - that requires an https connection to *.ecdn.teams.microsoft.com.

  2. Once downloaded, it creates a secure WebSocket connection to our backend.

  3. The peer-to-peer connection itself is a UDP connection over the port range 1025-65535, chosen randomly by the browser. Chromium browsers such as Microsoft Edge and Google Chrome allow the port range to be configured using the WebRtcUdpPortRange policy.

External connections  

Connections that go out to the internet. Usually packets in these connections go through the firewall and need allow-listing.

Hostname  Ports Protocol Description 
*.ecdn.teams.microsoft.com 443  HTTPS over TCP Microsoft eCDN scripts 
*.ecdn.teams.microsoft.com 443  WebSocket over TCP Microsoft eCDN backend 
*.ecdn.teams.cloud.microsoft 443  same as above two upcoming unified ___domain 

US government tenants (GCC and GCC High)

US government and other high-security customers must use the following hostnames instead.

Tenant type Hostname
GCC *.ecdn.gcc.teams.microsoft.com
GCC High *.ecdn.gov.teams.microsoft.us

Important

We've begun migrating domains from teams.microsoft.com to teams.cloud.microsoft in accordance with the Unified Domains initiative. We urge customers to add the new ___domain(s) to their network traffic filters and policies (firewall, proxy, VPN, mDNS) as soon as possible, and to retain the legacy domains until noted otherwise.

Internal connections  

Connections that remain inside the corporate network. Usually packets in these connections don't go through a firewall and wouldn't need any configuration to allow them.

Hostname  Ports Protocol Description 
n/a 1025-65535 SCTP over DTLS over UDP P2P communication