Setting Up Your Lync Online Environment

 To set up your network for Lync Online, follow these steps:

  1. Purchase Office 365 and enable licenses for your users. 
  2. Make sure everyone in your organization has installed the most current desktop version of Lync. For details, see Update Resource Center for Lync.
  3. Enable certain settings on your organization’s firewalls. For more information, see the following sections of this document.
  4. Depending on your internet proxy or firewall configuration, you may also need to set up a certain DNS record. For more information, see “Setting Up DNS Records For Your Domain Name,” later in this document.

 Open Ports in Your External Firewall and On Your Reverse Proxy

 To enable Lync Online to run and to enable your users to use Lync Online features, you must ensure the following ports are open in your organization’s external firewall.

 Ports Needed Open in External Firewall

Port

Protocol

Direction

Usage

443

STUN/TCP

Outbound

Audio, video, and application sharing sessions

443

PSOM/TLS

Outbound

Data sharing sessions

3478

STUN/UDP

Outbound

Audio and video sessions

5223

UDP        

Ourbound

Lync mobile push notifications

50000-59999

RTP/UDP

Outbound

Audio and video sessions

 The client computers that use Lync Online services on your network must also have certain ports open.  These ports are opened automatically when users are licensed to use Lync Online. 

Configure Rules and Exceptions

The following list shows the rules you should set on your network firewall to enable Lync Online to work. These rules should apply to all users on your network.

  • Enable outgoing connections to *.microsoftonline.com

  • Enable outgoing connections to *.outlook.com

  • Enable outgoing connections to *.lync.com

  • The HTTP/SSL time out should be set to eight hours.

Additionally, you should make sure the firewall allows Microsoft Online Services Sign-In Assistant traffic. To do this, take the following steps if you are using Microsoft Forefront Threat Manager Gateway. Similar steps can be taken for other gateways.

  1.  In Forefront Threat Manager Gateway, in the left pane, click Networking.
  2. Click the Network tab. Under the Tasks tab in the right pane, click Configure Forefront TMG Client Settings.
  3. In the Forefront TMG Client Settings dialog box, click New.
  4. In the Application Entry Setting dialog box, configure the following rules:

Application

Key

Value

msoidsvc

Disable

0

msoidsvc

DisableEx

0

 

Setting Up DNS Records For Your Domain Name

If you are using your own domain name with Office 365, contact your domain name registrar for details about how to make the following changes to your DNS records.

 

  • Add the following CNAME and SRV entries to your DNS server:

Type

Host name

Destination

TTL

CNAME

sip.yourDomainName.com

sipdir.online.lync.com

1 hour

CNAME

lyncdiscover.yourDomainName.com

webdir.online.lync.com

1 hour

 

Type

Service

Protocol

Port

Weight

Priority

TTL

Name

Target

SRV

_sip

_tls

443

1

100

1 hour

yourDomainName.com

sipdir.online.lync.com

 

If your organization supports external communication (that is, connections with other organizations that have external communication enabled), add the following DNS Service (SRV) record as well:

 

Type

Service

Protocol

Port

Weight

Priority

TTL

Name

Target

SRV

_sipfederationtls

_tcp

5061

1

100

1 hour

yourDomainName.com

sipfed.online.lync.com

If your organization’s Internet proxies or firewalls are configured to block external SRV queries, add the following CNAME entries to your internal DNS server:

 

Type

Host name

Destination

TTL

CNAME

sip.yourDomainName.com

sipdir.online.lync.com

1 hour

CNAME

lyncdiscoverinternal.yourDomainName.com

webdir.online.lync.com

1 hour