Is it possible, to add an Microsoft 365 mailaccount, when the zammad instance is not reachable from the internet?

We have setup zammad in our active directory network, which has a .local domain. To get a ssl certificate for our zammad instance, we have set up split dns. The zammad uses a subdomain from a public domain, we own.

If i set up microsoft 365, there is the callback url with our public domain, which points internally via dns to the zammad server in the LAN. Due to this, the M365-authentication won’t work. Is there a way to add such accounts without opening the zammad server to the internet?

Your Zammad installation has to be able to communicate with the internet (Microsoft in this case) in order for the Microsoft 365 channel to function. During adding the account, the user that adds the account in question requires both, connectivity to the Internet (Microsoft) and the Zammad instance.

Technically the same would apply for the authentication method as well.
The only thing Microsoft does not support (as far as I’m aware) is HTTP callback URLs (which you shouldn’t use any way). If they also don’t .local domains then you have no possibility to use Zammad in the desired scope.