Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.
Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.
Required domains for documentation, online Help, and support
Domain Ports *.livemeeting.com 80 and 443 *.microsoftonline.com 80 and 443 onlinehelp.microsoft.com 80 *.social.technet.microsoft.com 80 blogs.technet.com 80 go.microsoft.com 80 http://www.microsoft.com 80
Required domains for Microsoft Update Services
Domain Ports *.update.microsoft.com 80 and 443 download.microsoft.com 80 and 443 update.microsoft.com 80 and 443
Note: Depending on the firewall and how it processes DNS lookup requests, you might also need to allow access to the domain manage.microsoft.com.nsatc.net on port 80.
Required domains for Windows Update Services
Domain Ports *.download.windowsupdate.com 80 and 443 *.windowsupdate.com 80 and 443 download.windowsupdate.com 80 and 443 ntservicepack.microsoft.com 80 and 443 windowsupdate.microsoft.com 80 and 443
Required domains for Windows Intune and related services
Domain Ports *.manage.microsoft.com 80 and 443 *.manage.microsoft.com 80 and 443 *.spynet2.microsoft.com 443 manage.microsoft.com 80 and 443 wustat.microsoft.com 80 and 443 *.googleapis.com 80 and 443 *.microsoftonline-p.com 80 and 443 *.microsoftonline-p.net 80 and 443 c.microsoft.com 80 and 443 c1.microsoft.com 80 and 443
Note: The *.googleapis.com domain is required for JQuery support when using the Company Portal website.
Source: Windows Intune Partner Engagement