Windows Intune: required Firewall & Proxy Configuration

Implementing Windows Intune might be for the most of us an ease approach because it is uses commonly used standards like http and https. Nevertheless, in organizations where internet access is controlled using firewall(s) and proxy servers this might be a challenge.

Specific services or websites has to be disclosed to work properly. The same applies to Windows Intune. For those who have to implement in such environments where internet access is limited the overview below outlines the required domain and ports in order to let Windows Intune work like a charm.

Required domains for documentation, online Help, and support

Domain	Ports
*.livemeeting.com	80 and 443
*.microsoftonline.com	80 and 443
onlinehelp.microsoft.com	80
*.social.technet.microsoft.com	80
blogs.technet.com	80
go.microsoft.com	80
http://www.microsoft.com	80

Required domains for Microsoft Update Services

Domain	Ports
*.update.microsoft.com	80 and 443
download.microsoft.com	80 and 443
update.microsoft.com	80 and 443

Note: Depending on the firewall and how it processes DNS lookup requests, you might also need to allow access to the domain manage.microsoft.com.nsatc.net on port 80.

Required domains for Windows Update Services

Domain	Ports
*.download.windowsupdate.com	80 and 443
*.windowsupdate.com	80 and 443
download.windowsupdate.com	80 and 443
ntservicepack.microsoft.com	80 and 443
windowsupdate.microsoft.com	80 and 443

Required domains for Windows Intune and related services

Domain	Ports
*.manage.microsoft.com	80 and 443
*.manage.microsoft.com	80 and 443
*.spynet2.microsoft.com	443
manage.microsoft.com	80 and 443
wustat.microsoft.com	80 and 443
*.googleapis.com	80 and 443
*.microsoftonline-p.com	80 and 443
*.microsoftonline-p.net	80 and 443
c.microsoft.com	80 and 443
c1.microsoft.com	80 and 443

Note: The *.googleapis.com domain is required for JQuery support when using the Company Portal website.

Source: Windows Intune Partner Engagement