06/08/2021
Intune/Windows 10 Autopilot Firewall exceptions
All the URLs required to be put in Firewall Exception for Autopilot project. Please ask your network Team to allow below URLs for Autopilot. They are all Port 80 and Port 443 over TCP connection unless specified with URL in the list below. e.g. WIP requires port 444.
| Must have | aka.ms* go.microsoft.com |
| Device Authentication | login.live.com dmd.metaservices.microsoft.com [used to retrieve device metadata] |
| Windows Autopilot | ztd.dds.microsoft.com cs.dds.microsoft.com |
| TPM Attestation for Whiteglove | *.microsoftaik.azure.net ekop.intel.com/ekcertservice [If device firmware is from Intel] ekcert.spserv.microsoft.com/EKCertificate/GetEKCertificate/v1 [If device firmware is from Qualcomm] ftpm.amd.com/pki/aia [If device firmware is from AMD] |
| Windows Activation/Licensing | activation.sls.microsoft.com validation.sls.microsoft.com activation-v2.sls.microsoft.com validation-v2.sls.microsoft.com licensing.mp.microsoft.com licensing.md.mp.microsoft.com |
| CRL and OCSP checks for CA | crl.microsoft.com/pki/crl/products/MicProSecSerCA_2007-12-04.crl crl.microsoft.com/pki/crl/* *microsoft.com/pkiops/* ocsp.digicert.com/* |
| Windows Update/Delivery Optimization | ctldl.windowsupdate.com cs9.wac.phicdn.net *.windowsupdate.com *.update.microsoft.com *hwcdn.net *.delivery.mp.microsoft.com tsfe.trafficshaping.dsp.mp.microsoft.com *.prod.do.dsp.mp.microsoft.com *geo-prod.do.dsp.mp.microsoft.com* *.dl.delivery.mp.microsoft.com *.emdl.ws.microsoft.com adl.windows.com |
| Microsoft Store for Business | *displaycatalog.mp.microsoft.com d isplaycatalog.md.mp.microsoft.com purchase.mp.microsoft.com purchase.md.mp.microsoft.com storecatalogrevocation.storequality.microsoft.com img-prod-cms-rt-microsoft-com.akamaized.net .md.mp.microsoft.com pti.store.microsoft.com markets.books.microsoft.com storeedgefd.dsx.mp.microsoft.com livetileedge.dsx.mp.microsoft.com share.microsoft.com *.microsoft.com.akadns.net clientconfig.passport.net windowsphone.com *.microsoft.com *.s-microsoft.com manage.devcenter.microsoft.com |
| NTP | time.windows.com [over UDP port 123] |
| Network Connection Status Indicator | www.msftconnecttest.com* |
| Diagnostics Data | *.events.data.microsoft.com *.telemetry.microsoft.com watson.*.microsoft.com *.vortex-win.data.microsoft.com/collect/v1 cs11.wpc.v0cdn.net cs1137.wpc.gammacdn.net settings.data.microsoft.com settings-win.data.microsoft.com *.blob.core.windows.net |
| Windows Notification Services | *.wns.windows.com |
| Office Apps/Office Updates | *.c-msedge.net *.e-msedge.net *.s-msedge.net nexusrules.officeapps.live.com ocos-office365-s2s.msedge.net officeclient.microsoft.com outlook.office365.com client-office365-tas.msedge.net www.office.com onecollector.cloudapp.aria v10.events.data.microsoft.com/onecollector/1.0/ self.events.data.microsoft.com to-do.microsoft.com g.live.com/1rewlive5skydrive/* msagfx.live.com oneclient.sfx.ms logincdn.msauth.net blobs.officehome.msocdn.com officehomeblobs.blob.core.windows.net self.events.data.microsoft.com outlookmobile-office365-tas.msedge.net config.teams.microsoft.com |
| Defender | wdcp.microsoft.com definitionupdates.microsoft.com *.smartscreen.microsoft.com *.smartscreen-prod.microsoft.com checkappexec.microsoft.com |
| Microsoft Account Access endpoints | *.login.microsoftonline.com *.login.microsoft.com login.windows.net account.live.com signup.live.com login.msa.akadns6.net us.configsvc1.live.com.akadns.net |
| Required for Cortana | www.bing.com* I-ring.msedge.net s-ring.msedge.net |
| MS Edge | iecvlist.microsoft.com msedge.api.cdp.microsoft.com |
| Azure Cloud related | wd-prod-fe.cloudapp.azure.com accountalt.azureedge.net secure.aadcdn.microsoftonline-p.com ris-prod-atm.trafficmanager.net validation-v2.sls.trafficmanager.net |
| Intune related | portal.manage.microsoft.com r.manage.microsoft.com m.manage.microsoft.com *.manage.microsoft.com *.officeconfig.msocdn.com config.office.com graph.windows.net enterpriseregistration.windows.net fef.msuc03.manage.microsoft.com wip.mam.manage.microsoft.com [requires port 444] mam.manage.microsoft.com |
What’s New in Microsoft Intune This Month (October 2024)
SCCM 1606: Step by Step Walk-through Setup
