I'm designing a device that operates a kiosk. I'd like to have of the accounts authenticate through our Azure AD tenant so an engineer can log in and perform service updates (we need in-person updates and can't use a MDM like Intune for updates). This account would be used for login and not for allowing access to other resources. Our device operates behind a restrictive firewall with only other device. What URLs do we need to whitelist in the firewall to allow Windows to authenticate users?
The only article I've been able to find for this is about Azure Key Vault (here) which says login.microsoftonline.com:443 but I'm assuming that's the same? All other articles talk about hybrid stuff which doesn't apply in our case
Thanks
