Allow the Azure portal URLs on your firewall or proxy server

To optimize connectivity between your network and the Azure portal and its services, you may want to add specific Azure portal URLs to your allowlist. Doing so can improve performance and connectivity between your local- or wide-area network and the Azure cloud.

Network administrators often deploy proxy servers, firewalls, or other devices, which can help secure and give control over how users access the internet. Rules designed to protect users can sometimes block or slow down legitimate business-related internet traffic. This traffic includes communications between you and Azure over the URLs listed here.

Tip

For help diagnosing issues with network connections to these domains, check https://portal.azure.com/selfhelp.

Azure portal URLs for proxy bypass

The URL endpoints to allow for the Azure portal are specific to the Azure cloud where your organization is deployed. To allow network traffic to these endpoints to bypass restrictions, select your cloud, then add the list of URLs to your proxy server or firewall. We do not recommend adding any additional portal-related URLs aside from those listed here, although you may want to add URLs related to other Microsoft products and services. Depending on which services you use, you may not need to include all of these URLs in your allowlist.

*.aadcdn.microsoftonline-p.com
*.aka.ms
*.applicationinsights.io
*.azure.com
*.azure.net
*.azure-api.net
*.azuredatalakestore.net
*.azureedge.net
*.loganalytics.io
*.microsoft.com
*.microsoftonline.com
*.microsoftonline-p.com
*.msauth.net
*.msftauth.net
*.trafficmanager.net
*.visualstudio.com
*.asazure.windows.net (Analysis Services)
*.core.windows.net (Azure Storage)
*.database.windows.net (SQL Server) 
*.graph.windows.net (Azure AD Graph)
*.kusto.windows.net (Azure Data Explorer/Kusto)
*.search.windows.net (search)
*.servicebus.windows.net (Azure Service Bus)

Note

Traffic to these endpoints uses standard TCP ports for HTTP (80) and HTTPS (443).