US government endpoints for Microsoft Intune

This page lists the US government endpoints needed for proxy settings in your Intune deployments.

To manage devices behind firewalls and proxy servers, you must enable communication for Intune.

  • The proxy server must support both HTTP (80) and HTTPS (443) because Intune clients use both protocols
  • For some tasks (like downloading software updates), Intune requires unauthenticated proxy server access to manage.microsoft.com

You can modify proxy server settings on individual client computers. You can also use Group Policy settings to change settings for all client computers located behind a specified proxy server.

Managed devices require configurations that let All Users access services through firewalls.

The following tables list the ports and services that the Intune client accesses:

Endpoint IP address
*.manage.microsoft.us 52.243.26.209
52.247.173.11
52.227.183.12
52.227.180.205
52.227.178.107
13.72.185.168
52.227.173.179
52.227.175.242
13.72.39.209
52.243.26.209
52.247.173.11
enterpriseregistration.microsoftonline.us 13.72.188.239
13.72.55.179

US Government customer designated endpoints:

  • Azure portal: https://portal.azure.us/
  • Office 365: https://portal.office365.us/
  • Intune Company Portal: https://portal.manage.microsoft.us/

Partner service endpoints that Intune depends on:

  • AAD Sync service: https://syncservice.gov.us.microsoftonline.com/DirectoryService.svc
  • Evo STS: https://login.microsoftonline.us
  • Directory Proxy: https://directoryproxy.microsoftazure.us/DirectoryProxy.svc
  • AAD Graph: https://directory.microsoftazure.us and https://graph.microsoftazure.us
  • MS Graph: https://graph.microsoft.us
  • ADRS: https://enterpriseregistration.microsoftonline.us