US government endpoints for Microsoft Intune
This page lists the US government endpoints needed for proxy settings in your Intune deployments.
To manage devices behind firewalls and proxy servers, you must enable communication for Intune.
- The proxy server must support both HTTP (80) and HTTPS (443) because Intune clients use both protocols
- For some tasks (like downloading software updates), Intune requires unauthenticated proxy server access to manage.microsoft.com
You can modify proxy server settings on individual client computers. You can also use Group Policy settings to change settings for all client computers located behind a specified proxy server.
Managed devices require configurations that let All Users access services through firewalls.
For more information about Windows 10 auto-enrollment and device registration for US government customers, see Set up enrollment for Windows devices.
The following tables list the ports and services that the Intune client accesses:
US Government customer designated endpoints:
- Azure portal: https://portal.azure.us/
- Office 365: https://portal.office365.us/
- Intune Company Portal: https://portal.manage.microsoft.us/
Partner service endpoints that Intune depends on:
- AAD Sync service: https://syncservice.gov.us.microsoftonline.com/DirectoryService.svc
- Evo STS: https://login.microsoftonline.us
- Directory Proxy: https://directoryproxy.microsoftazure.us/DirectoryProxy.svc
- AAD Graph: https://directory.microsoftazure.us and https://graph.microsoftazure.us
- MS Graph: https://graph.microsoft.us
- ADRS: https://enterpriseregistration.microsoftonline.us
Windows Push Notification Services
On Intune-managed devices managed by using Mobile Device Management (MDM), Windows PUsh Notification Services (WNS) is required for device actions and other immediate activities. For more information, see Enterprise Firewall and Proxy Configurations to Support WNS Traffic
Apple device network information
|Used for||Hostname (IP address/subnet)||Protocol||Port|
|Retrieving and displaying content from Apple servers||itunes.apple.com
|Communication with APNS servers||#-courier.push.apple.com
'#' is a random number from 0 to 50.
|TCP||5223 and 443|
|Various functions including accessing the internet, iTunes store, macOS app store, iCloud, messaging, etc.||phobos.apple.com
|HTTP/HTTPS||80 or 443|
For more information, see:
- TCP and UDP ports used by Apple software products
- About macOS, iOS, and iTunes server host connections and iTunes background processes
- If your macOS and iOS clients aren't getting Apple push notifications