Intune network configuration requirements and bandwidth

This guidance helps Intune admins understand the network requirements for the Intune service. You can use this information to understand bandwidth requirements and IP address and port settings needed for proxy settings.

Average network traffic

This table lists the approximate size and frequency of common content that travels across the network for each client.


To ensure devices receive the updates and content from Intune, they must periodically connect to the Internet. The time required to receive updates or content can vary, but they should remain continuously connected to the Internet for at least one hour each day.

Content type Approximate size Frequency and details
Intune client installation

The following requirements are in addition to the Intune client installation
125 MB One time

The size of the client download varies depending on the operating system of the client computer.
Client enrollment package 15 MB One time

Additional downloads are possible when there are updates for this content type.
Endpoint Protection agent 65 MB One time

Additional downloads are possible when there are updates for this content type.
Operations Manager agent 11 MB One time

Additional downloads are possible when there are updates for this content type.
Policy agent 3 MB One time

Additional downloads are possible when there are updates for this content type.
Remote Assistance via Microsoft Easy Assist agent 6 MB One time

Additional downloads are possible when there are updates for this content type.
Daily client operations 6 MB Daily

The Intune client regularly communicates with the Intune service to check for updates and policies, and to report the client’s status to the service.
Endpoint Protection malware definition updates Varies

Typically 40 KB to 2 MB

Up to three times a day.
Endpoint Protection engine update 5 MB Monthly
Software updates Varies

The size depends on the updates you deploy.

Typically, software updates release on the second Tuesday of each month.

A newly enrolled or deployed computer can use more network bandwidth while downloading the full set of previously released updates.
Service packs Varies

The size varies for each service pack you deploy.

Depends on when you deploy service packs.
Software distribution Varies

The size depends on the software you deploy.

Depends on when you deploy software.

Ways to reduce network bandwidth use

You can use one or more of the following methods to reduce network bandwidth use for Intune clients.

Use a proxy server to cache content requests

A proxy server can cache content to reduce duplicate downloads and reduce network bandwidth from content from the Internet.

A caching proxy server that receives content requests from clients can retrieve that content and cache both web responses and downloads. The server uses cached data to answer subsequent requests from clients.

The following are typical settings to use for a proxy server that caches content for Intune clients.

Setting Recommended value Details
Cache size 5 GB to 30 GB The value varies based on the number of client computers in your network and the configurations you use. To prevent files from being deleted too soon, adjust the size of the cache for your environment.
Individual cache file size 950 MB This setting might not be available in all caching proxy servers.
Object types to cache HTTP


Intune packages are CAB files retrieved by Background Intelligent Transfer Service (BITS) download over HTTP.

For information about using a proxy server to cache content, see the documentation for your proxy server solution.

Use Background Intelligent Transfer Service on computers

Intune supports using Background Intelligent Transfer Service (BITS) on a Windows computer to reduce the network bandwidth that is used during the hours that you configure. You can configure policy for BITS on the Network bandwidth page of the Intune Agent policy.

To learn more about BITS and Windows computers, see Background Intelligent Transfer Service in the TechNet Library.

Use BranchCache on computers

Intune clients can use BranchCache to reduce wide area network (WAN) traffic. The following operating systems support BranchCache:

  • Windows 7
  • Windows 8.0
  • Windows 8.1
  • Windows 10

To use BranchCache, the client computer must have BranchCache enabled, and then be configured for distributed cache mode.

By default, BranchCache and distributed cache mode are enabled on computers when the Intune client is installed. However, if Group Policy has disabled BranchCache, Intune does not override that policy and BranchCache remains disabled.

If you use BranchCache, work with other administrators in your organization to manage Group Policy and Intune Firewall policy. Ensure they do not deploy policy that disables BranchCache or Firewall exceptions. For more about BranchCache, see BranchCache Overview.

Network communication requirements

Enable network communications between the devices you manage and the websites required for cloud-based services.

Intune uses no on-premises infrastructure such as servers running Intune software, but there are options to use on-premises infrastructure including Exchange and Active Directory synchronization tools.

To manage computers behind firewalls and proxy servers, you must enable communication for Intune.

  • The proxy server must support both HTTP (80) and HTTPS (443) because Intune clients use both protocols
  • Intune requires unauthenticated proxy server access to for some tasks such as downloading software and updates

You can modify proxy server settings on individual client computers, or you can use Group Policy settings to change settings for all client computers that are located behind a specified proxy server.

Managed devices require configurations that let All Users access services through firewalls.

The following tables list the ports and services that the Intune client accesses:

Domains IP address More information Office 365 URLs and IP address ranges

Apple device network information

Hostname URL (IP address/subnet) Protocol Port Device
Admin Console ( TCP 2195 Apple iOS and macOS
Admin Console TCP 2196 Apple iOS and macOS
Admin Console Apple, *, *, * HTTP 80 Apple iOS and macOS
PI Server TCP 2195, 2196 For Apple iOS and macOS cloud messaging.
Device Services TCP 2195 Apple
Device Services TCP 2196 Apple
Device Services Apple ** * HTTP 80 Apple
Devices (Internet/Wi-Fi) TCP 5223 and 443 Apple only. '#' is a random number from 0 to 200.
Devices (Internet/Wi-Fi) HTTP/HTTPS 80 or 443 Apple only