Network configuration for Microsoft Managed Desktop
Microsoft Managed Desktop is a cloud-managed service. There are a set of endpoints the Microsoft Managed Desktop services needs to be able to reach. This section lists the endpoints that need to be allowed for the various aspects of the Microsoft Managed Desktop service.
Customers can optimize their network by sending all trusted Microsoft 365 network requests directly through their firewall or proxy, bypassing authentication and all additional packet-level inspection or processing. This reduces latency and your perimeter capacity requirements.
Also, to optimize performance to Microsoft Managed Desktop cloud-based services, these endpoints need special handling by customer client browsers and the devices in their edge network. These devices include firewalls, SSL Break and Inspect, packet inspection devices, and data loss prevention systems.
The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.
Endpoints allowed - specific for Microsoft Managed Desktop
Microsoft Managed Desktop uses the Azure Portal to host its web console. The following URLs in the table below need to be on the allowed list of your proxy and firewall so that Microsoft Managed Desktop devices can communicate with Microsoft Services.
Note that the Microsoft Managed Desktop URL below is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network.
|Microsoft service||URLs required on allow list|
|Microsoft Managed Desktop||prod-mwaas-services-customerapi.azurewebsites.net|
|Microsoft Support and Recovery Assistant for Office 365||*.apibasic.diagnostics.office.com
Endpoints allowed - other Microsoft products
There are URLs from several Microsoft products that need to be in the allowed list so that Microsoft Managed Desktop devices can communicate with those Microsoft Services. Use the links to see the complete list for each product.
|Microsoft service||Documentation source - URLs required on allow list|
|Windows 10 Enterprise including Windows Update for Business||Manage connection endpoints for Windows 10, version 1803
Manage connection endpoints for Windows 10, version 1809
Manage connection endpoints for Windows 10, version 1903
|Delivery Optimization||Configure Delivery Optimization for Windows 10 updates|
|Office 365||Office 365 URL and IP address ranges|
|Azure Active Directory||Hybrid identity required ports and protocols and Active Directory and Active Directory Domain Services Port Requirements|
|Microsoft Intune||Intune network configuration requirements|
|Microsoft Defender Advanced Threat Protection (ATP)||Microsoft Defender ATP endpoints|