Network configuration for Microsoft Managed Desktop
Microsoft Managed Desktop is a cloud-managed service. There are a set of endpoints the Microsoft Managed Desktop services needs to be able to reach. This section lists the endpoints that need to be allowed for the various aspects of the Microsoft Managed Desktop service.
Customers can optimize their network by sending all trusted Microsoft 365 network requests directly through their firewall or proxy, bypassing authentication and all additional packet-level inspection or processing. This reduces latency and your perimeter capacity requirements.
Also, to optimize performance to Microsoft Managed Desktop cloud-based services, these endpoints need special handling by customer client browsers and the devices in their edge network. These devices include firewalls, SSL Break and Inspect, packet inspection devices, and data loss prevention systems.
The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.
Endpoints allowed that are necessary for Microsoft Managed Desktop
Microsoft Managed Desktop uses the Azure Portal to host its web console. The following URLs must be on the allowed list of your proxy and firewall so that Microsoft Managed Desktop devices can communicate with Microsoft Services.
The Microsoft Managed Desktop URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network.
|Microsoft service||URLs required on allow list|
|Microsoft Managed Desktop||prod-mwaas-services-customerapi.azurewebsites.net|
|Microsoft Support and Recovery Assistant||*.apibasic.diagnostics.office.com
Endpoints allowed used by other Microsoft products
There are URLs from several Microsoft products that need to be in the allowed list so that Microsoft Managed Desktop devices can communicate with those Microsoft Services. Use the links to see the complete list for each product.
|Windows 10 Enterprise including Windows Update for Business||Manage connection endpoints for Windows 10, version 1803
Manage connection endpoints for Windows 10, version 1809
Manage connection endpoints for Windows 10, version 1903
Manage connection endpoints for Windows 10, version 2004
|Delivery Optimization||Configure Delivery Optimization for Windows 10 updates|
|Microsoft 365||Microsoft 365 URL and IP address ranges|
|Azure Active Directory||Hybrid identity required ports and protocols and Active Directory and Active Directory Domain Services Port Requirements|
|Microsoft Intune||Intune network configuration requirements
Network endpoints for Microsoft Intune
|Microsoft Defender Advanced Threat Protection (ATP)||Microsoft Defender ATP endpoints|
|Windows Autopilot||Windows Autopilot Networking Requirements|