Network configuration for Microsoft Managed Desktop

Proxy configuration

Microsoft Managed Desktop is a cloud-managed service. There are a set of endpoints the Microsoft Managed Desktop services needs to be able to reach. This section lists the endpoints that need to be allowed for the various aspects of the Microsoft Managed Desktop service.

Customers can optimize their network by sending all trusted Microsoft 365 network requests directly through their firewall or proxy, bypassing authentication and all additional packet-level inspection or processing. This reduces latency and your perimeter capacity requirements.

Also, to optimize performance to Microsoft Managed Desktop cloud-based services, these endpoints need special handling by customer client browsers and the devices in their edge network. These devices include firewalls, SSL Break and Inspect, packet inspection devices, and data loss prevention systems.

Proxy requirement

The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.

Endpoints allowed that are necessary for Microsoft Managed Desktop

Microsoft Managed Desktop uses the Azure Portal to host its web console. The following URLs must be on the allowed list of your proxy and firewall so that Microsoft Managed Desktop devices can communicate with Microsoft Services.

The Microsoft Managed Desktop URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network.

Microsoft service URLs required on allow list
Microsoft Managed Desktop
Get Help *
Quick Assist
Microsoft Support and Recovery Assistant *

Endpoints allowed used by other Microsoft products

There are URLs from several Microsoft products that need to be in the allowed list so that Microsoft Managed Desktop devices can communicate with those Microsoft Services. Use the links to see the complete list for each product.

Microsoft service Documentation
Windows 10 Enterprise including Windows Update for Business Manage connection endpoints for Windows 10, version 1803

Manage connection endpoints for Windows 10, version 1809

Manage connection endpoints for Windows 10, version 1903

Manage connection endpoints for Windows 10, version 2004
Delivery Optimization Configure Delivery Optimization for Windows 10 updates
Microsoft 365 Microsoft 365 URL and IP address ranges
Azure Active Directory Hybrid identity required ports and protocols and Active Directory and Active Directory Domain Services Port Requirements
Microsoft Intune Intune network configuration requirements
Network endpoints for Microsoft Intune
Microsoft Defender Advanced Threat Protection (ATP) Microsoft Defender ATP endpoints
Windows Autopilot Windows Autopilot Networking Requirements