Install and use Visual Studio and Azure Services behind a firewall or proxy server

If you or your organization uses security measures such as a firewall or a proxy server, then there are domain URLs that you might want to "whitelist" and ports and protocols that you might want to open so that you have the best experience when you install and use Visual Studio and Azure Services.

  • Install Visual Studio: These tables include the domain URLs to whitelist so that you have access to all the components and workloads that you want.

  • Use Visual Studio and Azure Services: This table includes the domain URLs to whitelist and the ports and protocols to open so that you have access to all the features and services that you want.

Install Visual Studio

URLs to whitelist

Because the Visual Studio Installer downloads files from various domains and their download servers, here are the domain URLs that you might want to whitelist as trusted in the UI or in your deployment scripts.

Microsoft domains

Domain Purpose
go.microsoft.com Setup URL resolution
aka.ms Setup URL resolution
download.visualstudio.microsoft.com Setup packages download location
download.microsoft.com Setup packages download location
download.visualstudio.com Setup packages download location
dl.xamarin.com Setup packages download location
visualstudiogallery.msdn.microsoft.com Visual Studio Extensions download location
www.visualstudio.com Documentation location
docs.microsoft.com Documentation location
msdn.microsoft.com Documentation location
www.microsoft.com Documentation location
*.windows.net Sign-in location
*.microsoftonline.com Sign-in location
*.live.com Sign-in location

Non-Microsoft domains

Domain Installs these workloads
archive.apache.org Mobile development with JavaScript (Cordova)
cocos2d-x.org Game development with C++ (Cocos)
download.epicgames.com Game development with C++ (Unreal Engine)
download.oracle.com Mobile development with JavaScript (Java SDK)

Mobile Development with .NET (Java SDK)
download.unity3d.com Game development with Unity (Unity)
netstorage.unity3d.com Game development with Unity (Unity)
dl.google.com Mobile development with JavaScript (Android SDK and NDK, Emulator)

Mobile Development with .NET (Android SDK and NDK, Emulator)
www.incredibuild.com Game development with C++ (IncrediBuild)
incredibuildvs2017i.azureedge.net Game development with C++ (IncrediBuild)
www.python.org Python development (Python)

Data science and analytical applications (Python)

Use Visual Studio and Azure Services

URLs to whitelist and ports and protocols to open

To make sure that you have access to everything you need when you use Visual Studio or Azure Services behind a firewall or proxy server, here are the URLs you should whitelist and the ports and protocols that you might want to open.

Service or scenario DNS endpoint Protocol Port Description
URL
resolution
go.microsoft.com

aka.ms
Used to shorten URLs, which then resolve into longer URLs
Start Page vsstartpage.blob.core.windows.net 443 Used to display Developer News shown on the start page in Visual Studio
Targeted
Notification
Service
targetednotifications.azurewebsites.net

www.research.net
80

443
Used to filter a global list of notifications to a list that is applicable only to specific types of machines/usage scenarios
Extension
update check
visualstudiogallery.msdn.microsoft.com

*.windows.net
*.microsoftonline.com
*.live.com
443 Used to provide notifications when an installed extension has an update available

Used as a sign-in location
AI Project
Integration
az861674.vo.msecnd.net 443
Used to configure new projects to send usage data to your registered Application Insights account
Code Lens codelensprodscus1su0.app.
codelens.visualstudio.com
443 Used to provide information in the editor about when a file was last updated, the timeline of changes, the work items that changes are associated with, the authors, and more
Experimental
feature enabling
visualstudio-devdiv-c2s.msedge.net 80 Used to activate experimental new features or feature changes
Identity “badge”
(user name and avatar)
and
Roaming settings
app.vssps.visualstudio.com

app.vsspsext.visualstudio.com

app.vssps.visualstudio.com

ns-sb2-prod-ch1-002.cloudapp.net

az700632.vo.msecnd.net
443 Used to display the user's name and avatar in the IDE

Used to make sure that setting changes roam from one machine to another
Remote Settings az700632.vo.msecnd.net 443 Used to turn off extensions that are known to cause problems in Visual Studio
Windows Tools developer.microsoft.com

dev.windows.com

appdev.microsoft.com
https 443 Used for Windows app store scenarios
JSON Schema
Discovery

JSON Schema
Definition

JSON Schema
Support for
Azure Resources
json.schemastore.org
schemastoreorg.azurewebsites.net

json-schema.org

schema.management.azure.com
http
https

http

https
80
443

443

443
Used to discover and download JSON schemas that the user might use when editing JSON documents

Used to obtain the meta-validation schema for JSON

Used to obtain the current schema for Azure Resource Manager deployment templates
NPM package
discovery
Skimdb.npmjs.com

Registry.npmjs.org

Api.npms.io
https

http/s

https
443

80/443

443
Required for searching for NPM packages, and used for client-side script package installation in web projects
Bower package
icons

Bower package
search
Bower.io

bowercache.azurewebsites.net
go.microsoft.com
Registry.bower.io
http

https
http
https
80

443
80
443
Provides the default bower package icon

Provides the ability to search for Bower packages
NuGet

NuGet package
discovery
Api.nuget.org
www.nuget.org
Nuget.org

crl3.digicert.com
crl4.digicert.com
ocsp.digicert.com
cacerts.digicert.com
https

http/s
443

80/443
Used to verify signed NuGet packages.

Required for searching for NuGet packages and versions
GitHub repository information api.github.com https 443 Required for getting additional information about bower packages
Web Linters Eslint.org

www.Bing.com

www.coffeelint.org
http 80
Cookiecutter
Explorer template
discovery

Cookiecutter
Explorer project
creation
api.github.com
raw.githubusercontent.com
go.microsoft.com

pypi.org
pypi.python.org
https 443
Used to discover online templates from our recommended feed and from github repositories

Used to create a project from a cookiecutter template that requires a one-time on-demand installation of a cookiecutter Python package from the Python package index (PyPI)
Python package
discovery

Python package
management

Python
New Project
templates
pypi.org

pypi.python.org
bootstrap.pypa.io

go.microsoft.com
https 443 Provides the ability to search for pip packages

Used to install pip automatically if it is missing

Used to create the

Used to resolve the following Python project templates in the New Project dialog to cookiecutter template URLs:
- Classifier Project
- Clustering Project
- Regression Project
- PyGame using PyKinect
- Pyvot Project
Office web
add-in
Manifest
Verification
Service
verificationservice.osi.office.net https 443 Used to validate manifests for Office web add-ins
SharePoint and
Office Add-ins
sharepoint.com https 443 Used to publish and test SharePoint and Office Add-ins to SharePoint Online
Workflow Manager
Test Service
Host
http 12292 A firewall rule that is created automatically for testing SharePoint add-ins with workflows
Automatically collected
reliability statistics
and other
Customer Experience
Improvement Programs (CEIP)
for Azure SDK and
for SQL Tools

vortex.data.microsoft.com

dc.services.visualstudio.com
https 443 Used to send reliability statistics (crash/hang data) from the user to Microsoft. Actual crash/hang dumps will still be uploaded if Windows Error Reporting is enabled; only statistical information will be suppressed;
Used to reveal anonymous usage patterns for the Azure Tools SDK extension to Visual Studio, and for usage patterns for the SQL tooling to Visual Studio
Visual Studio
Customer Experience
Improvement Program (CEIP)

PerfWatson.exe
vortex.data.microsoft.com
dc.services.visualstudio.com
visualstudio-devdiv-c2s.msedge.net
az667904.vo.msecnd.net
scus-breeziest-in.cloudapp.net
https 443 Used to collect anonymous usage patterns and error logs

Used to track UI freeze issues
Creation and
Management of
Azure resources
management.azure.com
management.core.windows.net  
https 443 Used for creating Azure Websites or other resources to support the publishing of web applications, Azure Functions, or WebJobs
Updated web publish tooling
checks and extension
recommendations
marketplace.visualstudio.com
visualstudiogallery.msdn.microsoft.com
https 443 Used for checking for the availability of updated publish tooling. If disabled, a potential recommended extension for web publishing may not be shown
Updated Azure Resource
Creation Endpoint Information
*.blob.core.windows.net https 443 Used to update the endpoints used for the creation of Azure Resources for certain Azure Services. If disabled, the last downloaded or built in endpoint locations are used instead
Remote debugging and
Remote profiling of
Azure Websites
*.cloudapp.net
*.azurewebsites.net
4022 Used for attaching the remote debugger to Azure Websites. If disabled, attaching the remote debugger to Azure Websites will not work
Active Directory
Graph
graph.windows.net https 443 Used to provision new Azure Active Directory applications. Also used by the Office 365 MSGraph- connected service provider
Azure Functions
CLI Update
Check
functionscdn.azureedge.net https 443 Used for checking for updated versions of the Azure Functions CLI. If disabled, a cached copy (or the copy carried by the Azure Functions component) of the CLI will be used instead
Cordova npmjs.org
gradle.org
http/s 80/443 HTTP is used for Gradle downloads during build; HTTPS is used to include Cordova plug-ins in projects
Cloud explorer 1. <clusterendpoint>
Service Fabric
2. <management endpoint>
General Cloud Exp
3. <graph endpoint>
General Cloud Exp
4. <storage account endpoint>
Storage Nodes
5. <Azure portal URLs>
General Cloud Exp
6. <key vault endpoints>
Azure Resource Manager VM Nodes
7. <PublicIPAddressOfCluster>
Service Fabric Remote debugging and ETW Traces

1. https
2. https
3. https
4. https
5. https
6. https
7: tcp
1. 19080
2. 443
3. 443
4. 443
5. 443
6. 443
7. dynamic
1. Example: test12.eastus.cloudapp.com
2. Retrieves subscriptions and retrieves/manages Azure resources
3. Retrieves Azure Stack subscriptions
4. Manages Storage resources (example: mystorageaccount.blob.core.windows.net)
5. "Open in Portal" context menu option (opens a resource in the Azure portal)
6. Creates and uses key vaults for VM debugging (Example: myvault.vault.azure.net)

7. Dynamically allocates block of ports based on number of nodes in the cluster and the available ports. 

A port block will try to get three times the number of nodes with minimum of 10 ports.

For Streaming traces, an attempt is made to get the port block from 810. If any of that port block is already used, then an attempt is made to get the next block, and so on. (It the load balancer is empty, then ports from 810 are most likely used)

Similarly for debugging, four sets of the ports blocks are reserved:
- connectorPort: 30398, 
- forwarderPort: 31398, 
- forwarderPortx86: 31399,
- fileUploadPort: 32398
Cloud Services 1. RDP

2. core.windows.net

3. management.azure.com
management.core.windows.net

4. *.blob.core.windows.net
*.queue.core.windows.net
*.table.core.windows.net

5. portal.azure.com

6. <user's cloud service>.cloudapp.net
<user's VM>.<region>.azure.com
1. rdp

2. https

3. https

4. https

5. https

6. tcp
1. 3389

2. 443

3. 443

4. 443

5. 443

6. a) 30398
6. b) 30400
6. c) 31398
6. d) 31400
6. e) 32398
6. f) 32400
1. Remote Desktop to Cloud Services VM

2. Storage account component of the private diagnostics configuration

3. Azure portal

4. Server Explorer - Azure Storage * is customer named storage account

5. Links to open the portal / Download the subscription certificate / Publish settings file

6. a) Connector local port for remote debug for cloud service and VM
6. b) Connector public port for remote debug for cloud service and VM
6. c) Forwarder local port for remote debug for cloud service and VM
6. d) Forwarder public port for remote debug for cloud service and VM
6. e) File uploader local port for remote debug for cloud service and VM
6. f) File uploader public port for remote debug for cloud service and VM
Service Fabric 1.
ocs.Microsoft.com
aka.ms
go.microsoft.com

2.
vssftools.blob.core.windows.net
Vault.azure.com
Portal.azure.com

3. * vault.azure.net

4.
app.vsaex.visualstudio.com
* .vsspsext.visualstudio.com
clouds.vsrm.visualstudio.com
clouds.visualstudio.com
app.vssps.visualstudio.com
* .visualstudio.com
https 443 1. Documentation

2. Create Cluster feature

3. The * is the Azure key vault name (Example:- test11220180112110108.vault.azure.net

4. The * is dynamic (Example: vsspsextprodch1su1.vsspsext.visualstudio.com)
Snapshot
Debugger
1. go.microsoft.com
2. management.azure.com
3. *azurewebsites.net
4. *scm.azurewebsites.net
5. api.nuget.org/v3/index.json
6. msvsmon
1. https
2. https
3. http
4. https
5. https
6. Concord
1. 443
2. 443
3. 80
4. 443
5. 443
6. 4022 (Visual Studio version dependent)
1. Query .json file for app service SKU size
2. Various Azure RM calls
3. Site warmup call via
4. Customer's targeted App Service Kudu endpoint
5. Query Site Extension version published in nuget.org
6. Remote debugging channel
Azure Stream Analytics

HDInsight
Management.azure.com https 443 Used to view, submit, run, and manage ASA jobs

Used to browse HDI clusters, and to submit, diagnose, and debug HDI jobs
Azure Data Lake *.azuredatalakestore.net
*.azuredatalakeanalytics.net
https 443 Used to compile, submit, view, diagnose, and debug jobs; used to browse ADLS files; used to upload and download files

Sometimes, you might run in to network- or proxy-related errors when you install or use Visual Studio behind a firewall or a proxy server. For more information about solutions for such error messages, see the Troubleshooting network-related errors when you install or use Visual Studio page.

Get support

Here are a few more support options for you:

See also