必要的 URL 清單Required URL list

若要部署和使用 Windows 虛擬桌面,您必須解除封鎖某些 Url,讓虛擬機器 (Vm) 可隨時存取這些 Url。In order to deploy and use Windows Virtual Desktop, you must unblock certain URLs so your virtual machines (VMs) can access them anytime. 本文列出您必須解除封鎖才能讓 Windows 虛擬桌面正常運作所需的 Url。This article lists the required URLs you need to unblock in order for Windows Virtual Desktop to function properly.

重要

Windows 虛擬桌面不支援封鎖本文所列 Url 的部署。Windows Virtual Desktop doesn't support deployments that block the URLs listed in this article.

虛擬機器Virtual machines

您為 Windows 虛擬桌面建立的 Azure 虛擬機器必須能夠存取 Azure 商業雲端中的下列 Url:The Azure virtual machines you create for Windows Virtual Desktop must have access to the following URLs in the Azure commercial cloud:

位址Address 傳出 TCP 連接埠Outbound TCP port 目的Purpose 服務標記Service Tag
*.wvd.microsoft.com*.wvd.microsoft.com 443443 服務流量Service traffic WindowsVirtualDesktopWindowsVirtualDesktop
gcs.prod.monitoring.core.windows.netgcs.prod.monitoring.core.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
production.diagnostics.monitoring.core.windows.netproduction.diagnostics.monitoring.core.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* xt.blob.core.windows.net*xt.blob.core.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* eh.servicebus.windows.net*eh.servicebus.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* xt.table.core.windows.net*xt.table.core.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* xt.queue.core.windows.net*xt.queue.core.windows.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
catalogartifact.azureedge.netcatalogartifact.azureedge.net 443443 Azure MarketplaceAzure Marketplace AzureCloudAzureCloud
kms.core.windows.netkms.core.windows.net 16881688 Windows 啟用Windows activation InternetInternet
mrsglobalsteus2prod.blob.core.windows.netmrsglobalsteus2prod.blob.core.windows.net 443443 代理程式和 SXS 堆疊更新Agent and SXS stack updates AzureCloudAzureCloud
wvdportalstorageblob.blob.core.windows.netwvdportalstorageblob.blob.core.windows.net 443443 Azure 入口網站支援Azure portal support AzureCloudAzureCloud
169.254.169.254169.254.169.254 8080 Azure 實例中繼資料服務端點Azure Instance Metadata service endpoint N/AN/A
168.63.129.16168.63.129.16 8080 工作階段主機健全狀況監視Session host health monitoring N/AN/A

重要

Windows 虛擬桌面現在支援 FQDN 標記。Windows Virtual Desktop now supports the FQDN tag. 如需詳細資訊,請參閱使用 Azure 防火牆來保護 Windows 虛擬桌面部署For more information, see Use Azure Firewall to protect Window Virtual Desktop deployments.

建議您使用 FQDN 標籤,而不要使用 URL,以避免產生服務問題。We recommend you use FQDN tags or service tags instead of URLs to prevent service issues. 列出的 URL 和標籤僅對應於 Windows 虛擬桌面網站和資源。The listed URLs and tags only correspond to Windows Virtual Desktop sites and resources. 其中不包含其他服務 (例如 Azure Active Directory) 的 URL。They don't include URLs for other services like Azure Active Directory.

您為 Windows 虛擬桌面建立的 Azure 虛擬機器必須能夠存取 Azure Government 雲端中的下列 Url:The Azure virtual machines you create for Windows Virtual Desktop must have access to the following URLs in the Azure Government cloud:

位址Address 傳出 TCP 連接埠Outbound TCP port 目的Purpose 服務標記Service Tag
*. wvd.microsoft.us*.wvd.microsoft.us 443443 服務流量Service traffic WindowsVirtualDesktopWindowsVirtualDesktop
gcs.monitoring.core.usgovcloudapi.netgcs.monitoring.core.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
monitoring.core.usgovcloudapi.netmonitoring.core.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
fairfax.warmpath.usgovcloudapi.netfairfax.warmpath.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* xt.blob.core.usgovcloudapi.net*xt.blob.core.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
*.servicebus.usgovcloudapi.net*.servicebus.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
* xt.table.core.usgovcloudapi.net*xt.table.core.usgovcloudapi.net 443443 代理程式流量Agent traffic AzureCloudAzureCloud
Kms.core.usgovcloudapi.netKms.core.usgovcloudapi.net 16881688 Windows 啟用Windows activation InternetInternet
mrsglobalstugviffx.blob.core.usgovcloudapi.netmrsglobalstugviffx.blob.core.usgovcloudapi.net 443443 代理程式和 SXS 堆疊更新Agent and SXS stack updates AzureCloudAzureCloud
wvdportalstorageblob.blob.core.usgovcloudapi.netwvdportalstorageblob.blob.core.usgovcloudapi.net 443443 Azure 入口網站支援Azure portal support AzureCloudAzureCloud
169.254.169.254169.254.169.254 8080 Azure 實例中繼資料服務端點Azure Instance Metadata service endpoint N/AN/A
168.63.129.16168.63.129.16 8080 工作階段主機健全狀況監視Session host health monitoring N/AN/A

下表列出您的 Azure 虛擬機器可存取的選用 URL:The following table lists optional URLs that your Azure virtual machines can have access to:

位址Address 傳出 TCP 連接埠Outbound TCP port 目的Purpose Azure GovAzure Gov
*.microsoftonline.com*.microsoftonline.com 443443 向 Microsoft Online Services 進行驗證Authentication to Microsoft Online Services login.microsoftonline.uslogin.microsoftonline.us
*.events.data.microsoft.com*.events.data.microsoft.com 443443 遙測服務Telemetry Service NoneNone
www.msftconnecttest.comwww.msftconnecttest.com 443443 偵測 OS 是否已連線到網際網路Detects if the OS is connected to the internet NoneNone
*.prod.do.dsp.mp.microsoft.com*.prod.do.dsp.mp.microsoft.com 443443 Windows UpdateWindows Update NoneNone
login.windows.netlogin.windows.net 443443 登入 Microsoft Online Services、Microsoft 365Sign in to Microsoft Online Services, Microsoft 365 login.microsoftonline.uslogin.microsoftonline.us
*.sfx.ms*.sfx.ms 443443 OneDrive 用戶端軟體的更新Updates for OneDrive client software oneclient.sfx.msoneclient.sfx.ms
*.digicert.com*.digicert.com 443443 憑證撤銷檢查Certificate revocation check NoneNone
*. azure-dns.com*.azure-dns.com 443443 Azure DNS 解析Azure DNS resolution None
*. azure-dns.net*.azure-dns.net 443443 Azure DNS 解析Azure DNS resolution None

注意

Windows 虛擬桌面目前沒有 IP 位址範圍的清單,您可以將其解除封鎖以允許網路流量。Windows Virtual Desktop currently doesn't have a list of IP address ranges that you can unblock to allow network traffic. 我們目前僅支援解除封鎖特定的 Url。We only support unblocking specific URLs at this time.

如果您使用新一代防火牆 (NGFW) ,您必須使用專為 Azure Ip 所建立的動態清單,以確保您可以連線。If you're using a Next Generation Firewall (NGFW), you'll need to use a dynamic list specifically made for Azure IPs to make sure you can connect.

如需安全的 Office 相關 Url 清單,包括必要的 Azure Active Directory 相關 Url,請參閱 office 365 url 和 IP 位址範圍For a list of safe Office-related URLs, including required Azure Active Directory-related URLs, see Office 365 URLs and IP address ranges.

對於涉及服務流量的 URL,必須使用萬用字元 (*)。You must use the wildcard character (*) for URLs involving service traffic. 如果您不想使用 * 來表示代理程式相關流量,下列方法可讓您不使用萬用字元來尋找 URL:If you prefer to not use * for agent-related traffic, here's how to find the URLs without wildcards:

  1. 向 Windows 虛擬桌面主機集區註冊您的虛擬機器。Register your virtual machines to the Windows Virtual Desktop host pool.
  2. 開啟 [事件檢視器],然後移至 [ Windows 記錄 > 應用程式 > WVD-代理 程式],然後尋找事件識別碼3701。Open Event viewer, then go to Windows logs > Application > WVD-Agent and look for Event ID 3701.
  3. 將您在事件識別碼3701下找到的 Url 解除封鎖。Unblock the URLs that you find under Event ID 3701. 事件識別碼3701下的 Url 是區域特定的。The URLs under Event ID 3701 are region-specific. 您必須針對想要在其中部署虛擬機器的每個區域,使用相關的 Url 重複解除封鎖程式。You'll need to repeat the unblocking process with the relevant URLs for each region you want to deploy your virtual machines in.

遠端桌面用戶端Remote Desktop clients

您使用的任何遠端桌面用戶端都必須具有下列 Url 的存取權:Any Remote Desktop clients you use must have access to the following URLs:

位址Address 傳出 TCP 連接埠Outbound TCP port 目的Purpose 用戶端Client(s) Azure GovAzure Gov
*.wvd.microsoft.com*.wvd.microsoft.com 443443 服務流量Service traffic 全部All *. wvd.microsoft.us*.wvd.microsoft.us
*.servicebus.windows.net*.servicebus.windows.net 443443 疑難排解資料Troubleshooting data 全部All *.servicebus.usgovcloudapi.net*.servicebus.usgovcloudapi.net
go.microsoft.comgo.microsoft.com 443443 Microsoft FWLinksMicrosoft FWLinks 全部All None
aka.msaka.ms 443443 Microsoft URL 縮短器Microsoft URL shortener 全部All None
docs.microsoft.comdocs.microsoft.com 443443 文件Documentation 全部All None
privacy.microsoft.comprivacy.microsoft.com 443443 隱私權聲明Privacy statement 全部All None
query.prod.cms.rt.microsoft.comquery.prod.cms.rt.microsoft.com 443443 用戶端更新Client updates Windows 桌面Windows Desktop None

重要

開啟這些 URL 是擁有可靠用戶端體驗所必需的。Opening these URLs is essential for a reliable client experience. 不支援封鎖這些 URL 的存取,而且會影響服務功能。Blocking access to these URLs is unsupported and will affect service functionality.

這些 Url 僅對應至用戶端網站與資源。These URLs only correspond to client sites and resources. 這份清單不包含其他服務(例如 Azure Active Directory)的 Url。This list doesn't include URLs for other services like Azure Active Directory. 您可以在 Office 365 url 和 IP 位址範圍的識別碼56下找到 Azure Active Directory 的 url。Azure Active Directory URLs can be found under ID 56 on the Office 365 URLs and IP address ranges.