網際網路存取需求Internet access requirements

某些 Configuration Manager 功能依賴網際網路連線能力來取得完整功能。Some Configuration Manager features rely on internet connectivity for full functionality. 如果您的組織禁止使用防火牆或 Proxy 裝置來與網際網路進行網路通訊,請務必允許這些端點。If your organization restricts network communication with the internet using a firewall or proxy device, make sure to allow these endpoints.

Configuration Manager 在整個產品中使用下列 Microsoft URL 轉送服務:Configuration Manager uses the following Microsoft URL forwarding services throughout the product:

  • https://aka.ms
  • https://go.microsoft.com

即使下列各節並未明確列出它們,您也應該一律允許這些端點。Even if they're not explicitly listed in the sections below, you should always allow these endpoints.

服務連接點Service connection point

這些設定會套用到裝載服務連接點的電腦,以及所有位於該電腦與網際網路之間的防火牆。These configurations apply to the computer that hosts the service connection point and any firewalls between that computer and the internet. 它們都必須允許透過連出連接埠 TCP 443 (適用於 HTTPS) 和連出連接埠 TCP 80 (適用於 HTTP) 來與下列網際網路位置通訊。They both must allow communications through outgoing port TCP 443 for HTTPS and outgoing port TCP 80 for HTTP to the below internet locations.

服務連接點支援使用 Web Proxy (不論有無驗證) 來使用這些位置。The service connection point supports using a web proxy (with or without authentication) to use these locations. 如需詳細資訊,請參閱 Proxy 伺服器支援For more information, see Proxy server support.

如需服務連接點的詳細資訊,請參閱關於服務連接點For more information on the service connection point, see About the service connection point.

其他 Configuration Manager 功能可能需要來自服務連接點的其他端點。Other Configuration Manager features may require additional endpoints from the service connection point. 如需詳細資訊,請參閱本文的其他小節。For more information, see the other sections in this article.

提示

服務連接點會在連線到 go.microsoft.commanage.microsoft.com 時使用 Microsoft Intune 服務。The service connection point uses the Microsoft Intune service when it connects to go.microsoft.com or manage.microsoft.com. 已知在服務連線點上,如果 Baltimore CyberTrust 根憑證未安裝、過期或損毀,Intune 連接器會發生連線問題。There's a known issue in which the Intune connector experiences connectivity issues if the Baltimore CyberTrust Root Certificate isn't installed, is expired, or is corrupted on the service connection point. 如需詳細資訊,請參閱 KB 3187516:服務連接點不會下載更新 (機器翻譯)。For more information, see KB 3187516: Service connection point doesn't download updates.

從 2002 版開始,如果 Configuration Manager 站台無法連線至雲端服務的必要端點,則會引發重大狀態訊息識別碼 11488。Starting in version 2002, if the Configuration Manager site fails to connect to required endpoints for a cloud service, it raises a critical status message ID 11488. 當無法連線至服務時,SMS_SERVICE_CONNECTOR 元件狀態會變更為重大。When it can't connect to the service, the SMS_SERVICE_CONNECTOR component status changes to critical. 在 Configuration Manager 主控台的 元件狀態 節點中,查看詳細狀態。View detailed status in the Component Status node of the Configuration Manager console.

更新及服務Updates and servicing

如需此功能的詳細資訊,請參閱 Configuration Manager 的更新與服務For more information on this function, see Updates and servicing for Configuration Manager.

提示

針對管理見解規則 (將網站連線到 Microsoft 雲端以進行 Configuration Manager 更新) 啟用這些端點。Enable these endpoints for the management insight rule, Connect the site to the Microsoft cloud for Configuration Manager updates.

  • *.akamaiedge.net

  • *.akamaitechnologies.com

  • *.manage.microsoft.com

  • go.microsoft.com

  • *.blob.core.windows.net

  • download.microsoft.com

  • download.windowsupdate.com

  • sccmconnected-a01.cloudapp.net

  • configmgrbits.azureedge.net

Windows 10 服務Windows 10 servicing

如需此功能的詳細資訊,請參閱管理 Windows 即服務For more information on this function, see Manage Windows as a service.

  • download.microsoft.com

  • https://go.microsoft.com/fwlink/?LinkID=619849

  • dl.delivery.mp.microsoft.com

Azure 服務Azure services

如需此功能的詳細資訊,請參閱設定要與 Configuration Manager 搭配使用的 Azure 服務For more information on this function, see Configure Azure services for use with Configuration Manager.

  • management.azure.com (Azure 公用雲端)management.azure.com (Azure public cloud)
  • management.usgovcloudapi.net (Azure 美國政府雲端)management.usgovcloudapi.net (Azure US Government cloud)

共同管理Co-management

如果您向 Microsoft intune 註冊 Windows 10 裝置以進行共同管理,請確定那些裝置可以存取 Intune 所需的端點。If you enroll Windows 10 devices to Microsoft Intune for co-management, make sure those devices can access the endpoints required by Intune. 如需詳細資訊,請參閱 Microsoft Intune 的網路端點For more information, see Network endpoints for Microsoft Intune.

商務用 Microsoft StoreMicrosoft Store for Business

如果您要與商務用 Microsoft Store 整合 Configuration Manager,請確定服務連接點和目標裝置皆可以存取雲端服務。If you integrate Configuration Manager with the Microsoft Store for Business, make sure the service connection point and targeted devices can access the cloud service. 如需詳細資訊,請參閱商務用 Microsoft Store Proxy 設定 (部分機器翻譯)。For more information, see Microsoft Store for Business proxy configuration.

傳遞最佳化Delivery optimization

如果使用傳遞最佳化,用戶端即必須與其雲端服務通訊:*.do.dsp.mp.microsoft.comIf you use delivery optimization, clients need to communicate with its cloud service: *.do.dsp.mp.microsoft.com

支援 Microsoft 網內快取的發佈點也需要這些端點。Distribution points that support Microsoft Connected Cache also require these endpoints.

如需詳細資訊,請參閱下列文章:For more information, see the following articles:

雲端服務Cloud services

本節涵蓋下列功能:This section covers the following features:

  • 雲端管理閘道 (CMG)Cloud management gateway (CMG)
  • 雲端發佈點 (CDP)Cloud distribution point (CDP)
  • Azure Active Directory (Azure AD) 整合Azure Active Directory (Azure AD) integration
  • 以 Azure AD 為基礎的探索Azure AD-based discovery

如需 CMG 的詳細資訊,請參閱進行 CMG 規劃For more information on the CMG, see Plan for CMG.

下列各節依角色列出端點。The following sections list the endpoints by role. 某些端點會依 <name> 參考服務,這是 CMG 或 CDP 的雲端服務名稱。Some endpoints refer to a service by <name>, which is the cloud service name of the CMG or CDP. 例如,如果您的 CMG 為 GraniteFalls.CloudApp.Net,則實際儲存體端點為 GraniteFalls.blob.core.windows.netFor example, if your CMG is GraniteFalls.CloudApp.Net, then the actual storage endpoint is GraniteFalls.blob.core.windows.net.

服務連接點Service connection point

針對 CMG/CDP 服務部署,服務連接點需要下列項目的存取權:For CMG/CDP service deployment, the service connection point needs access to:

  • 每個環境的特定 Azure 端點都會因設定而有所不同。Specific Azure endpoints are different per environment depending upon the configuration. Configuration Manager 會將這些端點儲存於站台資料庫中。Configuration Manager stores these endpoints in the site database. 在 SQL Server 中查詢 AzureEnvironments 資料表以取得 Azure 端點清單。Query the AzureEnvironments table in SQL Server for the list of Azure endpoints.

  • Azure 服務Azure services

  • 若為 Azure AD 使用者探索:For Azure AD user discovery:

    • 1902 版和更新版本:Microsoft Graph 端點 https://graph.microsoft.com/Version 1902 and later: Microsoft Graph endpoint https://graph.microsoft.com/

    • 1810 版和更早版本:Azure AD Graph 端點 https://graph.windows.net/Version 1810 and earlier: Azure AD Graph endpoint https://graph.windows.net/

CMG 連接點CMG connection point

CMG 連接點需要下列服務端點的存取權:The CMG connection point needs access to the following service endpoints:

  • 雲端服務名稱 (針對 CMG 或 CDP):Cloud service name (for CMG or CDP):

    • <name>.cloudapp.net (Azure 公用雲端)<name>.cloudapp.net (Azure public cloud)
    • <name>.usgovcloudapp.net (Azure 美國政府雲端)<name>.usgovcloudapp.net (Azure US Government cloud)
  • 服務管理端點:https://management.core.windows.net/Service Management endpoint: https://management.core.windows.net/

  • 儲存體端點 (針對啟用內容的 CMG 或 CDP):Storage endpoint (for content-enabled CMG or CDP):

    • <name>.blob.core.windows.net (Azure 公用雲端)<name>.blob.core.windows.net (Azure public cloud)
    • <name>.blob.core.usgovcloudapi.net (Azure 美國政府雲端)<name>.blob.core.usgovcloudapi.net (Azure US Government cloud)

CMG 連接點站台系統支援使用 Web Proxy。The CMG connection point site system supports using a web proxy. 如需針對 Proxy 設定此角色的詳細資訊,請參閱 Proxy 伺服器支援For more information on configuring this role for a proxy, see Proxy server support. CMG 連接點只需連線到 CMG 服務端點。The CMG connection point only needs to connect to the CMG service endpoints. 它不需要存取其他 Azure 端點。It doesn't need access to other Azure endpoints.

Configuration Manager 用戶端Configuration Manager client

  • 雲端服務名稱 (針對 CMG 或 CDP):Cloud service name (for CMG or CDP):

    • <name>.cloudapp.net (Azure 公用雲端)<name>.cloudapp.net (Azure public cloud)
    • <name>.usgovcloudapp.net (Azure 美國政府雲端)<name>.usgovcloudapp.net (Azure US Government cloud)
  • 儲存體端點 (針對啟用內容的 CMG 或 CDP):Storage endpoint (for content-enabled CMG or CDP):

    • <name>.blob.core.windows.net (Azure 公用雲端)<name>.blob.core.windows.net (Azure public cloud)
    • <name>.blob.core.usgovcloudapi.net (Azure 美國政府雲端)<name>.blob.core.usgovcloudapi.net (Azure US Government cloud)
  • Azure AD 端點 (針對 Azure AD 權杖擷取):For Azure AD token retrieval, the Azure AD endpoint:

    • login.microsoftonline.com (Azure 公用雲端)login.microsoftonline.com (Azure public cloud)
    • login.microsoftonline.us (Azure 美國政府雲端)login.microsoftonline.us (Azure US Government cloud)

Configuration Manager 主控台Configuration Manager console

  • Azure AD 端點 (針對 Azure AD 權杖擷取):For Azure AD token retrieval, the Azure AD endpoint:

    • Azure 公用雲端Azure public cloud

      • login.microsoftonline.com
      • aadcdn.msauth.net
      • aadcdn.msftauth.net
    • Azure 美國政府雲端Azure US Government cloud

      • login.microsoftonline.us

軟體更新Software updates

允許主動式軟體更新點存取下列端點,如此一來,WSUS 和自動更新就能與 Microsoft Update 雲端服務進行通訊:Allow the active software update point to access the following endpoints so that WSUS and Automatic Updates can communicate with the Microsoft Update cloud service:

  • http://windowsupdate.microsoft.com

  • http://*.windowsupdate.microsoft.com

  • https://*.windowsupdate.microsoft.com

  • http://*.update.microsoft.com

  • https://*.update.microsoft.com

  • http://*.windowsupdate.com

  • http://download.windowsupdate.com

  • http://download.microsoft.com

  • http://*.download.windowsupdate.com

  • http://ntservicepack.microsoft.com

如需軟體更新的詳細資訊,請參閱規劃軟體更新For more information on software updates, see Plan for software updates.

內部網路防火牆Intranet firewall

在下列案例中,您可能需要將端點新增至兩個站台系統之間的防火牆:You might need to add endpoints to a firewall that's between two site systems in the following cases:

  • 如果子站台具有軟體更新點If child sites have a software update point
  • 如果站台有以網際網路為基礎的遠端主動式軟體更新點If there's a remote active internet-based software update point at a site

子站台上的軟體更新點Software update point on the child site

  • http://<FQDN for software update point on child site>

  • https://<FQDN for software update point on child site>

  • http://<FQDN for software update point on parent site>

  • https://<FQDN for software update point on parent site>

管理 Microsoft 365 AppsManage Microsoft 365 Apps

注意

從 2020 年 4 月 21 日開始,「Office 365 專業增強版」會重新命名為「Microsoft 365 Apps 企業版」。Starting on April 21, 2020, Office 365 ProPlus is being renamed to Microsoft 365 Apps for enterprise. 如需詳細資訊,請參閱 Office 365 專業增強版的名稱變更 (部分機器翻譯)。For more information, see Name change for Office 365 ProPlus. 在主控台正在進行更新時,您在 Configuration Manager 主控台與輔助文件中可能仍會看到提及舊名稱。You may still see references to the old name in the Configuration Manager console and supporting documentation while the console is being updated.

如果您使用 Configuration Manager 來部署和更新 Microsoft 365 Apps 企業版,請允許下列端點:If you use Configuration Manager to deploy and update Microsoft 365 Apps for enterprise, allow the following endpoints:

  • officecdn.microsoft.com - 用來同步 Microsoft 365 Apps 企業版用戶端更新的軟體更新點officecdn.microsoft.com to synchronize the software update point for Microsoft 365 Apps for enterprise client updates

  • config.office.com - 用來建立 Microsoft 365 Apps 企業版部署的自訂設定config.office.com to create custom configurations for Microsoft 365 Apps for enterprise deployments

  • contentstorage.osi.office.net - 用來支援評估 Office 增益集的整備程度contentstorage.osi.office.net to support the evaluation of Office add-in readiness

Configuration Manager 主控台Configuration Manager console

具有 Configuration Manager 主控台的電腦需要存取下列網際網路端點以取得特定功能:Computers with the Configuration Manager console require access to the following internet endpoints for specific features:

主控台內意見反應In-console feedback

  • http://petrol.office.microsoft.com

如需此功能的詳細資訊,請參閱產品意見反應For more information on this feature, see Product feedback.

社群工作區Community workspace

文件節點Documentation node

如需此主控台節點的詳細資訊,請參閱使用 Configuration Manager 主控台For more information on this console node, see Using the Configuration Manager console.

  • https://aka.ms

  • https://raw.githubusercontent.com

社群中樞Community hub

如需此功能的詳細資訊,請參閱社群中樞For more information on this feature, see Community hub.

  • https://github.com

  • https://communityhub.microsoft.com

電腦分析Desktop Analytics

如需詳細資訊,請參閱啟用資料共用For more information, see Enable data sharing.

伺服器連線端點Server connectivity endpoints

服務連接點必須與下列端點進行通訊:The service connection point needs to communicate with the following endpoints:

端點Endpoint 函式Function
https://aka.ms 用來找出服務Used to locate the service
https://graph.windows.net 用來在將您的階層附加到電腦分析 (於 Configuration Manager 伺服器角色上) 時,自動擷取如 CommercialId 等設定。Used to automatically retrieve settings like CommercialId when attaching your hierarchy to Desktop Analytics (on Configuration Manager Server role). 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.
https://*.manage.microsoft.com 用來與電腦分析同步裝置集合成員資格、部署計劃和裝置整備程度狀態 (僅限在 Configuration Manager 伺服器角色上)。Used to synch device collection memberships, deployment plans, and device readiness status with Desktop Analytics (on Configuration Manager Server role only). 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.
https://dc.services.visualstudio.com 針對來自內部部署服務連接器的診斷資料,以獲取有關雲端連結服務健康情況的見解。For diagnostic data from on-premises service connector to gain insights about the health of cloud-connected services.

使用者體驗和診斷元件端點User experience and diagnostic component endpoints

用戶端裝置必須與下列端點進行通訊:Client devices need to communicate with the following endpoints:

端點Endpoint 函式Function
https://v10c.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 10 版本 1809 或更新版本,或是安裝了 2018-09 累積更新的版本 1803 或更新版本裝置使用。Used by devices running Windows 10, version 1809 or later, or version 1803 with the 2018-09 cumulative update or later installed.
https://v10.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行「並未」安裝 2018-09 累積更新的 Windows 10 版本 1803 裝置使用。Used by devices running Windows 10, version 1803 without the 2018-09 cumulative update installed.
https://v10.vortex-win.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 10 版本 1709 或更早版本的裝置使用。Used by devices running Windows 10, version 1709 or earlier.
https://vortex-win.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint. 由執行 Windows 7 和 Windows 8.1 的裝置使用Used by devices running Windows 7 and Windows 8.1

用戶端連線端點Client connectivity endpoints

用戶端裝置必須與下列端點進行通訊:Client devices need to communicate with the following endpoints:

索引Index 端點Endpoint 函式Function
11 https://settings-win.data.microsoft.com 啟用相容性更新,傳送資料至 Microsoft。Enables the compatibility update to send data to Microsoft.
22 http://adl.windows.com 允許相容性更新從 Microsoft 接收最新的相容性資料。Allows the compatibility update to receive the latest compatibility data from Microsoft.
33 https://watson.telemetry.microsoft.com Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1803 或更早版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1803 or earlier.
44 https://umwatsonc.events.data.microsoft.com Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中提供裝置健康情況報告。Required for device health reports in Windows 10, version 1809 or later.
55 https://ceuswatcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
66 https://ceuswatcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
77 https://eaus2watcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
88 https://eaus2watcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
99 https://weus2watcab01.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
1010 https://weus2watcab02.blob.core.windows.net Windows 錯誤報告 (WER)Windows Error Reporting (WER). 需要用來在 Windows 10 版本 1809 或更新版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1809 or later.
1111 https://kmwatsonc.events.data.microsoft.com 線上當機分析 (OCA)Online Crash Analysis (OCA). 需要用來在 Windows 10 版本 1809 或更新版本中提供裝置健康情況報告。Required for device health reports in Windows 10, version 1809 or later.
1212 https://oca.telemetry.microsoft.com 線上當機分析 (OCA)Online Crash Analysis (OCA). 需要用來在 Windows 10 版本 1803 或更早版本中監視部署健康情況。Required to monitor deployment health in Windows 10, version 1803 or earlier.
1313 https://login.live.com 需要用來為電腦分析提供更可靠的裝置身分識別。Required to provide a more reliable device identity for Desktop Analytics.

若要停用終端使用者 Microsoft 帳戶存取,請使用原則設定,而非封鎖此端點。To disable end-user Microsoft account access, use policy settings instead of blocking this endpoint. 如需詳細資訊,請參閱企業中的 Microsoft 帳戶For more information, see The Microsoft account in the enterprise.
1414 https://v20.events.data.microsoft.com 已連線的使用者體驗和診斷元件端點。Connected user experience and diagnostic component endpoint.

租用戶附加Tenant attach

如需詳細資訊,請參閱啟用租用戶附加For more information, see Enable tenant attach.

  • https://aka.ms/configmgrgateway

  • https://*.manage.microsoft.com

  • https://dc.services.visualstudio.com

服務連接點會建立長時間的連出連線,以連線到裝載在 https://*.manage.microsoft.com 上的通知服務。The service connection point makes a long standing outgoing connection to the notification service hosted on https://*.manage.microsoft.com. 請確認服務連接點所使用的 Proxy 未太快使連出連線逾時。Verify the proxy used for the service connection point doesn't time out outgoing connections too quickly. 針對連到此網際網路端點的連出連線,建議設定為 3 分鐘。We recommend 3 minutes for outgoing connections to this internet endpoint.

端點分析Endpoint analytics

如需詳細資訊,請參閱端點分析 Proxy 設定For more information, see Endpoint analytics proxy configuration.

Configuration Manager 受控裝置所需的端點Endpoints required for Configuration Manager-managed devices

Configuration Manager 受控裝置會透過 Configuration Manager 角色上的連接器,將資料傳送到 Intune,而且不需直接存取 Microsoft 公用雲端。Configuration Manager-managed devices send data to Intune via the connector on the Configuration Manager role and they don't need directly access to the Microsoft public cloud.

端點Endpoint 函式Function
https://graph.windows.net 用來在將階層附加到 Configuration Manager 伺服器角色上的端點分析時,自動擷取設定。Used to automatically retrieve settings when attaching your hierarchy to Endpoint analytics on Configuration Manager server role. 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.
https://*.manage.microsoft.com 僅用來將裝置集合和裝置與 Configuration Manager 伺服器角色上的端點分析同步。Used to synch device collection and devices with Endpoint analytics on Configuration Manager server role only. 如需詳細資訊,請參閱為站台系統伺服器設定 ProxyFor more information, see Configure the proxy for a site system server.

Intune 受控裝置所需的端點Endpoints required for Intune-managed devices

若要將裝置註冊到端點分析,其必須將必要的功能資料傳送到 Microsoft 公用雲端。To enroll devices to Endpoint analytics, they need to send required functional data to Microsoft public cloud. 端點分析會使用 Windows 10 與 Windows Server 已連線使用者體驗與遙測元件 (DiagTrack),從由 Intune 管理的裝置收集資料。Endpoint Analytics uses the Windows 10 and Windows Server Connected User Experiences and Telemetry component (DiagTrack) to collect the data from Intune-managed devices. 請確認裝置上的已連線使用者體驗與遙測服務正在執行。Make sure that the Connected User Experiences and Telemetry service on the device is running.

端點Endpoint 函式Function
https://*.events.data.microsoft.com 由 Intune 管理的裝置使用其來將必要的功能資料傳送到 Intune 資料收集端點。Used by Intune-managed devices to send required functional data to the Intune data collection endpoint.

Asset IntelligenceAsset intelligence

如果您使用資產智慧,請允許服務的下列端點進行同步處理:If you use asset intelligence, allow the following endpoints for the service to synchronize:

  • https://sc.microsoft.com
  • https://ssu2.manage.microsoft.com

Microsoft 公用 IP 位址Microsoft public IP addresses

如需 Microsoft IP 位址範圍的詳細資訊,請參閱 Microsoft 公用 IP 空間 (英文)。For more information on the Microsoft IP address ranges, see Microsoft Public IP Space. 這些位址會定期更新。These addresses update regularly. 服務沒有任何細微性,您可以使用這些範圍中的任何 IP 位址。There's no granularity by service, any IP address in these ranges could be used.

請參閱See also