How to Make Microsoft Intune Client Work Behind Corporate Firewall Proxy

0
Advertisement

It won’t be much easy to test InTune client functionality on office machines which are connected to cooperate network. Mainly all the communications are through 80 and 443 (Http and Https) ports.

image

Microsoft’s blog post suggests to configure or alter firewall and proxy settings to allow Intune server to communicate with the clients. In case, if you’re doing a PoC for Intune, it won’t much easy to get the cooperate firewall and proxy settings changed. The catch is that if your test workstation is behind a proxy server which won’t allow system accounts rather than domain user accounts to access internet site then you won’t be able to test Intune client.

Intune team done a wonderful job to cover all firewall and proxy requirements for Intune client management in one post. More details HERE !!

Required domains for documentation, online Help, and support

Required domains for Microsoft Update Services

Required domains for Windows Intune and related services

Required domains for Windows Update Services

Required proxy server configuration

Side Note :-

image

However, there are dead links still available if you try to google or bing on this topic.

One of them is http://onlinehelp.microsoft.com/en-us/windowsintune/hh127692.aspx

Ports and protocols

The following table summarizes the information from the “System services ports” section. This table is sorted by port number instead of by service name. Click here to see the table

PortProtocolApplication protocolSystem service name
n/aGREGRE (IP protocol 47)Routing and Remote Access
n/aESPIPsec ESP (IP protocol 50)Routing and Remote Access
n/aAHIPsec AH (IP protocol 51)Routing and Remote Access
7TCPEchoSimple TCP/IP Services
7UDPEchoSimple TCP/IP Services
9TCPDiscardSimple TCP/IP Services
9UDPDiscardSimple TCP/IP Services
13TCPDaytimeSimple TCP/IP Services
13UDPDaytimeSimple TCP/IP Services
17TCPQuotdSimple TCP/IP Services
17UDPQuotdSimple TCP/IP Services
19TCPChargenSimple TCP/IP Services
19UDPChargenSimple TCP/IP Services
20TCPFTP default dataFTP Publishing Service
21TCPFTP controlFTP Publishing Service
21TCPFTP controlApplication Layer Gateway Service
23TCPTelnetTelnet
25TCPSMTPSimple Mail Transfer Protocol
25TCPSMTPExchange Server
42TCPWINS ReplicationWindows Internet Name Service
42UDPWINS ReplicationWindows Internet Name Service
53TCPDNSDNS Server
53UDPDNSDNS Server
53TCPDNSInternet Connection Firewall/Internet Connection Sharing
53UDPDNSInternet Connection Firewall/Internet Connection Sharing
67UDPDHCP ServerDHCP Server
67UDPDHCP ServerInternet Connection Firewall/Internet Connection Sharing
69UDPTFTPTrivial FTP Daemon Service
80TCPHTTPWindows Media Services
80TCPHTTPWinRM 1.1 and earlier
80TCPHTTPWorld Wide Web Publishing Service
80TCPHTTPSharePoint Portal Server
88TCPKerberosKerberos Key Distribution Center
88UDPKerberosKerberos Key Distribution Center
102TCPX.400Microsoft Exchange MTA Stacks
110TCPPOP3Microsoft POP3 Service
110TCPPOP3Exchange Server
119TCPNNTPNetwork News Transfer Protocol
123UDPNTPWindows Time
123UDPSNTPWindows Time
135TCPRPCMessage Queuing
135TCPRPCRemote Procedure Call
135TCPRPCExchange Server
135TCPRPCCertificate Services
135TCPRPCCluster Service
135TCPRPCDistributed File System Namespaces
135TCPRPCDistributed Link Tracking
135TCPRPCDistributed Transaction Coordinator
135TCPRPCDistributed File Replication Service
135TCPRPCFax Service
135TCPRPCMicrosoft Exchange Server
135TCPRPCFile Replication Service
135TCPRPCGroup Policy
135TCPRPCLocal Security Authority
135TCPRPCRemote Storage Notification
135TCPRPCRemote Storage
135TCPRPCSystems Management Server 2.0
135TCPRPCTerminal Services Licensing
135TCPRPCTerminal Services Session Directory
137UDPNetBIOS Name ResolutionComputer Browser
137UDPNetBIOS Name ResolutionServer
137UDPNetBIOS Name ResolutionWindows Internet Name Service
137UDPNetBIOS Name ResolutionNet Logon
137UDPNetBIOS Name ResolutionSystems Management Server 2.0
138UDPNetBIOS Datagram ServiceComputer Browser
138UDPNetBIOS Datagram ServiceMessenger
138UDPNetBIOS Datagram ServiceServer
138UDPNetBIOS Datagram ServiceNet Logon
138UDPNetBIOS Datagram ServiceDistributed File System
138UDPNetBIOS Datagram ServiceSystems Management Server 2.0
138UDPNetBIOS Datagram ServiceLicense Logging Service
139TCPNetBIOS Session ServiceComputer Browser
139TCPNetBIOS Session ServiceFax Service
139TCPNetBIOS Session ServicePerformance Logs and Alerts
139TCPNetBIOS Session ServicePrint Spooler
139TCPNetBIOS Session ServiceServer
139TCPNetBIOS Session ServiceNet Logon
139TCPNetBIOS Session ServiceRemote Procedure Call Locator
139TCPNetBIOS Session ServiceDistributed File System Namespaces
139TCPNetBIOS Session ServiceSystems Management Server 2.0
139TCPNetBIOS Session ServiceLicense Logging Service
143TCPIMAPExchange Server
161UDPSNMPSNMP Service
162UDPSNMP Traps OutgoingSNMP Trap Service
389TCPLDAP ServerLocal Security Authority
389UDPDC LocatorLocal Security Authority
389TCPLDAP ServerDistributed File System Namespaces
389UDPDC LocatorDistributed File System Namespaces
389UDPDC LocatorNetlogon
389UDPDC LocatorKerberos Key Distribution Center
389TCPLDAP ServerDistributed File System Replication
389UDPDC LocatorDistributed File System Replication
443TCPHTTPSHTTP SSL
443TCPHTTPSWorld Wide Web Publishing Service
443TCPHTTPSSharePoint Portal Server
443TCPRPC over HTTPSExchange Server 2003
443TCPHTTPSWinRM 1.1 and earlier
445TCPSMBFax Service
445TCPSMBPrint Spooler
445TCPSMBServer
445TCPSMBRemote Procedure Call Locator
445TCPSMBDistributed File System Namespaces
445TCPSMBDistributed File System Replication
445TCPSMBLicense Logging Service
445TCPSMBNet Logon
464UDPKerberos Password V5Kerberos Key Distribution Center
464TCPKerberos Password V5Kerberos Key Distribution Center
500UDPIPsec ISAKMPLocal Security Authority
515TCPLPDTCP/IP Print Server
548TCPFile Server for MacintoshFile Server for Macintosh
554TCPRTSPWindows Media Services
563TCPNNTP over SSLNetwork News Transfer Protocol
593TCPRPC over HTTPS endpoint mapperRemote Procedure Call
593TCPRPC over HTTPSExchange Server
636TCPLDAP SSLLocal Security Authority
636UDPLDAP SSLLocal Security Authority
647TCPDHCP FailoverDHCP Failover
9389TCPActive Directory Web Services (ADWS)Active Directory Web Services (ADWS)
9389TCPActive Directory Web Services (ADWS)Active Directory Management Gateway Service
993TCPIMAP over SSLExchange Server
995TCPPOP3 over SSLExchange Server
1067TCPInstallation Bootstrap ServiceInstallation Bootstrap protocol server
1068TCPInstallation Bootstrap ServiceInstallation Bootstrap protocol client
1270TCPMOM-EncryptedMicrosoft Operations Manager 2000
1433TCPSQL over TCPMicrosoft SQL Server
1433TCPSQL over TCPMSSQL$UDDI
1434UDPSQL ProbeMicrosoft SQL Server
1434UDPSQL ProbeMSSQL$UDDI
1645UDPLegacy RADIUSInternet Authentication Service
1646UDPLegacy RADIUSInternet Authentication Service
1701UDPL2TPRouting and Remote Access
1723TCPPPTPRouting and Remote Access
1755TCPMMSWindows Media Services
1755UDPMMSWindows Media Services
1801TCPMSMQMessage Queuing
1801UDPMSMQMessage Queuing
1812UDPRADIUS AuthenticationInternet Authentication Service
1813UDPRADIUS AccountingInternet Authentication Service
1900UDPSSDPSSDP Discovery Service
2101TCPMSMQ-DCsMessage Queuing
2103TCPMSMQ-RPCMessage Queuing
2105TCPMSMQ-RPCMessage Queuing
2107TCPMSMQ-MgmtMessage Queuing
2393TCPOLAP Services 7.0SQL Server: Downlevel OLAP Client Support
2394TCPOLAP Services 7.0SQL Server: Downlevel OLAP Client Support
2460UDPMS TheaterWindows Media Services
2535UDPMADCAPDHCP Server
2701TCPSMS Remote Control (control)SMS Remote Control Agent
2701UDPSMS Remote Control (control)SMS Remote Control Agent
2702TCPSMS Remote Control (data)SMS Remote Control Agent
2702UDPSMS Remote Control (data)SMS Remote Control Agent
2703TCPSMS Remote ChatSMS Remote Control Agent
2703UPDSMS Remote ChatSMS Remote Control Agent
2704TCPSMS Remote File TransferSMS Remote Control Agent
2704UDPSMS Remote File TransferSMS Remote Control Agent
2725TCPSQL Analysis ServicesSQL Server Analysis Services
2869TCPUPNPUPnP Device Host
2869TCPSSDP event notificationSSDP Discovery Service
3268TCPGlobal CatalogLocal Security Authority
3269TCPGlobal CatalogLocal Security Authority
3343UDPCluster ServicesCluster Service
3389TCPTerminal ServicesNetMeeting Remote Desktop Sharing
3389TCPTerminal ServicesTerminal Services
3527UDPMSMQ-PingMessage Queuing
4011UDPBINLRemote Installation
4500UDPNAT-TLocal Security Authority
5000TCPSSDP legacy event notificationSSDP Discovery Service
5004UDPRTPWindows Media Services
5005UDPRTCPWindows Media Services
5722TCPRPCDistributed File System Replication
6001TCPInformation StoreExchange Server 2003
6002TCPDirectory ReferralExchange Server 2003
6004TCPDSProxy/NSPIExchange Server 2003
42424TCPASP.Net Session StateASP.NET State Service
51515TCPMOM-ClearMicrosoft Operations Manager 2000
5985TCPHTTPWinRM 2.0
5986TCPHTTPSWinRM 2.0
1024-65535TCPRPCRandomly allocated high TCP ports
135TCPWMIHyper-V service
random port number between 49152 – 65535TCPRandomly allocated high TCP portsHyper-V service
80TCPKerberos Authentication (HTTP)Hyper-V service
443TCPCertificate-based Authentication (HTTPS)Hyper-V service
6600TCPLive MigrationHyper-V Live Migration
445TCPSMBHyper-V Live Migration
3343UDPCluster Service TrafficHyper-V Live Migration

LEAVE A REPLY

Please enter your comment!
Please enter your name here