Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment

This post details the Intune Firewall Proxy Requirements for Modern Windows 10 or Windows 11 Deployment. I often hear that Windows Autopilot deployment fails because of external issues with Intune and Windows.

I recommend reviewing the following sections to ensure your proxy team has whitelisted all the required URLs. Microsoft updates this documentation for all Windows 10 versions.

Suppose you can add the following list of URLs (Windows 10 1903 enterprise version) into your proxy server whitelisting. In that case, you can eliminate ~60% of your Windows Autopilot, and Intune Enrollment Page issues will be resolved.

So one of the main reasons identified for common Windows deployment failures is network connectivity requirements. The following are some of the Intune-related posts that would be helpful.

Patch My PC
Index
Windows Update Related URLs
Windows Settings URLs
Microsoft Office Update URLs
Windows-Defender-URLs
Microsoft Store Access URLs
OneDrive Access URLs
Device Authentication URLs
Diagnostics Data URLs
Licensing Related URLs
Azure Related Components
Certificates Windows Update
Location URLs for Windows
Microsoft Account Access URLs
Windows Spotlight Related URLs
Skype Access URLs
Windows Apps Related URLs
URLs for Cortana and Search
Maps Related URLs for Windows Devices
Other URLs – Intune Firewall Proxy Requirements Modern Windows 10 Deployment
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment – Table 1

More Microsoft documentation details are available in this post’s resources section.

The following URLs should be opened to get Windows Update for Business to work on your corporate Windows 10 1903 devices. Windows updates related to Windows 10 or Windows 11 Proxy Requirements are in the below list.

AppsProtocolsDestination
Windows UpdateHTTPS*.prod.do.dsp.mp.microsoft.com
Windows UpdateHTTPcs9.wac.phicdn.net
Windows UpdateHTTPemdl.ws.microsoft.com
Windows UpdateHTTP*.dl.delivery.mp.microsoft.com
Windows UpdateHTTP.windowsupdate.com
Windows UpdateHTTPS*.delivery.mp.microsoft.com
Windows UpdateHTTPS*.update.microsoft.com
Windows UpdateHTTPStsfe.trafficshaping.dsp.mp.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 2

Windows Settings URLs

Windows settings should have access to the following URLs per best practices. Windows Settings related to Windows 10 or Windows 11 Proxy Requirements are listed below.

AppProtocolDestination
SettingsHTTPScy2.settings.data.microsoft.com.akadns.net
SettingsHTTPSsettings.data.microsoft.com
SettingsHTTPSsettings-win.data.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 3

Microsoft Office Update URLs

The following URLs should be accessed to get Microsoft Office updates on Windows 10 devices.

Adaptiva
AppProtocolsDestination
OfficeHTTP*.c-msedge.net
OfficeHTTPS*.e-msedge.net
OfficeHTTPS*.s-msedge.net
OfficeHTTPSnexusrules.officeapps.live.com
OfficeHTTPSocos-office365-s2s.msedge.net
OfficeHTTPSofficeclient.microsoft.com
OfficeHTTPSoutlook.office365.com
OfficeHTTPSclient-office365-tas.msedge.net
OfficeHTTPSwww.office.com
OfficeHTTPSonecollector.cloudapp.aria
OfficeHTTPv10.events.data.microsoft.com/onecollector/1.0/
OfficeHTTPSself.events.data.microsoft.com
OfficeHTTPSto-do.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 4

Windows Defender URLs

The following list of URLs should be opened or whitelisted on your proxy server to receive Windows Defender updates and manage policy.

AppProtocolsDestination
AppProtocolsDestination
DefenderHTTPSwdcp.microsoft.com
DefenderHTTPSdefinitionupdates.microsoft.com
DefenderHTTPSgo.microsoft.com
DefenderHTTPS*smartscreen.microsoft.com
DefenderHTTPSSmartScreen-sn3p.smartscreen.microsoft.com
DefenderHTTPSunitedstates.smartscreen-prod.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 5

Microsoft Store Access URLs

The following URLs should be accessible from Windows 10 devices to access the Microsoft Store.

AppProtocolDestination
Microsoft StoreHTTPS*.wns.windows.com
Microsoft StoreHTTPstorecatalogrevocation.storequality.microsoft.com
Microsoft StoreHTTPSimg-prod-cms-rt-microsoft-com*
Microsoft StoreHTTPSstore-images.microsoft.com
Microsoft StoreTLS v1.2.md.mp.microsoft.com
Microsoft StoreHTTPS*displaycatalog.mp.microsoft.com
Microsoft StoreHTTP \ HTTPSpti.store.microsoft.com
Microsoft StoreHTTPstoreedgefd.dsx.mp.microsoft.com
Microsoft StoreHTTPmarkets.books.microsoft.com
Microsoft StoreHTTPshare.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 6

OneDrive Access URLs

The following URLs should be acceptable for Windows 10 devices to access OneDrive. OneDrive related Windows 10 Proxy Requirements are in the below list.

AppProtocolDestination
OneDriveHTTP \ HTTPSg.live.com/1rewlive5skydrive/*
OneDriveHTTPmsagfx.live.com
OneDriveHTTPSoneclient.sfx.ms
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 7

Device Authentication URLs

The following URLs should be accessible from Windows 10 devices to authenticate. They should also be part of proxy whitelisting to get the Windows 10 devices working properly.

AppProtocolDestination
Device authenticationHTTPSlogin.live.com*
Retrieve device metadataHTTPdmd.metaservices.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 8

Diagnostics Data URLs

The following URLs are required for sending the diagnostics data & telemetry data to Microsoft services. I would recommend opening up these ports or white listings these URLs in your corporate proxy.

AppsProtocolDestination
AppsProtocolDestination
TelemetryHTTPv10.events.data.microsoft.com
DiagnosticHTTPSv10.vortex-win.data.microsoft.com/collect/v1
DiagnosticHTTPwww.microsoft.com
Telemetry HTTPSco4.telecommand.telemetry.microsoft.com
DiagnosticHTTPcs11.wpc.v0cdn.net
DiagnosticHTTPScs1137.wpc.gammacdn.net
DiagnosticTLS v1.2modern.watson.data.microsoft.com*
Telemetry HTTPSwatson.telemetry.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 9

The following URLs must be whitelisted in your cooperate proxy environment to get Microsoft licensing-related functionalities to work.

AppProtocolDestination
LicensingHTTPSlicensing.mp.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 10

To get Azure-related apps working with Windows 10 1903, the following URLs must be whitelisted in your cooperate proxy environment. The Azure-related Windows 10 Proxy Requirements are in the list below.

AppProtocolDestination
Azure Cloud AppHTTPSwd-prod-fe.cloudapp.azure.com
Traffic ManagerHTTPSris-prod-atm.trafficmanager.net
Traffic ManagerHTTPSvalidation-v2.sls.trafficmanager.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 11

Certificates Windows Update

The following URL must be whitelisted in your cooperate proxy environment to get the Windows update-related certificate working.

AppProtocolDestination
CertificatesHTTPctldl.windowsupdate.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 12

Location URLs for Windows

You should white list the following URLs to Windows location services to work.

AppProtocolDestination
LocationHTTPSinference.location.live.net
LocationHTTPlocation-inference-westus.cloudapp.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 13

Microsoft Account Access URLs

If you want to sign in with a Microsoft account to a Windows 10 1903 device, you should white-list URLs.

AppProtocolDestination
Microsoft AccountHTTPlogin.msa.akadns6.net
Microsoft AccountHTTPus.configsvc1.live.com.akadns.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 14

You might need to open the following URLs to make Windows Spotlight work on Windows 10 devices.

AppProtocolDestination
Windows SpotlightTLS v1.2*.search.msn.com
Windows SpotlightHTTPSarc.msn.com
Windows SpotlightHTTPSg.msn.com*
Windows SpotlightHTTPSquery.prod.cms.rt.microsoft.com
Windows SpotlightHTTPSris.api.iris.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 15

Skype Access URLs

You might need to access the following URLs to access Skype from a Windows 10 1903 device.

AppProtocolDestination
SkypeHTTPSbrowser.pipe.aria.microsoft.com
SkypeHTTPconfig.edge.skype.com
SkypeHTTPs2s.config.skype.com
SkypeHTTPSskypeecs-prod-usw-0-b.cloudapp.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 16

Windows 10 1903 applications require the following URL to be opened via your corporate proxy. The list of Windows Apps related to Windows 10 Proxy Requirements is below.

NOTE! – The following list is not mandatory.

AppProtocolDestination
WeatherHTTPblob.weather.microsoft.com
WeatherHTTPtile-service.weather.microsoft.com
OneNoteHTTPScdn.onenote.net/livetile/?Language=en-US
TwitterHTTPS.twimg.com
Candy CrushTLS v1.2candycrushsoda.king.com
Photo AppHTTPSevoke-windowsservices-tas.msedge.net
Wallet AppHTTPSwallet.microsoft.com
GrooveHTTPSmediaredirect.microsoft.com
WhiteboardHTTPSint.whiteboard.microsoft.com
WhiteboardHTTPSwbd.ms
WhiteboardHTTPSwhiteboard.microsoft.com
WhiteboardHTTP / HTTPSwhiteboard.ms
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 17

The following URLs are for Cortana & search features working on Windows 10.

AppProtocolDestination
Cortana and Search HTTPSstore-images.*microsoft.com
Cortana and SearchHTTPSwww.bing.com/client
Cortana and SearchHTTPSwww.bing.com
Cortana and SearchHTTPSwww.bing.com/proactive
Cortana and SearchHTTPSwww.bing.com/threshold/xls.aspx
Cortana and SearchHTTPExo-ring.msedge.net
Cortana and SearchHTTPfp.msedge.net
Cortana and SearchHTTPfp-vp.azureedge.net
Cortana and SearchHTTPodinvzc.azureedge.net
Cortana and SearchHTTPso-ring.msedge.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 18
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Fig.1
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Fig.1

When you want access to update OFFLINE MAPS, you need to allow the following URLs.

AppProtocol
Destination
MapsHTTPS*g.akamaiedge.net
MapsHTTPmaps.windows.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 19

Other URLsIntune Firewall Proxy Requirements Modern Windows 10 Deployment

The following URLs are also should accessible from Windows 10 1903 devices.

AppProtocolsDestination
Microsoft EdgeHTTPSiecvlist.microsoft.com
Microsoft forward link redirection service (FWLink)HTTPSgo.microsoft.com
Network Connection Status Indicator (NCSI)HTTPwww.msftconnecttest.com*
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment -Table 20

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.