Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment

This post will get more details about the Intune Firewall Proxy Requirements for Windows 10 or Windows 11 PCs. I often heard that Windows Autopilot deployment fails because of external issues with Intune and Windows.

So one of the main reasons identified for common Windows deployment failures is network connectivity requirements. The following are some of the Intune-related posts that would be helpful.

IntroductionWindows 10 or Windows 11 Proxy Requirements

I would recommend going through the following sections to ensure your proxy team has whitelisted all the URLs required. Microsoft updates this documentation for all the Windows 10 versions.

Suppose you can add the following list of URLs (Windows 10 1903 enterprise version) into your proxy server whitelisting. In that case, you can get rid of ~60% of your Windows Autopilot, and Intune Enrollment Page issues will be resolved.

Patch My PC

More details of Microsoft documentation are available in the resources section of this post.

Windows Update Related URLs

The following URLs should be opened to get Windows Update for Business to work on your corporate Windows 10 1903 devices. Windows updates related to Windows 10 or Windows 11 Proxy Requirements are in the below list.

AppsProtocolsDestination
Windows UpdateHTTPS*.prod.do.dsp.mp.microsoft.com
Windows UpdateHTTPcs9.wac.phicdn.net
Windows UpdateHTTPemdl.ws.microsoft.com
Windows UpdateHTTP*.dl.delivery.mp.microsoft.com
Windows UpdateHTTP.windowsupdate.com
Windows UpdateHTTPS*.delivery.mp.microsoft.com
Windows UpdateHTTPS*.update.microsoft.com
Windows UpdateHTTPStsfe.trafficshaping.dsp.mp.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 1

Windows Settings URLs

Windows settings should have access to the following URLs as per the best practices. Windows Settings related to Windows 10 or Windows 11 Proxy Requirements are listed below.

AppProtocolDestination
SettingsHTTPScy2.settings.data.microsoft.com.akadns.net
SettingsHTTPSsettings.data.microsoft.com
SettingsHTTPSsettings-win.data.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 2

Microsoft Office Update URLs

The following URLs should be accessed to get Microsoft office updates on Windows 10 devices.

Adaptiva
AppProtocolsDestination
OfficeHTTP*.c-msedge.net
OfficeHTTPS*.e-msedge.net
OfficeHTTPS*.s-msedge.net
OfficeHTTPSnexusrules.officeapps.live.com
OfficeHTTPSocos-office365-s2s.msedge.net
OfficeHTTPSofficeclient.microsoft.com
OfficeHTTPSoutlook.office365.com
OfficeHTTPSclient-office365-tas.msedge.net
OfficeHTTPSwww.office.com
OfficeHTTPSonecollector.cloudapp.aria
OfficeHTTPv10.events.data.microsoft.com/onecollector/1.0/
OfficeHTTPSself.events.data.microsoft.com
OfficeHTTPSto-do.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 3

Windows Defender URLs

The following list of URLs should be opened or whitelisted on your proxy server to get Windows Defender updates and policy management.

AppProtocolsDestination
DefenderHTTPSwdcp.microsoft.com
DefenderHTTPSdefinitionupdates.microsoft.com
DefenderHTTPSgo.microsoft.com
DefenderHTTPS*smartscreen.microsoft.com
DefenderHTTPSSmartScreen-sn3p.smartscreen.microsoft.com
DefenderHTTPSunitedstates.smartscreen-prod.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 4

Microsoft Store Access URLs

The following URLs should be accessible from Windows 10 devices to access Microsoft Store.

AppProtocolDestination
Microsoft StoreHTTPS*.wns.windows.com
Microsoft StoreHTTPstorecatalogrevocation.storequality.microsoft.com
Microsoft StoreHTTPSimg-prod-cms-rt-microsoft-com*
Microsoft StoreHTTPSstore-images.microsoft.com
Microsoft StoreTLS v1.2.md.mp.microsoft.com
Microsoft StoreHTTPS*displaycatalog.mp.microsoft.com
Microsoft StoreHTTP \ HTTPSpti.store.microsoft.com
Microsoft StoreHTTPstoreedgefd.dsx.mp.microsoft.com
Microsoft StoreHTTPmarkets.books.microsoft.com
Microsoft StoreHTTPshare.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 5

OneDrive Access URLs

The following URLs should be acceptable for Windows 10 devices to access OneDrive. OneDrive related Windows 10 Proxy Requirements are in the below list.

AppProtocolDestination
OneDriveHTTP \ HTTPSg.live.com/1rewlive5skydrive/*
OneDriveHTTPmsagfx.live.com
OneDriveHTTPSoneclient.sfx.ms
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 6

Device Authentication URLs

The following URLs should be accessible from Windows 10 devices to get authenticated. The URLs should be part of proxy whitelisting to get the Windows 10 devices working properly.

AppProtocolDestination
Device authenticationHTTPSlogin.live.com*
Retrieve device metadataHTTPdmd.metaservices.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 7

Diagnostics Data URLs

The following URLs are required for sending the diagnostics data & telemetry data to Microsoft services. I would recommend opening up these ports or white listings these URLs in your corporate proxy.

AppsProtocolDestination
TelemetryHTTPv10.events.data.microsoft.com
DiagnosticHTTPSv10.vortex-win.data.microsoft.com/collect/v1
DiagnosticHTTPwww.microsoft.com
Telemetry HTTPSco4.telecommand.telemetry.microsoft.com
DiagnosticHTTPcs11.wpc.v0cdn.net
DiagnosticHTTPScs1137.wpc.gammacdn.net
DiagnosticTLS v1.2modern.watson.data.microsoft.com*
Telemetry HTTPSwatson.telemetry.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 8

Licensing Related URLs

The following URLs need to be whitelisted in your cooperate proxy environment to get Microsoft licensing-related functionalities to work.

AppProtocolDestination
LicensingHTTPSlicensing.mp.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 9

Azure Related Components

The following URLs must be whitelisted in your cooperate proxy environment to get Azure-related apps working with Windows 10 1903. Azure-related Windows 10 Proxy Requirements are in the below list.

AppProtocolDestination
Azure Cloud AppHTTPSwd-prod-fe.cloudapp.azure.com
Traffic ManagerHTTPSris-prod-atm.trafficmanager.net
Traffic ManagerHTTPSvalidation-v2.sls.trafficmanager.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 10

Certificates Windows Update

The following URL needs to be whitelisted in your cooperate proxy environment to get Windows update-related certificate working.

AppProtocolDestination
CertificatesHTTPctldl.windowsupdate.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 11

Location URLs for Windows

You should white list the following URLs to Windows location services to work.

AppProtocolDestination
LocationHTTPSinference.location.live.net
LocationHTTPlocation-inference-westus.cloudapp.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 12

Microsoft Account Access URLs

If you want to sign in with Microsoft account to Windows 10 1903 device, you should white list URLs.

AppProtocolDestination
Microsoft AccountHTTPlogin.msa.akadns6.net
Microsoft AccountHTTPus.configsvc1.live.com.akadns.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 13

Windows Spotlight Related URLs

To make Windows spotlight work on Windows 10 devices, you might need to open the following URLs.

AppProtocolDestination
Windows SpotlightTLS v1.2*.search.msn.com
Windows SpotlightHTTPSarc.msn.com
Windows SpotlightHTTPSg.msn.com*
Windows SpotlightHTTPSquery.prod.cms.rt.microsoft.com
Windows SpotlightHTTPSris.api.iris.microsoft.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 14

Skype Access URLs

You might need to access the following URLs to get access to Skype from Windows 10 1903 device.

AppProtocolDestination
SkypeHTTPSbrowser.pipe.aria.microsoft.com
SkypeHTTPconfig.edge.skype.com
SkypeHTTPs2s.config.skype.com
SkypeHTTPSskypeecs-prod-usw-0-b.cloudapp.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 15

Windows Apps Related URLs

Windows 10 1903 applications require the following URL should be opened via your corporate proxy. Windows Apps related to Windows 10 Proxy Requirements are in the below list.

NOTE! – The following list is not mandatory.

AppProtocolDestination
WeatherHTTPblob.weather.microsoft.com
WeatherHTTPtile-service.weather.microsoft.com
OneNoteHTTPScdn.onenote.net/livetile/?Language=en-US
TwitterHTTPS.twimg.com
Candy CrushTLS v1.2candycrushsoda.king.com
Photo AppHTTPSevoke-windowsservices-tas.msedge.net
Wallet AppHTTPSwallet.microsoft.com
GrooveHTTPSmediaredirect.microsoft.com
WhiteboardHTTPSint.whiteboard.microsoft.com
WhiteboardHTTPSwbd.ms
WhiteboardHTTPSwhiteboard.microsoft.com
WhiteboardHTTP / HTTPSwhiteboard.ms
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 16

URLs for Cortana and Search

The following URLs are for Cortana & search features working on Windows 10.

App ProtocolDestination
Cortana and Search HTTPSstore-images.*microsoft.com
Cortana and SearchHTTPSwww.bing.com/client
Cortana and SearchHTTPSwww.bing.com
Cortana and SearchHTTPSwww.bing.com/proactive
Cortana and SearchHTTPSwww.bing.com/threshold/xls.aspx
Cortana and SearchHTTPExo-ring.msedge.net
Cortana and SearchHTTPfp.msedge.net
Cortana and SearchHTTPfp-vp.azureedge.net
Cortana and SearchHTTPodinvzc.azureedge.net
Cortana and SearchHTTPso-ring.msedge.net
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 17
Windows 10 Proxy Requirements Intune Firewall Proxy Requirements Modern Windows 10 Deployment
Windows 10 Proxy Requirements Intune Firewall Proxy Requirements Modern Windows 10 Deployment 18

Maps Related URLs for Windows Devices

When you want access to update OFFLINE MAPS, you need to allow the following URLs.

AppProtocolDestination
MapsHTTPS*g.akamaiedge.net
MapsHTTPmaps.windows.com
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 19

Other URLsIntune Firewall Proxy Requirements Modern Windows 10 Deployment

The following URLs are also should accessible from Windows 10 1903 devices.

AppProtocolsDestination
Microsoft EdgeHTTPSiecvlist.microsoft.com
Microsoft forward link redirection service (FWLink)HTTPSgo.microsoft.com
Network Connection Status Indicator (NCSI)HTTPwww.msftconnecttest.com*
Intune Firewall Proxy Requirements Modern Windows 10 Windows 11 Deployment 20

Resources

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.