AD Connect required ports and protocols

Posted on 17 September 201917 September 2019 by hakanmarangoz

If you have projects with enterprise customers, you need to know that most of them have strict network security rules, under these circumstances, you should submit right URLs and Ports list to Network Security guys. I spent my whole weekend preparing this, and I want to share it with you guys for a reference.

AD Connect Ports and URLs

URL	Port	Description
*.blob.core.windows.net	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
*.aadconnecthealth.azure.com	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
*.servicebus.windows.net	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
*.adhybridhealth.azure.com	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://management.azure.com	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://policykeyservice.dc.ad.msft.net/	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://login.windows.net	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://login.microsoftonline.com	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://secure.aadcdn.microsoftonline-p.com	443	Azure AD Connect Health service endpoints.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
https://www.office.com	443	*This endpoint is only used for discovery purposes during registration	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#requirements
*.windows.net	443	Used to sign in to Azure AD.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
secure.aadcdn.microsoftonline-p.com	443	Used for MFA.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
*.microsoftonline.com	443	Used to configure your Azure AD directory and import/export data.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
*.msappproxy.net	443	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
*.servicebus.windows.net.	443	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
*.verisign.com	80	Used to download CRL lists.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
*.entrust.net	80	Used to download CRL lists for MFA.	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity
mscrl.microsoft.com	80	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
crl.microsoft.com	80	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
ocsp.msocsp.com	80	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start
www.microsoft.com	80	Pass-through authentication	https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-quick-start