Hi everyone, today we have a post by Intune Support Engineer Saurabh Sarkar where he talks about some of the options available when setting up Azure AD Connect to enable hybrid identify for the Azure...
Updated Jun 25, 2019
Version 2.0
Blog Post
Yes, sorry, it should be outbound ports. Which is less problematic. But we still had to allow them in our firewalls for Single sign on setting to be accessible (probably for the whole PTA as well). At that time the ports were 80, 443, 8080, 5671, 9090, 9091, 9352, 9350, 10100–10120. Maybe something changed since then (it was more than a year ago).
Again, i haven't tested this for a while and don't have a way to do this now, so maybe Skype thing also changed/has been fixed. Btw, it wasn't affecting existing users. They could use SfB while in PTA mode just fine. But a new user wasn't able to login for the first time until we have enabled Password synchronization. So we kept this setting on. Until PTA broke for some reason one day (i guess after Windows Server updates) and we had to switch back to PHS. PTA was still in preview then i believe (2018 August). We tried to escalate this to MS with partners, but it was taking too long (all employees without email and Skype), so switched to PHS and it worked fine since.