Blog Post

Intune Customer Success
4 MIN READ

Support tip: Upcoming Microsoft Intune network changes

Intune_Support_Team's avatar
Intune_Support_Team
Silver Contributor
Sep 10, 2025
12/18/25 Update - This post has been updated to include a new Azure Front Door (AFD) Connectivity Diagnostics Tool to help validate Intune network connectivity after firewall updates. We know m...
Updated Dec 18, 2025
Version 3.0
security
support tip
underQualifried's avatar
underQualifried
Brass Contributor
Nov 05, 2025

'Intune network service endpoints'

What?  I've never encountered this term. I know what InTune is, what networks are, what endpoints are - yet I have no idea what this means. What platforms does this affect? We use intune for iPhones, currently exclusively. Mostly because no one has the time to pivot their entire career to InTune, as seems to be required. 

'Azure Front Door IP addresses ' - another thing I've never heard of nor encountered nor really want to spend time figuring out.

'We know many customers don’t always check their service change messages in the Microsoft 365 admin center'  - that's because every message Microsoft releases is traumatizing and discouraging, and prioritizes investor friendliness and 'new content' over user friendliness. 

Our stack for InTune is Supervised ABM/ADE Enrolled iPhones and Untangle or Fortigate for Firewalls. Can anyone advise on what KB articles I need to read (then update, of course)? Or just tell me wtf a 'intune network service endpoint' is, and I can hopefully make sense of it for staff? :exhausted:

KoprowskiT's avatar
KoprowskiT
MVP
Dec 27, 2025

🌐 What Are Intune Network Service Endpoints?

Intune network service endpoints are the FQDNs (URLs) and IP ranges that devices must be able to reach over the network in order for Microsoft Intune to function correctly. They are essential when you manage devices behind firewalls, proxies, or restricted outbound policies.

These endpoints cover:

  • Device enrollment
  • Device management
  • App deployment
  • Compliance checks
  • Reporting and analytics
  • Integration with Microsoft 365 and Azure services

Microsoft provides an authoritative list of these endpoints because blocking any of them can break core Intune functionality.

🧩 Why They Matter

If your environment uses:

  • Outbound allowlists
  • SSL inspection
  • Proxy authentication
  • Network segmentation
  • Zero Trust network controls

…then you must explicitly allow Intune’s required endpoints.

🔐 Important Notes for Network Teams

  • SSL inspection is NOT supported for:
    • *.manage.microsoft.com
    • *.dm.microsoft.com
    • Device Health Attestation endpoints
      (Blocking or inspecting these breaks compliance and enrollment)
  • Some endpoints require unauthenticated proxy access, including:
  • manage.microsoft.com
  • *.azureedge.net
  • graph.microsoft.com