Blog Post

Intune Customer Success

4 MIN READ

Support tip: Upcoming Microsoft Intune network changes

Silver Contributor

Sep 10, 2025

12/18/25 Update - This post has been updated to include a new Azure Front Door (AFD) Connectivity Diagnostics Tool to help validate Intune network connectivity after firewall updates. We know m...

Updated Dec 18, 2025

Version 3.0

security

support tip

Intune_Support_Team

Silver Contributor

Joined October 11, 2018

View Profile

Intune Customer Success

Follow this blog board to get notified when there's new activity

underQualifried

Brass Contributor

Nov 05, 2025

'Intune network service endpoints'

What? I've never encountered this term. I know what InTune is, what networks are, what endpoints are - yet I have no idea what this means. What platforms does this affect? We use intune for iPhones, currently exclusively. Mostly because no one has the time to pivot their entire career to InTune, as seems to be required.

'Azure Front Door IP addresses ' - another thing I've never heard of nor encountered nor really want to spend time figuring out.

'We know many customers don’t always check their service change messages in the Microsoft 365 admin center' - that's because every message Microsoft releases is traumatizing and discouraging, and prioritizes investor friendliness and 'new content' over user friendliness.

Our stack for InTune is Supervised ABM/ADE Enrolled iPhones and Untangle or Fortigate for Firewalls. Can anyone advise on what KB articles I need to read (then update, of course)? Or just tell me wtf a 'intune network service endpoint' is, and I can hopefully make sense of it for staff? :exhausted:

KoprowskiT

MVP

Dec 27, 2025

Full Intune FQDN Endpoint List
All entries come from Microsoft’s official Intune network endpoints documentation.
Core Intune Service FQDNs
manage.microsoft.com
*.manage.microsoft.com
*.dm.microsoft.com
enrollment.manage.microsoft.com
enrollment.microsoft.com
portal.manage.microsoft.com
*.azureedge.net
graph.microsoft.com
login.microsoftonline.com
login.microsoft.com
enterpriseregistration.windows.net
device.login.microsoftonline.com

Microsoft 365 / Azure Dependencies
*.blob.core.windows.net
*.monitor.azure.com
*.office.com
*.office365.com
*.microsoft.com
*.windows.net
(China cloud variants also exist, e.g., *.cdn.azure.cn)

Endpoint Analytics
*.events.data.microsoft.com
*.prod.do.dsp.mp.microsoft.com
*.vortex.data.microsoft.com

Compliance & Device Health Attestation (DHA)
⚠️ SSL inspection not supported for these
*.dh.microsoft.com
*.attest.azure.net

Microsoft Defender for Endpoint (if integrated)
*.security.microsoft.com
*.wdcp.microsoft.com
*.wd.microsoft.com

Windows Update / Microsoft Store (used by Intune)
*.update.microsoft.com
*.windowsupdate.com
storeedgefd.dsx.mp.microsoft.com

Certificate Connector (same as managed devices)
*.manage.microsoft.com
*.azureedge.net
graph.microsoft.com