Forum Discussion
Azure Virtual Desktop - Optional Rules for Session Host Virtual Machines
Hi all,
Just wondering if it is standard practise to include the optional rules for the Session Host VM's (see table below):
| Address | Outbound TCP port | Purpose |
| login.windows.net | 443 | Sign in to Microsoft Online Services and Microsoft 365 |
| *.events.data.microsoft.com | 443 | Telemetry Service |
| http://www.msftconnecttest.com | 443 | Detects if the session host is connected to the internet |
| *.prod.do.dsp.mp.microsoft.com | 443 | Windows Update |
| *.sfx.ms | 443 | Updates for OneDrive client software |
| *.digicert.com | 443 | Certificate revocation check |
| *.azure-dns.com | 443 | Azure DNS resolution |
| *.azure-dns.net | 443 | Azure DNS resolution |
Microsoft state that these optional rule MIGHT also be required to access other services:
https://learn.microsoft.com/en-us/azure/virtual-desktop/safe-url-list?tabs=azure
Would just like to hear other engineers experience on whether to implement or not.
Thanks in advance.
1 Reply
- In most case you will be further integrating the AVD into Azure services. Whitelisting them will be a good starting point. Rather later getting into troubleshooting mode as to why it's not working out of the box.
