Forum Discussion

JamieMcC1590's avatar
JamieMcC1590
Copper Contributor
Jun 06, 2025
Solved

Intune Management Extension Deployment

Hi Team, we have had previous issues with the IME deployment not passing through our firewall until a select few urls were added to the whitelist.  I have been informed that we are now blocking login...
  • Bogdan_Guinea's avatar
    Jun 15, 2025

    Hy Jamie,

    So... Microsoft uses multiple CDN and management endpoints to ensure availability and redundancy. 

    The IME can failover between these endpoints if one is unreachable.:

    • If login.live.com remains blocked, new device enrollments or new user authentications may fail, preventing fresh installations or re-enrollments.
    • However, already installed IME agents should continue to update and communicate via manage.microsoft.com and CDN endpoints, assuming those URLs are allowed. i don't know if its suitable for a ,msi install.

    back again,  login.live.com is mainly needed once for initial authentication if this apply to the .msi installation, you need to test or go and watch traffic on fresh new installed Client in order to better understand this facts. 

    Good luck!

Resources