Home

Azure AD Connect and ADFS Firewall ports

%3CLINGO-SUB%20id%3D%22lingo-sub-826571%22%20slang%3D%22en-US%22%3EAzure%20AD%20Connect%20and%20ADFS%20Firewall%20ports%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-826571%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EI%20have%20the%20same%20setup%20as%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-ports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ein%20the%20picture%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Bexcept%20for%20the%20Health%20Agent%3C%2FSPAN%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20can't%20find%20any%20specifics%20on%20the%20required%20firewall%20ports%20for%20AAD%20Connect%20traffic%20(especially%20inbound).%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-ports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3ETable%202%20in%20this%20article%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%26nbsp%3Brefers%20to%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-au%2Foffice365%2Fenterprise%2Furls-and-ip-address-ranges%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3Ethis%20list%20of%20IPs%3C%2FSPAN%3E%3C%2FA%3E%3CSPAN%3E%2C%20but%20it%20doesn't%20seem%20right%20that%20to%20allow%20AAD%20Connect%20communication%20one%20has%20to%20open%20all%20these%20IPs%2C%20which%20refer%20to%20Office%20365%20services%20anyway%2C%20so%20I%20am%20a%20bit%20lost%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EThe%20arrow%20between%20AAD%20Connect%20server%20and%20AAD%20is%20bidirectional%2C%20so%20I%20assume%20traffic%20flows%20both%20way%2C%20unless%20the%20incoming%20only%20refers%20to%20the%20Health%20agent.%20Can%20it%20be%20that%20AAD%20Connect%20only%20needs%20outbound%20traffic%20and%20not%20inbound%3F%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20have%20seen%20similar%20questions%20in%20other%20forums%20but%20things%20seem%20to%20have%20changed%2C%20or%20at%20least%20are%20still%20unclear%20to%20me%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fstackoverflow.com%2Fquestions%2F51058662%2Fazure-ad-connect-and-azure-ad-connection-issue%2F51074618%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3EAzure%20AD%20Connect%20and%20Azure%20AD%20Connection%20Issue%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fstackoverflow.com%2Fquestions%2F50837405%2Fazure-ad-connect-and-azure-ad-firewall%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CSPAN%3EAZure%20AD%20connect%20and%20Azure%20AD%20firewall%3C%2FSPAN%3E%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-826571%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eadfs%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAzure%20AD%20Connect%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EFirewall%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENetworking%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPorts%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-829138%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20and%20ADFS%20Firewall%20ports%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-829138%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70357%22%20target%3D%22_blank%22%3E%40Michele%20Casazza%3C%2FA%3E%26nbsp%3B%20%3A)%3C%2Fimg%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPlease%20refer%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-install-prerequisites%23connectivity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Fhow-to-connect-install-prerequisites%23connectivity%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%20to%20see%20what%20exact%20Ports%20that%20need%20to%20be%20opened%20both%20Inbound%20and%20Outbound%20%2C%20refer%20this%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-ports%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Freference-connect-ports%3C%2FA%3E%26nbsp%3Band%20for%20URL's%20as%20well.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThen%20at%20Last%20if%20you%20still%20suspect%20connectivity%20issues%20%2C%20please%20troubleshot%20using%20this%20guide%20-%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-connectivity%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fhybrid%2Ftshoot-connect-connectivity%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECheers%20!!%3C%2FP%3E%3CP%3EAnkit%20Shukla%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-829147%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20Connect%20and%20ADFS%20Firewall%20ports%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-829147%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F156230%22%20target%3D%22_blank%22%3E%40ankit%20shukla%3C%2FA%3E%26nbsp%3Bthanks%20but%20I%20already%20went%20through%20those%20documents.%20My%20question%20is%20more%20specific%20that's%20why%20I%20referenced%20the%20details%20in%20the%20tables.%20Please%20re-read%20my%20post%20%3A)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Michele Casazza
Occasional Contributor

I have the same setup as in the picture except for the Health Agent 

I can't find any specifics on the required firewall ports for AAD Connect traffic (especially inbound). Table 2 in this article refers to this list of IPs, but it doesn't seem right that to allow AAD Connect communication one has to open all these IPs, which refer to Office 365 services anyway, so I am a bit lost

The arrow between AAD Connect server and AAD is bidirectional, so I assume traffic flows both way, unless the incoming only refers to the Health agent. Can it be that AAD Connect only needs outbound traffic and not inbound?

I have seen similar questions in other forums but things seem to have changed, or at least are still unclear to me

Azure AD Connect and Azure AD Connection Issue

AZure AD connect and Azure AD firewall

2 Replies

@Michele Casazza  :) 

 

Please refer - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-install-prerequisites#...

 

Then to see what exact Ports that need to be opened both Inbound and Outbound , refer this https://docs.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports and for URL's as well.

 

Then at Last if you still suspect connectivity issues , please troubleshot using this guide - https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-connectivity

 

Cheers !!

Ankit Shukla

 

@ankit shukla thanks but I already went through those documents. My question is more specific that's why I referenced the details in the tables. Please re-read my post :)

Related Conversations
Extentions Synchronization
Deleted in Discussions on
3 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
36 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies