Azure Virtual Desktop - Optional Rules for Session Host Virtual Machines

Copper Contributor

Hi all,

 

Just wondering if it is standard practise to include the optional rules for the Session Host VM's (see table below):

 

AddressOutbound TCP portPurpose
login.windows.net443Sign in to Microsoft Online Services and Microsoft 365
*.events.data.microsoft.com443Telemetry Service
www.msftconnecttest.com443Detects if the session host is connected to the internet
*.prod.do.dsp.mp.microsoft.com443Windows Update
*.sfx.ms443Updates for OneDrive client software
*.digicert.com443Certificate revocation check
*.azure-dns.com443Azure DNS resolution
*.azure-dns.net443Azure DNS resolution

 

Microsoft state that these optional rule MIGHT also be required to access other services:

https://learn.microsoft.com/en-us/azure/virtual-desktop/safe-url-list?tabs=azure

 

Would just like to hear other engineers experience on whether to implement or not.

 

Thanks in advance.

1 Reply
In most case you will be further integrating the AVD into Azure services. Whitelisting them will be a good starting point. Rather later getting into troubleshooting mode as to why it's not working out of the box.