Azure Virtual Desktop - Optional Rules for Session Host Virtual Machines

Copper Contributor

Hi all,


Just wondering if it is standard practise to include the optional rules for the Session Host VM's (see table below):


AddressOutbound TCP portPurpose in to Microsoft Online Services and Microsoft 365
* Service
www.msftconnecttest.com443Detects if the session host is connected to the internet
* Update
*.sfx.ms443Updates for OneDrive client software
*.digicert.com443Certificate revocation check
*.azure-dns.com443Azure DNS resolution
*.azure-dns.net443Azure DNS resolution


Microsoft state that these optional rule MIGHT also be required to access other services:


Would just like to hear other engineers experience on whether to implement or not.


Thanks in advance.

1 Reply
In most case you will be further integrating the AVD into Azure services. Whitelisting them will be a good starting point. Rather later getting into troubleshooting mode as to why it's not working out of the box.