Below are the Networking requirements for Autopilot as recommended by Microsoft.

  • After a network connection is in place, each Windows 10 device will contact the Windows Autopilot Deployment Service. With Windows 10 version 1903 and above, the following URLs are used:

https://ztd.dds.microsoft.com,

https://cs.dds.microsoft.com, and

https://login.live.com

  • Ensure Domain Name Services (DNS) name resolution for internet DNS names

Allow access to all hosts via port 80 (HTTP), 443 (HTTPS), and 123 (UDP/NTP)

  • Once authenticated, Azure Active Directory will trigger enrollment of the device into the Intune mobile device management (MDM) service. See the following link for details about network communication requirements:
  • Configure the proxy server to exclude the URLs for the certificate revocation lists (CRLs) from the requirements for Basic authentication. To do this, configure the following list of CRLs to be unauthenticated on the proxy server:

https://go.microsoft.com/

http://go.microsoft.com/

https://login.live.com

https://activation.sls.microsoft.com/

http://crl.microsoft.com/pki/crl/products/MicProSecSerCA_2007-12-04.crl

https://validation.sls.microsoft.com/

https://activation-v2.sls.microsoft.com/

https://validation-v2.sls.microsoft.com/

https://displaycatalog.mp.microsoft.com/

https://licensing.mp.microsoft.com/

https://purchase.mp.microsoft.com/

https://displaycatalog.md.mp.microsoft.com/

https://licensing.md.mp.microsoft.com/

https://purchase.md.mp.microsoft.com/

The following tables list the ports and services that the Intune client accesses:

Domains

IP address

login.microsoftonline.com
*.officeconfig.msocdn.com
config.office.com
graph.windows.net
enterpriseregistration.windows.net

portal.manage.microsoft.com
m.manage.microsoft.com

52.175.12.209
20.188.107.228
52.138.193.149
51.144.161.187
52.160.70.20
52.168.54.64
13.72.226.202
52.189.220.232

sts.manage.microsoft.com

13.93.223.241
52.170.32.182
52.164.224.159
52.174.178.4
13.75.122.143
52.163.120.84
13.73.112.122
52.237.192.112

Manage.microsoft.com
i.manage.microsoft.com
r.manage.microsoft.com
a.manage.microsoft.com
p.manage.microsoft.com
EnterpriseEnrollment.manage.microsoft.com
EnterpriseEnrollment-s.manage.microsoft.com

40.83.123.72
13.76.177.110
52.169.9.87
52.174.26.23
104.40.82.191
13.82.96.212
52.147.8.239
40.115.69.185

portal.fei.msua01.manage.microsoft.com
m.fei.msua01.manage.microsoft.com
portal.fei.msua02.manage.microsoft.com
m.fei.msua02.manage.microsoft.com
portal.fei.msua04.manage.microsoft.com
m.fei.msua04.manage.microsoft.com
portal.fei.msua05.manage.microsoft.com
m.fei.msua05.manage.microsoft.com
portal.fei.amsua0502.manage.microsoft.com
m.fei.amsua0502.manage.microsoft.com
portal.fei.msua06.manage.microsoft.com
m.fei.msua06.manage.microsoft.com
portal.fei.amsua0602.manage.microsoft.com
m.fei.amsua0602.manage.microsoft.com
fei.amsua0202.manage.microsoft.com
portal.fei.amsua0202.manage.microsoft.com
m.fei.amsua0202.manage.microsoft.com
portal.fei.amsua0402.manage.microsoft.com
m.fei.amsua0402.manage.microsoft.com
portal.fei.amsua0801.manage.microsoft.com
portal.fei.msua08.manage.microsoft.com
m.fei.msua08.manage.microsoft.com
m.fei.amsua0801.manage.microsoft.com

52.160.70.20
52.168.54.64

portal.fei.msub01.manage.microsoft.com
m.fei.msub01.manage.microsoft.com
portal.fei.amsub0102.manage.microsoft.com
m.fei.amsub0102.manage.microsoft.com
fei.msub02.manage.microsoft.com
portal.fei.msub02.manage.microsoft.com
m.fei.msub02.manage.microsoft.com
portal.fei.msub03.manage.microsoft.com
m.fei.msub03.manage.microsoft.com
portal.fei.msub05.manage.microsoft.com
m.fei.msub05.manage.microsoft.com
portal.fei.amsub0202.manage.microsoft.com
m.fei.amsub0202.manage.microsoft.com
portal.fei.amsub0302.manage.microsoft.com
m.fei.amsub0302.manage.microsoft.com
portal.fei.amsub0502.manage.microsoft.com
m.fei.amsub0502.manage.microsoft.com
portal.fei.amsub0601.manage.microsoft.com
m.fei.amsub0601.manage.microsoft.com

52.138.193.149
51.144.161.187

portal.fei.msuc01.manage.microsoft.com
m.fei.msuc01.manage.microsoft.com
portal.fei.msuc02.manage.microsoft.com
m.fei.msuc02.manage.microsoft.com
portal.fei.msuc03.manage.microsoft.com
m.fei.msuc03.manage.microsoft.com
portal.fei.msuc05.manage.microsoft.com
m.fei.msuc05.manage.microsoft.com

52.175.12.209
20.188.107.228

portal.fei.amsud0101.manage.microsoft.com
m.fei.amsud0101.manage.microsoft.com

13.72.226.202

fef.msua02.manage.microsoft.com

52.177.194.236

fef.msua04.manage.microsoft.com

23.96.112.28

fef.msua06.manage.microsoft.com

13.78.185.97

fef.msuc03.manage.microsoft.com

23.101.0.100

fef.amsua0502.manage.microsoft.com

13.85.68.142

Admin.manage.microsoft.com

52.224.221.227
52.161.162.117
52.178.44.195
52.138.206.56
52.230.21.208
13.75.125.10

wip.mam.manage.microsoft.com

52.187.76.84
13.76.5.121
52.165.160.237
40.86.82.163
52.233.168.142
168.63.101.57
52.187.196.98
52.237.196.51

mam.manage.microsoft.com

104.40.69.125
13.90.192.78
40.85.174.177
40.85.77.31
137.116.229.43
52.163.215.232
52.174.102.180
52.187.196.173
52.156.162.48

*.manage.microsoft.com

40.82.248.224/28
20.189.105.0/24
20.37.153.0/24
20.37.192.128/25
20.38.81.0/24
20.41.1.0/24
20.42.1.0/24
20.42.130.0/24
20.42.224.128/25
20.43.129.0/24
40.119.8.128/25
40.74.25.0/24
40.82.249.128/25
40.80.184.128/25
52.150.137.0/25

  • Check that your device can access these Windows Update endpoints:

http://windowsupdate.microsoft.com

http://*.windowsupdate.microsoft.com

https://*.windowsupdate.microsoft.com

http://*.update.microsoft.com

https://*.update.microsoft.com

http://*.windowsupdate.com

http://download.windowsupdate.com

https://download.microsoft.com

http://*.download.windowsupdate.com

http://wustat.windows.com

http://ntservicepack.microsoft.com

https://*.prod.do.dsp.mp.microsoft.com

http://*.dl.delivery.mp.microsoft.com

https://*.delivery.mp.microsoft.com

https://tsfe.trafficshaping.dsp.mp.microsoft.com

  • When a Windows device starts up, it will talk to a network time server to ensure that the time on the device is correct. Ensure that UDP port 123 to time.windows.com is accessible.

  • Windows must be able to tell that the device can access the internet.

www.msftconnecttest.com must be resolvable via DNS and accessible via HTTP.