You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dev-box/concept-dev-box-network-requirements.md
+12-54Lines changed: 12 additions & 54 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ ms.service: dev-box
6
6
author: RoseHJM
7
7
ms.author: rosemalcolm
8
8
ms.topic: concept-article
9
-
ms.date: 05/29/2024
9
+
ms.date: 10/28/2024
10
10
ms.custom: template-concept
11
11
12
12
#Customer intent: As a platform engineer, I want to understand Dev Box networking requirements so that developers can access the resources they need.
@@ -53,6 +53,7 @@ You can check that your dev boxes can connect to these FQDNs and endpoints by fo
53
53
> [!IMPORTANT]
54
54
> Microsoft doesn't support dev box deployments where the FQDNs and endpoints listed in this article are blocked.
55
55
56
+
## Physical device network connectivity
56
57
Although most of the configuration is for the cloud-based dev box network, end user connectivity occurs from a physical device. Therefore, you must also follow the connectivity guidelines on the physical device network.
57
58
58
59
|Device or service |Network connectivity required URLs and ports |Description |
@@ -66,59 +67,14 @@ Although most of the configuration is for the cloud-based dev box network, end u
66
67
67
68
The following URLs and ports are required for the provisioning of dev boxes and the Azure Network Connection (ANC) health checks. All endpoints connect over port 443 unless otherwise specified.
|**Dev box communication endpoints**| - *.agentmanagement.dc.azure.com<br>- *.cmdagent.trafficmanager.net | Line by line in your firewall rules. | N/A |
73
+
|**Windows 365 service endpoints**| - *.infra.windows365.microsoft.com<br>- *.cmdagent.trafficmanager.net<br>- UDP connectivity via TURN<br>- TURN connectivity | FQDN tag: *Windows365*<br> or <br>Line by line in your firewall rules. |[Windows 365 network requirements](/windows-365/enterprise/requirements-network?tabs=enterprise%2Cent#windows-365-service). |
|**Microsoft Entra ID**| FQDNs and endpoints for Microsoft Entra ID can be found under ID 56, 59 and 125 in [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges#microsoft-365-common-and-office-online). | Add service tag `AzureActiveDirectory`|[Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges#microsoft-365-common-and-office-online)|
77
+
|**Microsoft Intune**| For current FQDNs and endpoints for Microsoft Entra ID, see [Intune core service](/mem/intune/fundamentals/intune-endpoints?tabs=north-america#endpoints)| FQDN tag: *MicrosoftIntune*|[Intune endpoints](/mem/intune/fundamentals/intune-endpoints)|
122
78
123
79
## Use FQDN tags and service tags for endpoints through Azure Firewall
124
80
@@ -128,6 +84,8 @@ Managing network security controls for dev boxes can be complex. To simplify con
128
84
129
85
An [FQDN tag](/azure/firewall/fqdn-tags) is a predefined tag in Azure Firewall that represents a group of fully qualified domain names. By using FQDN tags, you can easily create and maintain egress rules for specific services like Windows 365 without manually specifying each domain name.
130
86
87
+
The groupings defined by FQDN tags can overlap. For example, the Windows365 FQDN tag includes AVD endpoints for standard ports, see [reference](/windows-365/enterprise/azure-firewall-windows-365#windows365-tag).
88
+
131
89
Non-Microsoft firewalls don't usually support FQDN tags or service tags. There might be a different term for the same functionality; check your firewall documentation.
0 commit comments