Merge pull request #254837 from jeffpatt24/patch-3

prmerger-automator[bot] · web-flow · commit 80fe27df15b2 · 2023-10-12T21:24:32.000Z
Update file-sync-firewall-and-proxy.md
diff --git a/articles/storage/file-sync/file-sync-firewall-and-proxy.md b/articles/storage/file-sync/file-sync-firewall-and-proxy.md
@@ -4,7 +4,7 @@ description: Understand Azure File Sync on-premises proxy and firewall settings.
 author: khdownie
 ms.service: azure-file-storage
 ms.topic: how-to
-ms.date: 04/04/2023
+ms.date: 10/12/2023
 ms.author: kendownie
 ---
 
@@ -124,7 +124,7 @@ The following table describes the required domains for communication:
 | Service | Public cloud endpoint | Azure Government endpoint | Usage |
 |---------|----------------|---------------|------------------------------|
 | **Azure Resource Manager** | `https://management.azure.com` | `https://management.usgovcloudapi.net` | Any user call (like PowerShell) goes to/through this URL, including the initial server registration call. |
-| **Microsoft Entra ID** | `https://login.windows.net`<br>`https://login.microsoftonline.com` | `https://login.microsoftonline.us` | Azure Resource Manager calls must be made by an authenticated user. To succeed, this URL is used for user authentication. |
+| **Microsoft Entra ID** | `https://login.windows.net`<br>`https://login.microsoftonline.com`<br>`https://aadcdn.msftauth.net` | `https://login.microsoftonline.us` | Azure Resource Manager calls must be made by an authenticated user. To succeed, this URL is used for user authentication. |
 | **Microsoft Entra ID** | `https://graph.microsoft.com/` | `https://graph.microsoft.com/` | As part of deploying Azure File Sync, a service principal in the subscription's Microsoft Entra ID will be created. This URL is used for that. This principal is used for delegating a minimal set of rights to the Azure File Sync service. The user performing the initial setup of Azure File Sync must be an authenticated user with subscription owner privileges. |
 | **Microsoft Entra ID** | `https://secure.aadcdn.microsoftonline-p.com` | `https://secure.aadcdn.microsoftonline-p.com`<br>(same as public cloud endpoint URL) | This URL is accessed by the Active Directory authentication library that the Azure File Sync server registration UI uses to log in the administrator. |
 | **Azure Storage** | &ast;.core.windows.net | &ast;.core.usgovcloudapi.net | When the server downloads a file, then the server performs that data movement more efficiently when talking directly to the Azure file share in the Storage Account. The server has a SAS key that only allows for targeted file share access. |
