You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/dev-box/concept-dev-box-network-requirements.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -69,7 +69,7 @@ Managing network security controls for dev boxes can be complex. To simplify con
69
69
70
70
A [service tag](/azure/firewall/service-tags) represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. Service tags can be used in both [Network Security Group (NSG)](/azure/virtual-network/network-security-groups-overview) and [Azure Firewall](/azure/firewall/service-tags) rules to restrict outbound network access, and in [User Defined Route (UDR)](/azure/virtual-network/virtual-networks-udr-overview#user-defined) to customize traffic routing behavior.
71
71
72
-
## Physical device network connectivity
72
+
## Required endpoints for physical device network connectivity
73
73
Although most of the configuration is for the cloud-based dev box network, end user connectivity occurs from a physical device. Therefore, you must also follow the connectivity guidelines on the physical device network.
74
74
75
75
|Device or service |Network connectivity required URLs and ports |Description |
@@ -94,7 +94,7 @@ Any device you use to connect to a dev box must have access to the following FQD
94
94
95
95
These FQDNs and endpoints only correspond to client sites and resources.
96
96
97
-
## Required endpoints
97
+
## Required endpoints for dev box provisioning
98
98
99
99
The following URLs and ports are required for the provisioning of dev boxes and the Azure Network Connection (ANC) health checks. All endpoints connect over port 443 unless otherwise specified.
100
100
@@ -106,7 +106,7 @@ The following URLs and ports are required for the provisioning of dev boxes and
106
106
|**Microsoft Entra ID**| FQDNs and endpoints for Microsoft Entra ID can be found under ID 56, 59 and 125 in [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges#microsoft-365-common-and-office-online). | Service tag: *AzureActiveDirectory*|
107
107
|**Microsoft Intune**| For current FQDNs and endpoints for Microsoft Entra ID, see [Intune core service](/mem/intune/fundamentals/intune-endpoints?tabs=north-america#intune-core-service).| FQDN tag: *MicrosoftIntune*|
108
108
109
-
The listed FQDNs and endpoints and tags only correspond to the most common resources. They don't include FQDNs and endpoints for all services. For service tags for other services, see [Available service tags](/azure/virtual-network/service-tags-overview#available-service-tags).
109
+
The listed FQDNs and endpoints and tags correspond to the required resources. They don't include FQDNs and endpoints for all services. For service tags for other services, see [Available service tags](/azure/virtual-network/service-tags-overview#available-service-tags).
110
110
111
111
Azure Virtual Desktop doesn't have a list of IP address ranges that you can unblock instead of FQDNs to allow network traffic. If you're using a Next Generation Firewall (NGFW), you need to use a dynamic list made for Azure IP addresses to make sure you can connect.
0 commit comments