You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/hybrid/reference-connect-ports.md
+7-5Lines changed: 7 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -78,16 +78,16 @@ The following tables describes the ports and protocols that are required for com
78
78
### Table 6a - Pass-through Authentication with SSO
79
79
| Protocol | Ports | Description |
80
80
| --- | --- | --- |
81
-
|HTTP|80 (TCP)|Used to download CRLs (Certificate Revocation Lists) to verify TLS/SSL certificates. Also needed for the connector auto-update capability to function properly. |
82
-
|HTTPS|443 (TCP)|Used to enable and disable the feature, register connectors, download connector updates, and handle all user sign-in requests. |
81
+
|HTTP|80 (TCP)|Used to download CRLs (Certificate Revocation Lists) to verify TLS/SSL certificates. Also needed for the connector auto-update capability to function properly. |
82
+
|HTTPS|443 (TCP)|Used to enable and disable the feature, register connectors, download connector updates, and handle all user sign-in requests. |
83
83
84
84
In addition, Azure AD Connect needs to be able to make direct IP connections to the [Azure data center IP ranges](https://www.microsoft.com/download/details.aspx?id=41653).
85
85
86
86
### Table 6b - Password Hash Sync with SSO
87
87
88
88
| Protocol | Ports | Description |
89
89
| --- | --- | --- |
90
-
|HTTPS|443 (TCP)|Used to enable SSO registration (required only for the SSO registration process).
90
+
|HTTPS|443 (TCP)|Used to enable SSO registration (required only for the SSO registration process).
91
91
92
92
In addition, Azure AD Connect needs to be able to make direct IP connections to the [Azure data center IP ranges](https://www.microsoft.com/download/details.aspx?id=41653). Again, this is only required for the SSO registration process.
93
93
@@ -99,9 +99,11 @@ This table describes the following outbound ports and protocols that are require
99
99
100
100
| Protocol | Ports | Description |
101
101
| --- | --- | --- |
102
-
|HTTPS |443 (TCP) |Used to send health information to Azure AD. |
102
+
| Azure Service Bus |5671 (TCP) | Used to send health information to Azure AD. (recommended but not required in latest versions)|
103
+
| HTTPS |443 (TCP) |Used to send health information to Azure AD. (failback)|
103
104
104
-
Old Azure AD Connect Health agents required access to Azure Service Bus on port 5671 but it is no longer required. The latest Azure AD Connect Health agent versions only require port 443.
105
+
If 5671 is blocked, the agent falls back to 443, but using 5671 is recommended. This endpoint isn't required in the latest version of the agent.
106
+
The latest Azure AD Connect Health agent versions only require port 443.
105
107
106
108
### 7b - Endpoints for Azure AD Connect Health agent for (AD FS/Sync) and Azure AD
107
109
For a list of endpoints, see [the Requirements section for the Azure AD Connect Health agent](how-to-connect-health-agent-install.md#requirements).
0 commit comments