Enabling Microsoft Intune and Android Enterprise Connections Through a Firewall

A robust enterprise mobility management is fundamental in today’s evolving workplace. Two key tools in this regard are Microsoft Intune and Android Enterprise. However, establishing network connections through a firewall could be challenging for IT administrators and professionals. This article provides the essential firewall configurations needed to allow these connections.

Firewall Rules for Microsoft Intune

Microsoft Intune, or Microsoft Endpoint Manager, offers enterprise mobility services like device and application management. To establish a connection, your firewall rules must include certain URLs and ports:

URLs:

1. https://*.manage.microsoft.com
2. https://portal.manage.microsoft.com
3. https://login.microsoftonline.com
4. *.windowsupdate.com
5. *.delivery.mp.microsoft.com
6. *.update.microsoft.com
7. https://*.azureedge.net
8. https://*.microsoftonline-p.com
9. https://*.s-msedge.net

Ports:

1. 80 (HTTP)
2. 443 (HTTPS)

These settings allow communication with the Intune service, company portal, Microsoft 365 identity, and Azure services.

Firewall Rules for iOS

Here’s a list of URLs and ports for firewall rules needed for Intune iOS management:

Outbound Traffic:

• URL: *.manage.microsoft.com
• Port: TCP 443 (HTTPS)

Inbound Traffic:

• URL: Intune iOS management servers (Please consult Microsoft documentation for specific IP ranges or hostnames to allow)
• Port: TCP 443 (HTTPS)

Outbound Traffic for Device Enrollment:

• URL: *.enrollment.manage.microsoft.com
• Port: TCP 443 (HTTPS)

Outbound Traffic for Apple Push Notification Service (APNS):

• URL: gateway.push.apple.com
• Port: TCP 2195
• URL: feedback.push.apple.com
• Port: TCP 2196

Outbound Traffic for Apple Device Registration:

• URL: albert.apple.com
• Port: TCP 80 (HTTP) and TCP 443 (HTTPS)
• URL: gs.apple.com
• Port: TCP 80 (HTTP) and TCP 443 (HTTPS)

Firewall Rules for Android Enterprise

Android Enterprise, part of Google’s services, allows for managing Android devices and apps in an enterprise environment. Similar to Microsoft Intune, it also requires certain firewall configurations:

URLs:

1. https://*.gvt1.com
2. https://*.googleapis.com
3. https://play.googleapis.com
4. https://www.googleapis.com
5. https://connectivitycheck.gstatic.com
6. https://fcm.googleapis.com
7. https://androiddevicepolicy.googleapis.com
8. https://www.googleapis.com/auth/androidworkprovisioning

Ports:

1. 443 (HTTPS)
2. 5228 (TCP)
3. 5229 (TCP)
4. 5230 (TCP)

These configurations ensure a stable connection with Google Play services, Google’s connectivity check, the Play Store, Firebase Cloud Messaging (FCM), and the Android Device Policy.

Proper firewall configuration ensures seamless connectivity to Microsoft Intune and Android Enterprise. The above settings allow secure and efficient communication between your devices and these services. However, they are just a part of overall network security. Don’t forget to use complementary measures such as network segmentation, intrusion detection/prevention systems, and anti-virus software.

As the specifics can change over time, always check the most recent technical documentation or consult with the relevant service provider’s support resources to ensure your settings are up to date.

Found priceless insights in this blog? Support the author’s creativity – buy them a coffee!