Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
This article lists the content and services endpoints to allow in your firewall to be used by Microsoft Connected Cache. Use the table below to reference any particular content types or services endpoints that are required for Connected Cache on a Configuration Manager distribution point, Connected Cache managed in Azure, or both.
Note
All ports are outbound.
Learn more about how the content delivered via these endpoints is done securely.
Allow the following endpoints for Microsoft Connected Cache to cache supported content from the internet:
| Content Type | Endpoints | Protocol/Port(s) | Additional Information |
|---|---|---|---|
| Windows Update Windows Defender Windows Drivers Windows Store |
*.dl.delivery.mp.microsoft.com *.windowsupdate.com |
HTTP / 80 | Complete list of endpoints for Windows Update services and payload. |
| Edge Browser | *.dl.delivery.mp.microsoft.com | HTTP / 80 | Complete list of endpoints for Edge Browser. |
| M365 app updates | *.officecdn.microsoft.com *.cdn.office.net *.static.microsoft |
HTTP / 80 | Complete list of endpoints for M365 app updates. |
| Intune Win32 apps | *.manage.microsoft.com | HTTP / 80 HTTPs / 443 |
Complete list of endpoints for Intune Win32 apps updates. |
| Teams | *.static.microsoft *.dl.delivery.mp.microsoft.com |
HTTPs / 443 | Complete list of endpoints for M365 app updates. |
| New Outlook companion apps | *.res.cdn.office.net *.static.microsoft |
HTTP / 80 HTTPs / 443 |
Future support is planned for peering and Connected Cache. |
| Xbox | *.xboxlive.com | HTTP / 80 | Currently only PC Game Pass games are supported, future support is planned for Xbox Console games. |
The following endpoints are used in the deployment and management of a Microsoft Connected Cache server:
| Service | Endpoints | Protocol/Port(s) | Additional Information |
|---|---|---|---|
| Delivery Optimization Service | *.do.dsp.mp.microsoft.com | HTTPs / 443 | Note: TLS inspection will break this connection due to certificate pinning. |
| IoT Edge / IoT Hub communication | *.azure-devices.net *.global.azure-devices-provisioning.net *.azurecr.io *.blob.core.windows.net *.mcr.microsoft.com *.github.com |
HTTPs / 443 | Complete list of Azure IoT Hub communication protocols and ports. Azure IoT Guide to understanding Azure IoT Hub endpoints. |
| Ubuntu package updates | *.ubuntu.com api.snapcraft.io |
HTTP / 80 HTTPs / 443 |
Used by Linux distribution image in WSL on Windows host machine to deploy Connected Cache. |
| Microsoft package updates | packages.microsoft.com download.microsoft.com |
HTTP / 80 HTTPs / 443 |
Used to deploy required Connected Cache packages to Windows and Linux host machines. |
| Azure IoT Identity Service | aka.ms raw.githubusercontent.com |
HTTPs / 443 | Checks the identity service version file is the latest version. |