Bitlocker Save key to Azure AD Required Network urls/Ports list

Question

Hi Experts,

I got some errors on the device when I try to save Bitlocker key to Azure AD. I am sure on this I think Network firewall team is blocking the required ports, I would like to know what are the base required ports to communicate correctly with Azure AD as these devices are azure AD joined.

1. What are the required ports or URLS / IP whitelist for Azure AD join ?
2. List of Ports or URL / IP list for storing the Bitlocker Key in Azure AD.

Note:- all these devices are behind the Corporate Firewall.

Thank you for your time in reading this.

Appreciate your response.!!

Answer 1

Hi @Hun boy

Thank you for your post.

We do not have any port restrictions enforced, we would recommend device registration, and require the access on HTTPS port for the following URLs: https://login.microsoftonline.com
https://enterpriseregistration.windows.net And you need to exclude device.login.microsoftonline.com, if they are using device based CX policy. Also, you need to consider excusing MDM URLs like the following for Intune: https://portal.manage.microsoft.com

https://learn.microsoft.com/en-us/azure/active-directory/hybrid/reference-connect-ports
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-hybrid-azure-ad-join#network-connectivity-requirements

Additionally, here is the document for your reference on the worldwide endpoints, this is jfyi
https://learn.microsoft.com/en-gb/microsoft-365/enterprise/urls-and-ip-address-ranges?view=o365-worldwide#microsoft-365-common-and-office-online

Hope this helps.

Please "Accept the answer" if the information helped you, so that others in the community facing similar issues can easily find the solution.