Did you follow this doc ?
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/network-considerations
Enable Azure Domain Services and authentication (MFA) for VM in the cloud
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAB%3C/text%3E%3C/svg%3E)
André Borgeld
431
Reputation points
Now we have the following scenario
- Azure domain services
- Secure Hub (Third party firewall)
- Spoke (workload), a windows server VM
I have added 3389 RDP and 445 Smb to reach my machine (works fine). But the machine cannot reach the Azure Domain services for a Domain join and logon.
What (ports/url) do i need to open to join the server to the Azure domain and logon with Azure credentials? It has to be to be as secure as possible
Windows for business | Windows Server | User experience | Other
Microsoft Security | Microsoft Entra | Other
Microsoft Security | Microsoft Entra | Other
Additional Microsoft Entra services and features related to identity, access, and network security
2 answers
Sort by: Most helpful
-
Andy David - MVP 159.7K Reputation points MVP Volunteer Moderator2023-05-05T12:50:51.0766667+00:00 -
André Borgeld 431 Reputation points
2023-05-10T07:24:16.1466667+00:00 Good morning @Andy David - MVP , thanks yes seen it. It is more the Azure approach (but comes in handy) only with a third party firewall I've been looking for this. It gives me the device registration URL:
https://learn.microsoft.com/en-us/azure/active-directory/devices/howto-vm-sign-in-azure-ad-windows
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(67.2, 68%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELT%3C/text%3E%3C/svg%3E)
Limitless Technology 45,126 Reputation points2023-05-05T16:00:37.0233333+00:00 Hello Andre,
Thank you for your question and for reaching out with your question today.
General Azure services use standard TCP ports for HTTP (80) and HTTPS (443). However, the link below may be helpful for finding the troublesome port in your system:
https://learn.microsoft.com/azure/active-directory/hybrid/connect/reference-connect-ports
If the reply was helpful, please don’t forget to upvote or accept as answer.
Best regards.
-
André Borgeld 431 Reputation points
2023-05-10T07:26:18.8966667+00:00 Hello @Limitless Technology this is the authentication towards hybrid AD connect via passthrough. My config is in a DMZ in the cloud and I need the device registration/AzureAD URL/IP from the same cloud with an . Got it. Thank you
Sign in to comment -