Azure SSO - Minimum firewall rules required?

Jordan 1 Reputation point


I have an isolated network with no internet access that presently authenticates to resources they need via AD FS. We're in the process of migrating all of our SSO relationships to Azure AD, and so I need to provide the minimum level of internet access required for this network to reach Azure's SAML authentication services in order to migrate.

I'm able to permit this access via URLs or IP ranges, but just can't figure out what they should be. All of the documentation I've managed to find lists all of the URLs and IPs required for full O365/Azure access, but I haven't found any that speak to just the SAML authentication services.

In packet captures I can see that the following are used:


I'd rather not gamble that Microsoft won't add any new domains to that list though, and would prefer to make this exception based on official documentation, if available.

Does anyone know if such a list of IPs/URLs exists?

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
14,641 questions
{count} votes