Whitelisted URL to enable user sign-in to Windows using Azure AD account?

bcb44 86 Reputation points
2021-06-04T00:56:07.43+00:00

I'm designing a device that operates a kiosk. I'd like to have of the accounts authenticate through our Azure AD tenant so an engineer can log in and perform service updates (we need in-person updates and can't use a MDM like Intune for updates). This account would be used for login and not for allowing access to other resources. Our device operates behind a restrictive firewall with only other device. What URLs do we need to whitelist in the firewall to allow Windows to authenticate users?

The only article I've been able to find for this is about Azure Key Vault (here) which says login.microsoftonline.com:443 but I'm assuming that's the same? All other articles talk about hybrid stuff which doesn't apply in our case

Thanks

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
23,154 questions
{count} votes

Accepted answer
  1. singhh-msft 2,431 Reputation points
    2021-06-08T05:19:27.047+00:00

    @bcb44 , thank you for reaching out to us. There is no direct documentation which is available for this as of now. But, after research, I found a similar setup's link. Since, you are looking for login using Azure AD, whitelisting login.microsoftonline.com:443 shall work and for safe-side, you can add *.login.microsoftonline.com:443 to allow all the matching URLs as well.

    Check out similar issue here. The right thing to do is to ensure these and all the endpoints your applications needs, are allowed through the firewall.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    3 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. calvinhobbs 0 Reputation points
    2023-01-25T03:59:58.9266667+00:00

    Allow below list for Azure public cloud for authentication, reference link

    *.login.microsoftonline.com

    *.aadcdn.msftauth.net

    *.aadcdn.msftauthimages.net

    *.aadcdn.msauthimages.net

    *.logincdn.msftauth.net

    *.login.live.com

    *.msauth.net

    *.aadcdn.microsoftonline-p.com

    *.microsoftonline-p.com

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.