Whitelisted URL to enable user sign-in to Windows using Azure AD account?

bcb44 81 Reputation points
2021-06-04T00:56:07.43+00:00

I'm designing a device that operates a kiosk. I'd like to have of the accounts authenticate through our Azure AD tenant so an engineer can log in and perform service updates (we need in-person updates and can't use a MDM like Intune for updates). This account would be used for login and not for allowing access to other resources. Our device operates behind a restrictive firewall with only other device. What URLs do we need to whitelist in the firewall to allow Windows to authenticate users?

The only article I've been able to find for this is about Azure Key Vault (here) which says login.microsoftonline.com:443 but I'm assuming that's the same? All other articles talk about hybrid stuff which doesn't apply in our case

Thanks

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,712 questions
{count} votes

Accepted answer
  1. singhh-msft 2,381 Reputation points
    2021-06-08T05:19:27.047+00:00

    @bcb44 , thank you for reaching out to us. There is no direct documentation which is available for this as of now. But, after research, I found a similar setup's link. Since, you are looking for login using Azure AD, whitelisting login.microsoftonline.com:443 shall work and for safe-side, you can add *.login.microsoftonline.com:443 to allow all the matching URLs as well.

    Check out similar issue here. The right thing to do is to ensure these and all the endpoints your applications needs, are allowed through the firewall.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.


1 additional answer

Sort by: Most helpful
  1. calvinhobbs 0 Reputation points
    2023-01-25T03:59:58.9266667+00:00

    Allow below list for Azure public cloud for authentication, reference link

    *.login.microsoftonline.com

    *.aadcdn.msftauth.net

    *.aadcdn.msftauthimages.net

    *.aadcdn.msauthimages.net

    *.logincdn.msftauth.net

    *.login.live.com

    *.msauth.net

    *.aadcdn.microsoftonline-p.com

    *.microsoftonline-p.com

    No comments