Whitelisted URL to enable user sign-in to Windows using Azure AD account?

bcb44 81 Reputation points

I'm designing a device that operates a kiosk. I'd like to have of the accounts authenticate through our Azure AD tenant so an engineer can log in and perform service updates (we need in-person updates and can't use a MDM like Intune for updates). This account would be used for login and not for allowing access to other resources. Our device operates behind a restrictive firewall with only other device. What URLs do we need to whitelist in the firewall to allow Windows to authenticate users?

The only article I've been able to find for this is about Azure Key Vault (here) which says login.microsoftonline.com:443 but I'm assuming that's the same? All other articles talk about hybrid stuff which doesn't apply in our case


Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
12,712 questions
{count} votes

Accepted answer
  1. singhh-msft 2,381 Reputation points

    @bcb44 , thank you for reaching out to us. There is no direct documentation which is available for this as of now. But, after research, I found a similar setup's link. Since, you are looking for login using Azure AD, whitelisting login.microsoftonline.com:443 shall work and for safe-side, you can add *.login.microsoftonline.com:443 to allow all the matching URLs as well.

    Check out similar issue here. The right thing to do is to ensure these and all the endpoints your applications needs, are allowed through the firewall.


    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

1 additional answer

Sort by: Most helpful
  1. calvinhobbs 0 Reputation points

    Allow below list for Azure public cloud for authentication, reference link










    No comments