question

DennisK-1642 avatar image
0 Votes"
DennisK-1642 asked JamesHamil-MSFT answered

Connect Health agent - Firewall rules (Outbound connectivity to the Azure service endpoints)

I'm looking for some guidance on this article:
Azure AD Connect Health agent installation
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install

Down here:
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-health-agent-install#outbound-connectivity-to-the-azure-service-endpoints
we aren't certain which ports must be opened for the first 4 "General public" endpoints:
.blob.core.windows.net
.aadconnecthealth.azure.com
.servicebus.windows.net - Port: 5671 (This endpoint isn't required in the latest version of the agent.)
.adhybridhealth.azure.com/

I'm not really concerned about #3, assuming I shouldn't have problems with the latest agent. But for 1,2, and 4, I don't know if opening port 443 on firewall would be sufficient.

azure-ad-connectazure-ad-connect-health
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

JamesHamil-MSFT avatar image
0 Votes"
JamesHamil-MSFT answered

Hi @DennisK-1642 , following this document , port 443 looks to be the only port you need. Possibly 80 for servicebus.windows.net but it's not explicitly stated. I would stick with 443 unless you have any issues. Please let me know if you have any questions!

If this answer helped you please mark it as "Verified" so other users may reference it.

Thank you,
James


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.