Events
Nov 19, 11 PM - Nov 21, 11 PM
Gain the competitive edge you need with powerful AI and Cloud solutions by attending Microsoft Ignite online.
Register nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Many enterprises use firewalls to block unwanted network traffic and ports; unfortunately, this can also block important things like Windows Notification Service communications. This means all notifications sent through WNS will be dropped under certain network configurations. To avoid this, network admins can add the list of approved WNS FQDNs or VIPs to their exemption list to allow the WNS traffic to pass through the firewall.
Note
WNS Push Notifications may not support proxies. There are many different proxy setups and environments, and not all configurations are guaranteed work with WNS. For best results, the connection to WNS must be a direct connection, however, VPN interfaces can be used.
We welcome any feedback about proxy support. Please direct your feedback to https://aka.ms/windowsappsdk and file an issue for tracking interest in proxy support for WNS. Feel free to add the "area-Notifications" label to your issue for quicker visibility with the notifications team.
Below is a list that contains the FQDNs, VIPs, and IP address ranges used by the Windows Notification Service.
Important
We strongly suggest that you allow list by FQDN, because these will not change. If you allow list by FQDN, you do not need to also allow the IP address ranges.
Important
The IP address ranges will change periodically; because of this, they are not included on this page. If you want to see the list of IP ranges, you can download the file from Download Center: Windows Notification Service (WNS) VIP and IP Ranges. Please check back regularly to make sure you have the most up-to-date information.
Regardless of the method you choose from below, you'll need to allow network traffic to the listed destinations through port 443. Each of the elements in the following XML document is explained in the table that follows it (in Terms and Notations). The IP ranges were intentionally left out of this document to encourage you to use only the FQDNs as the FQDNs will remain constant. However, you can download the XML file containing the complete list from Download Center: Windows Notification Service (WNS) VIP and IP Ranges. New VIPs or IP ranges will be effective one week after they are uploaded.
<?xml version="1.0" encoding="UTF-8"?>
<WNSPublicIpAddresses xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<!-- This file contains the FQDNs, VIPs, and IP address ranges used by the Windows Notification Service. A new text file will be uploaded every time a new VIP or IP range is released in production. Please copy the below information and perform the necessary changes on your site. Endpoints in CloudService nodes are used for cloud services to send notifications to WNS. Endpoints in Client nodes are used by devices to receive notifications from WNS. -->
<CloudServiceDNS>
<DNS FQDN="*.notify.windows.com"/>
</CloudServiceDNS>
<ClientDNS>
<DNS FQDN="*.wns.windows.com"/>
<DNS FQDN="*.notify.live.net"/>
</ClientDNS>
<CloudServiceIPs>
<IpRange Subnet=""/>
<!-- See the file in Download Center for the complete list of IP ranges -->
</CloudServiceIPs>
<ClientIPsIPv4>
<IpRange Subnet=""/>
<!-- See the file in Download Center for the complete list of IP ranges -->
</ClientIPsIPv4>
<IdentityServiceDNS>
<DNS FQDN="login.microsoftonline.com"/>
<DNS FQDN="login.live.com"/>
</IdentityServiceDNS>
</WNSPublicIpAddresses>
Below are explanations on the notations and elements used in the above XML snippet.
Term | Explanation |
---|---|
Dot-decimal notation (i.e. 64.4.28.0/26) | Dot-decimal notation is a way to describe the range of IP addresses. For example, 64.4.28.0/26 means the first 26 bits of 64.4.28.0 are constant, while the last 6 bits are variable. In this case, the IPv4 range is 64.4.28.0 - 64.4.28.63. |
ClientDNS | These are the Fully-Qualified Domain Name (FQDN) filters for the client devices (Windows PCs, desktops) receiving notifications from WNS. These must be allowed through the firewall in order for WNS clients to use the WNS Functionality. It is recommended to allow-list by the FQDNs instead of the IP/VIP ranges, since these will never change. |
ClientIPsIPv4 | These are the IPv4 addresses of the servers accessed by client devices (Windows PCs, desktops) receiving notifications from WNS. |
CloudServiceDNS | These are the Fully-Qualified Domain Name (FQDN) filters for the WNS servers your cloud service will talk to send notifications to WNS. These must be allowed through the firewall in order for services to send WNS notifications. It is recommended to allow-list by the FQDNs instead of the IP/VIP ranges, since these will never change. |
CloudServiceIPs | CloudServiceIPs are the IPv4 addresses of the servers used for cloud services to send notifications to WNS |
If you are using the legacy notification service, MPNS, the IP address ranges that you will need to add to the allow list are available from Download Center: Microsoft Push Notifications Service (MPNS) Public IP ranges.
Windows developer feedback
Windows developer is an open source project. Select a link to provide feedback:
Events
Nov 19, 11 PM - Nov 21, 11 PM
Gain the competitive edge you need with powerful AI and Cloud solutions by attending Microsoft Ignite online.
Register nowTraining
Module
Implement Windows Server IaaS VM network security - Training
Implement Windows Server IaaS VM network security