Configure your network
Windows Autopatch is a cloud service. There's a set of endpoints that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service.
You can optimize their network by sending all trusted Microsoft 365 network requests directly through their firewall or proxy to bypass authentication, and all additional packet-level inspection or processing. This process reduces latency and your perimeter capacity requirements.
The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.
Required Windows Autopatch endpoints for proxy and firewall rules
The following URLs must be on the allowed list of your proxy and firewall so that Windows Autopatch devices can communicate with Microsoft services.
The Windows Autopatch URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network.
|Microsoft service||URLs required on allowlist|
Required Microsoft product endpoints
There are URLs from several Microsoft products that must be in the allowed list so that Windows Autopatch devices can communicate with those Microsoft services. Use the links to see the complete list for each product.
|Microsoft service||URLs required on Allowlist|
|Windows 10/11 Enterprise including Windows Update for Business||Manage connection endpoints for Windows 10 Enterprise, version 1909
Manage connection endpoints for Windows 10 Enterprise, version 2004
Connection endpoints for Windows 10 Enterprise, version 20H2
Manage connection endpoints for Windows 10 Enterprise, version 21H1
Manage connection endpoints for Windows 10 Enterprise, version 21H2
|Microsoft 365||Microsoft 365 URL and IP address ranges|
|Azure Active Directory||Hybrid identity required ports and protocols
Active Directory and Active Directory Domain Services Port Requirements
|Microsoft Intune||Intune network configuration requirements|
|Microsoft Edge||Allowlist for Microsoft Edge Endpoints|
|Microsoft Teams||Office 365 URLs and IP address ranges|
|Windows Update for Business (WUfB)||Windows Update for Business firewall and proxy requirements|
Delivery Optimization is a peer-to-peer distribution technology available in Windows 10 and Windows 11 that allows devices to share content, such as updates, that the devices downloaded from Microsoft over the internet. Delivery Optimization can help reduce network bandwidth because the device can get portions of the update from another device on the same local network instead of having to download the update completely from Microsoft.
Windows Autopatch supports and recommends you configure and validate Delivery Optimization when you enroll into the Window Autopatch service. For more information, see What is Delivery Optimization?
Submit and view feedback for