Configure your network

Proxy configuration

Proxy requirements

The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.

Required Microsoft product endpoints

There are URLs from several Microsoft products that must be in the allowed list so that Windows Autopatch devices can communicate with those Microsoft services. Use the links to see the complete list for each product.

Important

The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see Features and capabilities and Licenses and entitlements.

Microsoft service URLs required on Allowlist
Microsoft Entra ID Hybrid identity required ports and protocols

Active Directory and Active Directory Domain Services Port Requirements

Microsoft Intune Intune network configuration requirements

Network endpoints for Microsoft Intune

Windows Update for Business (WUfB) Windows Update for Business firewall and proxy requirements

Required Windows Autopatch endpoints for proxy and firewall rules

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

Windows Autopatch is a cloud service. There's a set of endpoints that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service.

You can optimize your network by sending all trusted Microsoft 365 network requests directly through your firewall or proxy to bypass authentication, and all additional packet-level inspection or processing. This process reduces latency and your perimeter capacity requirements.

The following URLs must be on the allowed list of your proxy and firewall so that Windows Autopatch devices can communicate with Microsoft services. The Windows Autopatch URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network

Microsoft service URLs required on allowlist
Windows Autopatch
  • mmdcustomer.microsoft.com
  • mmdls.microsoft.com
  • logcollection.mmd.microsoft.com
  • support.mmd.microsoft.com
  • devicelistenerprod.microsoft.com
  • login.windows.net
  • payloadprod*.blob.core.windows.net

Delivery Optimization

Important

The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see Features and capabilities and Licenses and entitlements.

Delivery Optimization is a peer-to-peer distribution technology available in Windows 10 and Windows 11 that allows devices to share content, such as updates, that the devices downloaded from Microsoft over the internet. Delivery Optimization can help reduce network bandwidth because the device can get portions of the update from another device on the same local network instead of having to download the update completely from Microsoft.

For more information, see What is Delivery Optimization?

Tip

It's recommended to configure and validate Delivery Optimization when you activate Window Autopatch features. This only applies if you have Windows Enterprise E3+ and F3 licenses.