Configure your network

Proxy configuration

Proxy requirements

The proxy or firewall must support TLS 1.2. Otherwise, you might have to disable protocol detection.

Required Microsoft product endpoints

There are URLs from several Microsoft products that must be in the allowed list so that Windows Autopatch devices can communicate with those Microsoft services. Use the links to see the complete list for each product.

Business Premium and A3+

Important

The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see Features and capabilities and Licenses and entitlements.

Microsoft service	URLs required on Allowlist
Microsoft Entra ID	Hybrid identity required ports and protocols Active Directory and Active Directory Domain Services Port Requirements
Microsoft Intune	Intune network configuration requirements Network endpoints for Microsoft Intune
Windows Update for Business (WUfB)	Windows Update for Business firewall and proxy requirements

Windows Enterprise E3+ and F3

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

In addition to the Microsoft Entra ID, Intune and Windows Update for Business endpoints listed in the Business Premium and A3+ licenses section, the following endpoints apply to Windows E3+ and F3 licenses that have activated Windows Autopatch features. There are URLs from several Microsoft products that must be in the allowed list so that devices can communicate with Windows Autopatch. Use the links to see the complete list for each product.

Microsoft service	URLs required on Allowlist
Windows 10/11 Enterprise including Windows Update for Business	Manage connection endpoints for Windows 10 Enterprise, version 1909 Manage connection endpoints for Windows 10 Enterprise, version 2004 Connection endpoints for Windows 10 Enterprise, version 20H2 Manage connection endpoints for Windows 10 Enterprise, version 21H1 Manage connection endpoints for Windows 10 Enterprise, version 21H2 Manage connection endpoints for Windows 11 Enterprise
Microsoft 365	Microsoft 365 URL and IP address ranges
Microsoft Edge	Allowlist for Microsoft Edge Endpoints
Microsoft Teams	Office 365 URLs and IP address ranges

Required Windows Autopatch endpoints for proxy and firewall rules

Important

The information in this article or section only applies if you have Windows Enterprise E3+ or F3 licenses (included in Microsoft 365 F3, E3, or E5) licenses and have activated Windows Autopatch features.

Feature activation is optional and at no additional cost to you if you have Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) licenses.

For more information, see Licenses and entitlements. If you choose not to go through feature activation, you can still use the Windows Autopatch service for the features included in Business premium and A3+ licenses.

Windows Autopatch is a cloud service. There's a set of endpoints that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service.

You can optimize your network by sending all trusted Microsoft 365 network requests directly through your firewall or proxy to bypass authentication, and all additional packet-level inspection or processing. This process reduces latency and your perimeter capacity requirements.

The following URLs must be on the allowed list of your proxy and firewall so that Windows Autopatch devices can communicate with Microsoft services. The Windows Autopatch URL is used for anything our service runs on the customer API. You must ensure this URL is always accessible on your corporate network

Microsoft service	URLs required on allowlist
Windows Autopatch	mmdcustomer.microsoft.com mmdls.microsoft.com logcollection.mmd.microsoft.com support.mmd.microsoft.com devicelistenerprod.microsoft.com login.windows.net payloadprod*.blob.core.windows.net device.autopatch.microsoft.com

Delivery Optimization

Important

The information in section applies to Business premium, A3+, E3+ and F3 licenses. For more information, see Features and capabilities and Licenses and entitlements.

Delivery Optimization is a peer-to-peer distribution technology available in Windows 10 and Windows 11 that allows devices to share content, such as updates, that the devices downloaded from Microsoft over the internet. Delivery Optimization can help reduce network bandwidth because the device can get portions of the update from another device on the same local network instead of having to download the update completely from Microsoft.

For more information, see What is Delivery Optimization?

Tip

It's recommended to configure and validate Delivery Optimization when you activate Window Autopatch features. This only applies if you have Windows Enterprise E3+ and F3 licenses.