准备网络
代理配置
Microsoft 托管桌面是一项云托管服务。 Microsoft 托管桌面服务需要能够访问一组终结点。 本部分列出了需要为 Microsoft 托管桌面服务的各个方面允许的终结点。
客户可以通过其防火墙或代理直接发送所有受信任的 Microsoft 365 网络请求来优化其网络。 它会绕过身份验证以及所有额外的数据包级别检查或处理。 此过程可减少延迟和外围容量要求。
此外,若要优化 Microsoft 托管桌面基于云的服务的性能,这些终结点需要通过客户端浏览器和边缘网络中的设备执行特殊处理。 这些设备包括:
- 防火墙
- SSL 中断和检查
- 数据包检查设备
- 数据丢失防护系统
代理要求
代理或防火墙必须支持 TLS 1.2。 否则,可能需要禁用协议检测。
Microsoft 托管桌面所必需的允许终结点
Microsoft 托管桌面使用 Azure 门户托管其 Web 控制台。 以下 URL 必须位于代理和防火墙的允许列表中,以便Microsoft 托管桌面设备可以与 Microsoft 服务通信。
Microsoft 托管桌面 URL 用于客户 API 上运行的任何服务。 必须确保始终可在公司网络上访问此 URL。
| Microsoft 服务 | 允许列表中所需的 URL |
|---|---|
| Microsoft 托管桌面 | mmdcustomer.microsoft.com logcollection.mmd.microsoft.com mmdls.microsoft.com support.mmd.microsoft.com |
| 获取帮助 | *.support.services.microsoft.com inprod.support.services.microsoft.com supportchannels.services.microsoft.com graph.windows.net login.windows.net concierge.live.com |
| 快速助手 | remoteassistance.support.services.microsoft.com relay.support.services.microsoft.com channelwebsdks.azureedge.net web.vortex.data.microsoft.com gateway.channelservices.microsoft.com *.lync.com |
| Microsoft 支持和恢复助手 | *.apibasic。诊断.office.com *。应用程序接口。诊断.office.com |
其他 Microsoft 产品使用的允许终结点
多个 Microsoft 产品的 URL 必须位于允许列表中,以便Microsoft 托管桌面设备可以与这些 Microsoft 服务通信。 使用链接查看每种产品的完整列表。
| Microsoft 服务 | 文档 |
|---|---|
| Windows 10 企业版包括适用于企业的 Windows 更新 |
管理 Windows 10 版本 1803 的连接终结点 管理 Windows 10 版本 1809 的连接终结点 管理 Windows 10 版本 1903 的连接终结点 管理 Windows 10 版本 2004 的连接终结点 |
| 传递优化 | 配置适用于 Windows 10 更新的传递优化 |
| Microsoft 365 | Microsoft 365 URL 和 IP 地址范围 |
| Microsoft Entra ID |
混合标识所需的端口和协议 Active Directory 和 Active Directory 域服务端口要求。 |
| Microsoft Intune |
Intune 网络配置要求 Microsoft Intune 网络终结点 |
| 终结点Microsoft Defender XDR | 终结点要求Microsoft Defender XDR |
| Windows Autopilot | Windows Autopilot 网络要求 |
| Microsoft 服务 | 允许列表中所需的 URL | 文档源 |
|---|---|---|
| 适用于企业的 Windows 更新 (WUfB) | update.microsoft.com *.update.microsoft.com download.windowsupdate.com *.download.windowsupdate.com download.microsoft.com *.download.microsoft.com windowsupdate.com *.windowsupdate.com ntservicepack.microsoft.com wustat.windows.com login.live.com mp.microsoft.com *.mp.microsoft.com |
适用于企业的 Windows 更新防火墙和代理要求 |
| 传递优化 | *.do.dsp.mp.microsoft.com *.dl.delivery.mp.microsoft.com *.emdl.ws.microsoft.com *.download.windowsupdate.com *.windowsupdate.com |
Windows 更新代理要求 |
| Microsoft 365 | *.office365.com *.office.com *.office.net *.live.com *.portal.cloudappsecurity.com *.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com <tenant.onmicrosoft.com> account.office.net agent.office.net apc.delve.office.com aus.delve.office.com can.delve.office.com delve.office.com eur.delve.office.com gbr.delve.office.com home.office.com ind.delve.office.com jpn.delve.office.com kor.delve.office.com lam.delve.office.com nam.delve.office.com admin.microsoft.com Outlook.office365.com suite.office.net webshell.suite.office.com www.office.com *.aria.microsoft.com browser.pipe.aria.microsoft.com mobile.pipe.aria.microsoft.com portal.microsoftonline.com clientlog.admin.microsoft.com nexus.officeapps.live.com nexusrules.officeapps.live.com amp.azure.net *.o365weve.com auth.gfx.ms appsforoffice.microsoft.com assets.onestore.ms az826701.vo.msecnd.net c.microsoft.com c1.microsoft.com client.hip.live.com contentstorage.osi.office.net dgps.support.microsoft.com learn.microsoft.com groupsapi- rod.outlookgroups.ms groupsapi2-prod.outlookgroups.ms groupsapi3-prod.outlookgroups.ms groupsapi4-prod.outlookgroups.ms msdn.microsoft.com platform.linkedin.com products.office.com prod.msocdn.com r1.res.office365.com r4.res.office365.com res.delve.office.com shellprod.msocdn.com support.content.office.net support.microsoft.com support.office.com technet.microsoft.com templates.office.com video.osi.office.net videocontent.osi.office.net videoplayercdn.osi.office.net *.manage.office.com *.protection.office.com manage.office.com Protection.office.com diagnostics.office.com |
Microsoft 365 URL 和 IP 地址范围 |
| Microsoft Entra ID | api.login.microsoftonline.com api.passwordreset.microsoftonline.com autologon.microsoftazuread-sso.com becws.microsoftonline.com clientconfig.microsoftonline-p.net companymanager.microsoftonline.com device.login.microsoftonline.com hip.microsoftonline-p.net hipservice.microsoftonline.com login.microsoft.com login.microsoftonline.com logincert.microsoftonline.com loginex.microsoftonline.com login-us.microsoftonline.com login.microsoftonline-p.com login.windows.net nexus.microsoftonline-p.com passwordreset.microsoftonline.com provisioningapi.microsoftonline.com stamp2.login.microsoftonline.com *.msappproxy.net ccs.login.microsoftonline.com ccs-sdf.login.microsoftonline.com accounts.accesscontrol.windows.net secure.aadcdn.microsoftonline-p.com *.phonefactor.net account.activedirectory.windowsazure.com secure.aadcdn.microsoftonline-p.com graph.microsoft.com |
混合标识所需的端口和协议以及 Active Directory 和 Active Directory 域服务端口要求 |
| Microsoft Intune | login.microsoftonline.com portal.manage.microsoft.com m.manage.microsoft.com sts.manage.microsoft.com Manage.microsoft.com i.manage.microsoft.com r.manage.microsoft.com a.manage.microsoft.com p.manage.microsoft.com EnterpriseEnrollment.manage.microsoft.com EnterpriseEnrollment-s.manage.microsoft.com portal.fei.msua01.manage.microsoft.com m.fei.msua01.manage.microsoft.com fei.msua01.manage.microsoft.com portal.fei.msua01.manage.microsoft.com m.fei.msua01.manage.microsoft.com fei.msua02.manage.microsoft.com portal.fei.msua02.manage.microsoft.com m.fei.msua02.manage.microsoft.com fei.msua02.manage.microsoft.com portal.fei.msua02.manage.microsoft.com m.fei.msua02.manage.microsoft.com fei.msua04.manage.microsoft.com portal.fei.msua04.manage.microsoft.com m.fei.msua04.manage.microsoft.com fei.msua04.manage.microsoft.com portal.fei.msua04.manage.microsoft.com m.fei.msua04.manage.microsoft.com fei.msua05.manage.microsoft.com portal.fei.msua05.manage.microsoft.com m.fei.msua05.manage.microsoft.com fei.msua05.manage.microsoft.com portal.fei.msua05.manage.microsoft.com m.fei.msua05.manage.microsoft.com fei.amsua0502.manage.microsoft.com portal.fei.amsua0502.manage.microsoft.com m.fei.amsua0502.manage.microsoft.com fei.amsua0502.manage.microsoft.com portal.fei.amsua0502.manage.microsoft.com m.fei.amsua0502.manage.microsoft.com fei.msua06.manage.microsoft.com portal.fei.msua06.manage.microsoft.com m.fei.msua06.manage.microsoft.com fei.msua06.manage.microsoft.com portal.fei.msua06.manage.microsoft.com m.fei.msua06.manage.microsoft.com fei.amsua0602.manage.microsoft.com portal.fei.amsua0602.manage.microsoft.com m.fei.amsua0602.manage.microsoft.com fei.amsua0602.manage.microsoft.com portal.fei.amsua0602.manage.microsoft.com m.fei.amsua0602.manage.microsoft.com fei.msub01.manage.microsoft.com portal.fei.msub01.manage.microsoft.com m.fei.msub01.manage.microsoft.com fei.msub01.manage.microsoft.com portal.fei.msub01.manage.microsoft.com m.fei.msub01.manage.microsoft.com fei.amsub0102.manage.microsoft.com portal.fei.amsub0102.manage.microsoft.com m.fei.amsub0102.manage.microsoft.com fei.amsub0102.manage.microsoft.com portal.fei.amsub0102.manage.microsoft.com m.fei.amsub0102.manage.microsoft.com fei.msub02.manage.microsoft.com portal.fei.msub02.manage.microsoft.com m.fei.msub02.manage.microsoft.com fei.msub02.manage.microsoft.com portal.fei.msub02.manage.microsoft.com m.fei.msub02.manage.microsoft.com fei.msub03.manage.microsoft.com portal.fei.msub03.manage.microsoft.com m.fei.msub03.manage.microsoft.com fei.msub03.manage.microsoft.com portal.fei.msub03.manage.microsoft.com m.fei.msub03.manage.microsoft.com fei.msub05.manage.microsoft.com portal.fei.msub05.manage.microsoft.com m.fei.msub05.manage.microsoft.com fei.msub05.manage.microsoft.com portal.fei.msub05.manage.microsoft.com m.fei.msub05.manage.microsoft.com fei.msuc01.manage.microsoft.com portal.fei.msuc01.manage.microsoft.com m.fei.msuc01.manage.microsoft.com fei.msuc01.manage.microsoft.com portal.fei.msuc01.manage.microsoft.com m.fei.msuc01.manage.microsoft.com fei.msuc02.manage.microsoft.com portal.fei.msuc02.manage.microsoft.com m.fei.msuc02.manage.microsoft.com fei.msuc02.manage.microsoft.com portal.fei.msuc02.manage.microsoft.com m.fei.msuc02.manage.microsoft.com fei.msuc03.manage.microsoft.com portal.fei.msuc03.manage.microsoft.com m.fei.msuc03.manage.microsoft.com fei.msuc03.manage.microsoft.com portal.fei.msuc03.manage.microsoft.com m.fei.msuc03.manage.microsoft.com fei.msuc05.manage.microsoft.com portal.fei.msuc05.manage.microsoft.com m.fei.msuc05.manage.microsoft.com fei.msuc05.manage.microsoft.com portal.fei.msuc05.manage.microsoft.com m.fei.msuc05.manage.microsoft.com fef.msua01.manage.microsoft.com fef.msua02.manage.microsoft.com fef.msua04.manage.microsoft.com fef.msua05.manage.microsoft.com fef.msua06.manage.microsoft.com fef.msua07.manage.microsoft.com fef.msub01.manage.microsoft.com fef.msub02.manage.microsoft.com fef.msub03.manage.microsoft.com fef.msub05.manage.microsoft.com fef.msuc01.manage.microsoft.com fef.msuc02.manage.microsoft.com fef.msuc03.manage.microsoft.com fef.msuc05.manage.microsoft.com |
Intune 网络配置要求 |
| OneDrive for Business | onedrive.com *.onedrive.com onedrive.live.com login.live.com spoprod-a.akamaihd.net *.mesh.com p.sfx.ms *.microsoft.com fabric.io *.crashlytics.com vortex.data.microsoft.com https://posarprodcssservice.accesscontrol.windows.net redemptionservices.accesscontrol.windows.net token.cp.microsoft.com/ tokensit.cp.microsoft-tst.com/ *.office.com *.officeapps.live.com *.aria.microsoft.com *.mobileengagement.windows.net *.branch.io *.adjust.com *.servicebus.windows.net vas.samsungapps.com odc.officeapps.live.com login.windows.net login.microsoftonline.com *.files.1drv.com *.onedrive.live.com *.*.onedrive.live.com storage.live.com *.storage.live.com *.*.storage.live.com *.groups.office.live.com *.groups.photos.live.com *.groups.skydrive.live.com favorites.live.com oauth.live.com photos.live.com skydrive.live.com api.live.net apis.live.net docs.live.net *.docs.live.net policies.live.net *.policies.live.net settings.live.net *.settings.live.net skyapi.live.net snapi.live.net *.livefilestore.com *.*.livefilestore.com storage.msn.com *.storage.msn.com *.*.storage.msn.com |
OneDrive 所需的 URL 及端口 |
| Microsoft Defender 高级威胁防护 (ATP) | \ *.oms.opinsights.azure.com *.blob.core.windows.net *.azure-automation.net *.ods.opinsights.azure.com winatp-gw-cus.microsoft.com winatp-gw-eus.microsoft.com winatp-gw-neu.microsoft.com winatp-gw-weu.microsoft.com winatp-gw-uks.microsoft.com winatp-gw-ukw.microsoft.com winatp-gw-aus.microsoft.com winatp-gw-aue.microsoft.com |
Windows Defender ATP 终结点 |
| 获取帮助 | *.support.services.microsoft.com inprod.support.services.microsoft.com supportchannels.services.microsoft.com graph.windows.net login.windows.net concierge.live.com rave.office.net |
|
| 快速助手 | remoteassistance.support.services.microsoft.com relay.support.services.microsoft.com channelwebsdks.azureedge.net web.vortex.data.microsoft.com gateway.channelservices.microsoft.com *.lync.com |
|
| SharePoint Online | *.sharepoint.com \ *.svc.ms <tenant.sharepoint.com> <tenant-my.sharepoint.com> <tenant-files.sharepoint.com> <tenant-myfiles.sharepoint.com> *.sharepointonline.com cdn.sharepointonline.com static.sharepointonline.com spoprod-a.akamaihd.net publiccdn.sharepointonline.com privatecdn.sharepointonline.com |
Office 365 URL 和 IP 地址范围 |
| OneDrive for Business | admin.onedrive.com officeclient.microsoft.com odc.officeapps.live.com skydrive.wns.windows.com g.live.com oneclient.sfx.ms *.log.optimizely.com click.email.microsoftonline.com ssw.live.com storage.live.com |
Office 365 URL 和 IP 地址范围 |
| Microsoft Teams | *.teams.skype.com *.teams.microsoft.com teams.microsoft.com *.asm.skype.com \ *.cc.skype.com *.conv.skype.com *.dc.trouter.io *.msg.skype.com prod.registrar.skype.com prod.tpc.skype.com *.broker.skype.com *.config.skype.com *.pipe.skype.com *.pipe.aria.microsoft.com config.edge.skype.com pipe.skype.com s-0001.s-msedge.net s-0004.s-msedge.net scsinstrument-ss-us.trafficmanager.net scsquery-ss- us.trafficmanager.net scsquery-ss-eu.trafficmanager.net scsquery-ss-asia.trafficmanager.net *.msedge.net compass-ssl.microsoft.com feedback.skype.com *.secure.skypeassets.com mlccdnprod.azureedge.net videoplayercdn.osi.office.net *.mstea.ms |
Office 365 URL 和 IP 地址范围 |
| Power BI | maxcdn.bootstrapcdn.com ajax.aspnetcdn.com netdna.bootstrapcdn.com cdn.optimizely.com google-analytics.com *.mktoresp.com *.aadcdn.microsoftonline-p.com *.msecnd.com *.localytics.com ajax.aspnetcdn.com *.localytics.com *.virtualearth.net platform.bing.com powerbi.microsoft.com c.microsoft.com app.powerbi.com *.powerbi.com dc.services.visualstudio.com support.powerbi.com go.microsoft.com c1.microsoft.com *.azureedge.net |
Power BI 和 Express Route |
| OneNote | apis.live.net www.onedrive.com login.microsoft.com www.onenote.com *.onenote.com *.msecnd.net *.microsoft.com *.office.net cdn.onenote.net site-cdn.onenote.net cdn.optimizely.com Ajax.aspnetcdn.com officeapps.live.com \*.onenote.com *cdn.onenote.net contentstorage.osi.office.net *onenote.officeapps.live.com *.microsoft.com |
Office 365 URL 和 IP 地址范围 |