準備您的網路
Proxy 設定
Microsoft 受管理的電腦是雲端管理的服務。 Microsoft 受管理的電腦服務必須能夠連接一組端點。 本節列出 Microsoft 受管理的電腦服務的各個層面需要允許的端點。
客戶可以透過防火牆或 Proxy 直接傳送所有信任的 Microsoft 365 網路要求,以最佳化其網路。 這麼做會略過驗證,以及所有其他封包層級檢查或處理。 此程序會降低延遲和您的周邊容量需求。
此外,若要最佳化 Microsoft 受管理的電腦雲端式服務的效能,這些端點需要客戶用戶端瀏覽器及其邊緣網路中裝置進行特殊處理。 這些裝置包括:
- 防火牆
- SSL 中斷和檢查
- 封包檢查裝置
- 資料外洩防護系統
Proxy 需求
Proxy 或防火牆必須支援 TLS 1.2。 否則,您可能必須停用通訊協定偵測。
Microsoft 受管理的電腦所需的允許端點
Microsoft 受管理的電腦使用 Azure 入口網站來主控其 Web 主控台。 下列 URL 必須位於您的 Proxy 和防火牆允許清單中,Microsoft 受管理的電腦裝置才能與 Microsoft 服務通訊。
Microsoft 受管理的電腦 URL 會用於我們的服務在客戶 API 上執行的任何項目。 您必須確保此 URL 一律可於公司網路上使用。
| Microsoft 服務 | 允許清單上所需的 URL |
|---|---|
| Microsoft 受管理的電腦 | mmdcustomer.microsoft.com logcollection.mmd.microsoft.com mmdls.microsoft.com support.mmd.microsoft.com |
| 取得說明 | *.support.services.microsoft.com inprod.support.services.microsoft.com supportchannels.services.microsoft.com graph.windows.net login.windows.net concierge.live.com |
| 快速助手 | remoteassistance.support.services.microsoft.com relay.support.services.microsoft.com channelwebsdks.azureedge.net web.vortex.data.microsoft.com gateway.channelservices.microsoft.com *.lync.com |
| Microsoft 支援及修復小幫手 | *.apibasic.diagnostics.office.com *.api.diagnostics.office.com |
允許其他 Microsoft 產品使用的端點
必須將數個 Microsoft 產品的 URL 列於允許清單中,Microsoft 受管理的電腦裝置才能與這些 Microsoft 服務通訊。 使用連結來查看每個產品的完整清單。
| Microsoft 服務 | 文件 |
|---|---|
| Windows 10 企業版,包括商務用 Windows Update | 管理適用於 Windows 10 版本 1803 的連線端點 管理適用於 Windows 10 版本 1809 的連線端點 管理適用於 Windows 10 版本 1903 的連線端點 管理適用於 Windows 10 版本 2004 的連線端點 |
| 傳遞最佳化 | 為 Windows 10 更新設定傳遞最佳化 |
| Microsoft 365 | Microsoft 365 URL 和 IP 位址範圍 |
| Microsoft Entra ID | 混合式身分識別所需的連接埠和通訊協定 Active Directory 和 Active Directory 網域服務連接埠需求 |
| Microsoft Intune | Intune 網路設定需求 Microsoft Intune 的網路端點 |
| 適用於端點的 Microsoft Defender XDR | 適用於端點的 Microsoft Defender XDR 需求 |
| Windows Autopilot | Windows Autopilot 網路需求 |
| Microsoft 服務 | 允許清單上所需的 URL | 文件來源 |
|---|---|---|
| 商務用 Windows Update (WUfB) | update.microsoft.com *.update.microsoft.com download.windowsupdate.com *.download.windowsupdate.com download.microsoft.com *.download.microsoft.com windowsupdate.com *.windowsupdate.com ntservicepack.microsoft.com wustat.windows.com login.live.com mp.microsoft.com *.mp.microsoft.com |
商務用 Windows Update 防火牆和 Proxy 需求 |
| 傳遞最佳化 | *.do.dsp.mp.microsoft.com *.dl.delivery.mp.microsoft.com *.emdl.ws.microsoft.com *.download.windowsupdate.com *.windowsupdate.com |
Windows Update Proxy 需求 |
| Microsoft 365 | *.office365.com *.office.com *.office.net *.live.com *.portal.cloudappsecurity.com *.portal.cloudappsecurity.com *.us.portal.cloudappsecurity.com *.eu.portal.cloudappsecurity.com *.us2.portal.cloudappsecurity.com <tenant.onmicrosoft.com> account.office.net agent.office.net apc.delve.office.com aus.delve.office.com can.delve.office.com delve.office.com eur.delve.office.com gbr.delve.office.com home.office.com ind.delve.office.com jpn.delve.office.com kor.delve.office.com lam.delve.office.com nam.delve.office.com admin.microsoft.com outlook.office365.com suite.office.net webshell.suite.office.com www.office.com *.aria.microsoft.com browser.pipe.aria.microsoft.com mobile.pipe.aria.microsoft.com portal.microsoftonline.com clientlog.admin.microsoft.com nexus.officeapps.live.com nexusrules.officeapps.live.com amp.azure.net *.o365weve.com auth.gfx.ms appsforoffice.microsoft.com assets.onestore.ms az826701.vo.msecnd.net c.microsoft.com c1.microsoft.com client.hip.live.com contentstorage.osi.office.net dgps.support.microsoft.com learn.microsoft.com groupsapi- rod.outlookgroups.ms groupsapi2-prod.outlookgroups.ms groupsapi3-prod.outlookgroups.ms groupsapi4-prod.outlookgroups.ms msdn.microsoft.com platform.linkedin.com products.office.com prod.msocdn.com r1.res.office365.com r4.res.office365.com res.delve.office.com shellprod.msocdn.com support.content.office.net support.microsoft.com support.office.com technet.microsoft.com templates.office.com video.osi.office.net videocontent.osi.office.net videoplayercdn.osi.office.net *.manage.office.com *.protection.office.com manage.office.com Protection.office.com diagnostics.office.com |
Microsoft 365 URL 和 IP 位址範圍 |
| Microsoft Entra ID | api.login.microsoftonline.com api.passwordreset.microsoftonline.com autologon.microsoftazuread-sso.com becws.microsoftonline.com clientconfig.microsoftonline-p.net companymanager.microsoftonline.com device.login.microsoftonline.com hip.microsoftonline-p.net hipservice.microsoftonline.com login.microsoft.com login.microsoftonline.com logincert.microsoftonline.com loginex.microsoftonline.com login-us.microsoftonline.com login.microsoftonline-p.com login.windows.net nexus.microsoftonline-p.com passwordreset.microsoftonline.com provisioningapi.microsoftonline.com stamp2.login.microsoftonline.com *.msappproxy.net ccs.login.microsoftonline.com ccs-sdf.login.microsoftonline.com accounts.accesscontrol.windows.net secure.aadcdn.microsoftonline-p.com *.phonefactor.net account.activedirectory.windowsazure.com secure.aadcdn.microsoftonline-p.com graph.microsoft.com |
混合式身分識別所需的連接埠和通訊協定和 Active Directory 和 Active Directory 網域服務連接埠需求 |
| Microsoft Intune | login.microsoftonline.com portal.manage.microsoft.com m.manage.microsoft.com sts.manage.microsoft.com Manage.microsoft.com i.manage.microsoft.com r.manage.microsoft.com a.manage.microsoft.com p.manage.microsoft.com EnterpriseEnrollment.manage.microsoft.com EnterpriseEnrollment-s.manage.microsoft.com portal.fei.msua01.manage.microsoft.com m.fei.msua01.manage.microsoft.com fei.msua01.manage.microsoft.com portal.fei.msua01.manage.microsoft.com m.fei.msua01.manage.microsoft.com fei.msua02.manage.microsoft.com portal.fei.msua02.manage.microsoft.com m.fei.msua02.manage.microsoft.com fei.msua02.manage.microsoft.com portal.fei.msua02.manage.microsoft.com m.fei.msua02.manage.microsoft.com fei.msua04.manage.microsoft.com portal.fei.msua04.manage.microsoft.com m.fei.msua04.manage.microsoft.com fei.msua04.manage.microsoft.com portal.fei.msua04.manage.microsoft.com m.fei.msua04.manage.microsoft.com fei.msua05.manage.microsoft.com portal.fei.msua05.manage.microsoft.com m.fei.msua05.manage.microsoft.com fei.msua05.manage.microsoft.com portal.fei.msua05.manage.microsoft.com m.fei.msua05.manage.microsoft.com fei.amsua0502.manage.microsoft.com portal.fei.amsua0502.manage.microsoft.com m.fei.amsua0502.manage.microsoft.com fei.amsua0502.manage.microsoft.com portal.fei.amsua0502.manage.microsoft.com m.fei.amsua0502.manage.microsoft.com fei.msua06.manage.microsoft.com portal.fei.msua06.manage.microsoft.com m.fei.msua06.manage.microsoft.com fei.msua06.manage.microsoft.com portal.fei.msua06.manage.microsoft.com m.fei.msua06.manage.microsoft.com fei.amsua0602.manage.microsoft.com portal.fei.amsua0602.manage.microsoft.com m.fei.amsua0602.manage.microsoft.com fei.amsua0602.manage.microsoft.com portal.fei.amsua0602.manage.microsoft.com m.fei.amsua0602.manage.microsoft.com fei.msub01.manage.microsoft.com portal.fei.msub01.manage.microsoft.com m.fei.msub01.manage.microsoft.com fei.msub01.manage.microsoft.com portal.fei.msub01.manage.microsoft.com m.fei.msub01.manage.microsoft.com fei.amsub0102.manage.microsoft.com portal.fei.amsub0102.manage.microsoft.com m.fei.amsub0102.manage.microsoft.com fei.amsub0102.manage.microsoft.com portal.fei.amsub0102.manage.microsoft.com m.fei.amsub0102.manage.microsoft.com fei.msub02.manage.microsoft.com portal.fei.msub02.manage.microsoft.com m.fei.msub02.manage.microsoft.com fei.msub02.manage.microsoft.com portal.fei.msub02.manage.microsoft.com m.fei.msub02.manage.microsoft.com fei.msub03.manage.microsoft.com portal.fei.msub03.manage.microsoft.com m.fei.msub03.manage.microsoft.com fei.msub03.manage.microsoft.com portal.fei.msub03.manage.microsoft.com m.fei.msub03.manage.microsoft.com fei.msub05.manage.microsoft.com portal.fei.msub05.manage.microsoft.com m.fei.msub05.manage.microsoft.com fei.msub05.manage.microsoft.com portal.fei.msub05.manage.microsoft.com m.fei.msub05.manage.microsoft.com fei.msuc01.manage.microsoft.com portal.fei.msuc01.manage.microsoft.com m.fei.msuc01.manage.microsoft.com fei.msuc01.manage.microsoft.com portal.fei.msuc01.manage.microsoft.com m.fei.msuc01.manage.microsoft.com fei.msuc02.manage.microsoft.com portal.fei.msuc02.manage.microsoft.com m.fei.msuc02.manage.microsoft.com fei.msuc02.manage.microsoft.com portal.fei.msuc02.manage.microsoft.com m.fei.msuc02.manage.microsoft.com fei.msuc03.manage.microsoft.com portal.fei.msuc03.manage.microsoft.com m.fei.msuc03.manage.microsoft.com fei.msuc03.manage.microsoft.com portal.fei.msuc03.manage.microsoft.com m.fei.msuc03.manage.microsoft.com fei.msuc05.manage.microsoft.com portal.fei.msuc05.manage.microsoft.com m.fei.msuc05.manage.microsoft.com fei.msuc05.manage.microsoft.com portal.fei.msuc05.manage.microsoft.com m.fei.msuc05.manage.microsoft.com fef.msua01.manage.microsoft.com fef.msua02.manage.microsoft.com fef.msua04.manage.microsoft.com fef.msua05.manage.microsoft.com fef.msua06.manage.microsoft.com fef.msua07.manage.microsoft.com fef.msub01.manage.microsoft.com fef.msub02.manage.microsoft.com fef.msub03.manage.microsoft.com fef.msub05.manage.microsoft.com fef.msuc01.manage.microsoft.com fef.msuc02.manage.microsoft.com fef.msuc03.manage.microsoft.com fef.msuc05.manage.microsoft.com |
Intune 網路設定需求 |
| 商務用 OneDrive | onedrive.com *.onedrive.com onedrive.live.com login.live.com spoprod-a.akamaihd.net *.mesh.com p.sfx.ms *.microsoft.com fabric.io *.crashlytics.com vortex.data.microsoft.com https://posarprodcssservice.accesscontrol.windows.net redemptionservices.accesscontrol.windows.net token.cp.microsoft.com/ tokensit.cp.microsoft-tst.com/ *.office.com *.officeapps.live.com *.aria.microsoft.com *.mobileengagement.windows.net *.branch.io *.adjust.com *.servicebus.windows.net vas.samsungapps.com odc.officeapps.live.com login.windows.net login.microsoftonline.com *.files.1drv.com *.onedrive.live.com *.*.onedrive.live.com storage.live.com *.storage.live.com *.*.storage.live.com *.groups.office.live.com *.groups.photos.live.com *.groups.skydrive.live.com favorites.live.com oauth.live.com photos.live.com skydrive.live.com api.live.net apis.live.net docs.live.net *.docs.live.net policies.live.net *.policies.live.net settings.live.net *.settings.live.net skyapi.live.net snapi.live.net *.livefilestore.com *.*.livefilestore.com storage.msn.com *.storage.msn.com *.*.storage.msn.com |
OneDrive 所需的 URL 與連接埠 |
| Microsoft Defender 進階威脅防護 (ATP) | \ *.oms.opinsights.azure.com *.blob.core.windows.net *.azure-automation.net *.ods.opinsights.azure.com winatp-gw-cus.microsoft.com winatp-gw-eus.microsoft.com winatp-gw-neu.microsoft.com winatp-gw-weu.microsoft.com winatp-gw-uks.microsoft.com winatp-gw-ukw.microsoft.com winatp-gw-aus.microsoft.com winatp-gw-aue.microsoft.com |
Windows Defender ATP 端點 |
| 取得說明 | *.support.services.microsoft.com inprod.support.services.microsoft.com supportchannels.services.microsoft.com graph.windows.net login.windows.net concierge.live.com rave.office.net |
|
| 快速助手 | remoteassistance.support.services.microsoft.com relay.support.services.microsoft.com channelwebsdks.azureedge.net web.vortex.data.microsoft.com gateway.channelservices.microsoft.com *.lync.com |
|
| SharePoint Online | *.sharepoint.com \ *.svc.ms <tenant.sharepoint.com> <tenant-my.sharepoint.com> <tenant-files.sharepoint.com> <tenant-myfiles.sharepoint.com> *.sharepointonline.com cdn.sharepointonline.com static.sharepointonline.com spoprod-a.akamaihd.net publiccdn.sharepointonline.com privatecdn.sharepointonline.com |
Office 365 URL 與 IP 位址範圍 |
| 商務用 OneDrive | admin.onedrive.com officeclient.microsoft.com odc.officeapps.live.com skydrive.wns.windows.com g.live.com oneclient.sfx.ms *.log.optimizely.com click.email.microsoftonline.com ssw.live.com storage.live.com |
Office 365 URL 與 IP 位址範圍 |
| Microsoft Teams | *.teams.skype.com *.teams.microsoft.com teams.microsoft.com *.asm.skype.com \ *.cc.skype.com *.conv.skype.com *.dc.trouter.io *.msg.skype.com prod.registrar.skype.com prod.tpc.skype.com *.broker.skype.com *.config.skype.com *.pipe.skype.com *.pipe.aria.microsoft.com config.edge.skype.com pipe.skype.com s-0001.s-msedge.net s-0004.s-msedge.net scsinstrument-ss-us.trafficmanager.net scsquery-ss- us.trafficmanager.net scsquery-ss-eu.trafficmanager.net scsquery-ss-asia.trafficmanager.net *.msedge.net compass-ssl.microsoft.com feedback.skype.com *.secure.skypeassets.com mlccdnprod.azureedge.net videoplayercdn.osi.office.net *.mstea.ms |
Office 365 URL 與 IP 位址範圍 |
| Power BI | maxcdn.bootstrapcdn.com ajax.aspnetcdn.com netdna.bootstrapcdn.com cdn.optimizely.com google-analytics.com *.mktoresp.com *.aadcdn.microsoftonline-p.com *.msecnd.com *.localytics.com ajax.aspnetcdn.com *.localytics.com *.virtualearth.net platform.bing.com powerbi.microsoft.com c.microsoft.com app.powerbi.com *.powerbi.com dc.services.visualstudio.com support.powerbi.com go.microsoft.com c1.microsoft.com *.azureedge.net |
Power BI & Express Route |
| OneNote | apis.live.net www.onedrive.com login.microsoft.com www.onenote.com *.onenote.com *.msecnd.net *.microsoft.com *.office.net cdn.onenote.net site-cdn.onenote.net cdn.optimizely.com Ajax.aspnetcdn.com officeapps.live.com \*.onenote.com *cdn.onenote.net contentstorage.osi.office.net *onenote.officeapps.live.com *.microsoft.com |
Office 365 URL 與 IP 位址範圍 |