Was this page helpful?
Your feedback about this content is important. Let us know what you think.
Additional feedback?
1500 characters remaining
Export (0) Print
Expand All

Network infrastructure requirements for Microsoft Intune


Updated: August 1, 2015

Applies To: Microsoft Intune

Microsoft Intune requires your network infrastructure to pass communications between the devices you manage and use to manage your subscription, and the websites on the Internet that the cloud-based service uses.

There is no requirement to use on-premises infrastructure (like a server where you must install software), but there are options to use on-premises infrastructure including Exchange and Active Directory synchronization tools.

To manage computers that are behind firewalls and proxy servers, you must set up firewalls and proxy servers to allow communications for Intune.

Managed devices require configurations that let All Users access various services through firewalls.

The following table lists the domains and services that the Intune client accesses.




Microsoft Intune and related services


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443




80 and 443


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443

Microsoft Update Services


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443


80 and 443

DNS lookup requests



Samsung KNOX device communication through the firewall

To enable Samsung KNOX devices to contact KNOX servers through the firewall, follow the instructions on the Samsung KNOX FAQ.

Documentation, Help, and support


80 and 443


80 and 443











1 This domain is required for JQuery support when you use the company portal website.

To manage computers that are behind a proxy server, consider the following:

  • The proxy server must support both HTTP and HTTPS because Intune clients use both protocols.

  • Intune supports unauthenticated proxy servers.

You can modify proxy server settings on individual client computers, or you can use Group Policy settings to change settings for all client computers that are located behind a specified proxy server.

You can also use a proxy server that caches content to reduce network bandwidth use by Intune clients.

The following table identifies on-premises infrastructure you can use with Microsoft Intune.


More information

On-Premises Connector

Use the On-Premises Connector to synchronize data from Exchange Server:

Before you can use either connector to connect Intune to your Exchange Server, you must set up Active Directory synchronization so that your local users and security groups are synchronized with your instance of Azure AD.

Proxy server

If you manage clients that access the Internet through a proxy server, see Requirements for proxy servers.

You can also use a proxy server that caches content to reduce network bandwidth. For more information, see Reduce network bandwidth use in the What to know before setting up Microsoft Intune topic.

The following table lists the requirements for the computer where you install the On-Premises Connector.


More information

Operating systems

Intune supports the On-Premises Connector on a computer that runs any edition of the following operating systems:

  • Windows Server 2008 SP2 64 bit

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2


The connector is not supported on any Server Core installation.

Microsoft Exchange version

The On-Premises Connector requires Microsoft Exchange 2010 SP1 or later.


The computer where you install the connector requires the following minimum hardware:

  • 1.6 GHz CPU

  • 2 GB ram

  • 10 GB of free disk space

Additional software

The following must be installed on the computer that hosts the connector:

  • Full installation of Microsoft .NET Framework 4

  • At a minimum, Windows PowerShell 2.0


The connector is not supported on a computer that runs an Exchange Server role.


The computer where you install the connector must be in a domain that has a trust relationship to the domain that hosts your Exchange Server.

The computer requires configurations to enable it to access the Intune service through firewalls and proxy servers over Ports 80 and 443. Domains used by Intune include:

  • manage.microsoft.com

  • *manage.microsoft.com

  • *.manage.microsoft.com

The Service to Service Connector supports only cloud-based Exchange and has no requirements for on-premises infrastructure.

However, to use this connector, the following must be true:

  • You have an Office 365 subscription that has an Exchange Server 2013 tenant. So long as the tenant is Exchange Server 2013, the connector supports Exchange Server 2010 in that same environment.

  • The user account that you use to install the On-Premises Connector must be a tenant administrator for Intune and be an administrator in the Exchange tenant with a license to use Exchange Server 2013.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft