Export (0) Print
Expand All

Requirements for Microsoft Intune

 

Updated: June 23, 2015

Use the links in the following table to learn about Microsoft Intune requirements of your infrastructure and of devices and computers that you manage.

Requirement types

More information

Infrastructure requirements

  • Network infrastructure such as firewalls and proxy server configurations

  • On-premises infrastructure that you can integrate with your subscription

Device requirements

  • Supported mobile device and computer operating systems including minimum hardware requirements and versions

  • Required software and configurations for the Intune client that you install on Windows computers

Web browsers requirements

  • Supported web browsers for administration and access to the company portal website

Microsoft Intune requires your network infrastructure to pass communications between the devices you manage and use to manage your subscription, and the websites on the Internet that the cloud-based service uses.

There is no requirement to use on-premises infrastructure (like a server where you must install software), but there are options to use on-premises infrastructure including Exchange and Active Directory synchronization tools.

To manage computers that are behind firewalls and proxy servers, you must set up firewalls and proxy servers to allow communications for Intune.

Managed devices require configurations that let All Users access various services through firewalls.

The following table lists the domains and services that the Intune client accesses.

Purpose

Domain

Ports

Microsoft Intune and related services

*.manage.microsoft.com

80 and 443

*manage.microsoft.com

80 and 443

manage.microsoft.com

80 and 443

*.microsoftonline-p.com

80 and 443

*.microsoftonline-p.net

80 and 443

*.spynet2.microsoft.com

443

c.microsoft.com

80 and 443

c1.microsoft.com

80 and 443

blob.core.windows.net

80 and 443

ajax.aspnetcdn.com

80 and 443

*.googleapis.com1

80 and 443

wustat.microsoft.com

80 and 443

Microsoft Update Services

*.update.microsoft.com

80 and 443

download.microsoft.com

80 and 443

update.microsoft.com

80 and 443

*.download.windowsupdate.com

80 and 443

download.windowsupdate.com

80 and 443

*.windowsupdate.com

80 and 443

windowsupdate.microsoft.com

80 and 443

ntservicepack.microsoft.com

80 and 443

DNS lookup requests

manage.microsoft.com.nsatc.net

80

Samsung KNOX device communication through the firewall

To enable Samsung KNOX devices to contact KNOX servers through the firewall, follow the instructions on the Samsung KNOX FAQ.

Documentation, Help, and support

*.livemeeting.com

80 and 443

*.microsoftonline.com

80 and 443

*.social.technet.microsoft.com

80

blogs.technet.com

80

go.microsoft.com

80

onlinehelp.microsoft.com

80

www.microsoft.com

80

1 This domain is required for JQuery support when you use the company portal website.

To manage computers that are behind a proxy server, consider the following:

  • The proxy server must support both HTTP and HTTPS because Intune clients use both protocols.

  • Intune supports unauthenticated proxy servers.

You can modify proxy server settings on individual client computers, or you can use Group Policy settings to change settings for all client computers that are located behind a specified proxy server.

You can also use a proxy server that caches content to reduce network bandwidth use by Intune clients.

The following table identifies on-premises infrastructure you can use with Microsoft Intune.

Infrastructure

More information

On-Premises Connector

Use the On-Premises Connector to synchronize data from Exchange Server:

Before you can use either connector to connect Intune to your Exchange Server, you must set up Active Directory synchronization so that your local users and security groups are synchronized with your instance of Azure AD.

Proxy server

If you manage clients that access the Internet through a proxy server, see Requirements for proxy servers.

You can also use a proxy server that caches content to reduce network bandwidth. For more information, see Reduce network bandwidth use in the What to know before setting up Microsoft Intune topic.

The following table lists the requirements for the computer where you install the On-Premises Connector.

Requirement

More information

Operating systems

Intune supports the On-Premises Connector on a computer that runs any edition of the following operating systems:

  • Windows Server 2008 SP2 64 bit

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

System_CAPS_noteNote

The connector is not supported on any Server Core installation.

Microsoft Exchange version

The On-Premises Connector requires Microsoft Exchange 2010 SP1 or later.

Hardware

The computer where you install the connector requires the following minimum hardware:

  • 1.6 GHz CPU

  • 2 GB ram

  • 10 GB of free disk space

Additional software

The following must be installed on the computer that hosts the connector:

  • Full installation of Microsoft .NET Framework 4

  • At a minimum, Windows PowerShell 2.0

System_CAPS_noteNote

The connector is not supported on a computer that runs an Exchange Server role.

Network

The computer where you install the connector must be in a domain that has a trust relationship to the domain that hosts your Exchange Server.

The computer requires configurations to enable it to access the Intune service through firewalls and proxy servers over Ports 80 and 443. Domains used by Intune include:

  • manage.microsoft.com

  • *manage.microsoft.com

  • *.manage.microsoft.com

The Service to Service Connector supports only cloud-based Exchange and has no requirements for on-premises infrastructure.

However, to use this connector, the following must be true:

  • You have an Office 365 subscription that has an Exchange Server 2013 tenant. So long as the tenant is Exchange Server 2013, the connector supports Exchange Server 2010 in that same environment.

  • The user account that you use to install the On-Premises Connector must be a tenant administrator for Intune and be an administrator in the Exchange tenant with a license to use Exchange Server 2013.

The following sections identify requirements for mobile devices and computers that you plan to manage with Intune.

The requirements to manage a mobile device and the level of management you have depend on whether you manage the device directly or use Exchange ActiveSync:

  • Direct management: Different types of mobile devices have different requirements for direct management. For example, to manage iOS devices you need an Apple Push Notification service certificate, and to manage apps for a Windows RT 8.1 device, you need sideloading keys and a code-signing certificate. Intune can manage the following devices with mobile device management:

    • Apple iOS 6.0 and later

      System_CAPS_noteNote

      New devices must be running iOS version 7.1 or later in order to enroll in Intune. Version 6.0 will continue to be supported on devices that are already enrolled in Intune.

    • Google Android 4.0 and later (includes Samsung KNOX)

    • Windows Phone 8.0 and later

    • Windows RT and Windows 8.1 RT

    • Windows 8.0 and later computers (managed as mobile devices; see Computer management capabilities in Microsoft Intune)

    Before you can directly manage mobile devices you must make Intune the mobile device management authority.

  • Exchange ActiveSync: To manage devices by using Exchange ActiveSync requires you to install the On-Premises Connector or use the built-in Service to Service Connector to connect to your Exchange Server.

    To learn about the hardware and software requirements to install the On-Premises Connector, see Requirements for the On-Premises Connector.

    To learn about using the On-Premises Connector or Service to Service Connector with Exchange, see Set up mobile device management using Exchange ActiveSync in Microsoft Intune.

Operating Systems:
You can install the Intune client on computers that run the following operating systems:

Operating system

System architecture

Windows Vista

  • Business

  • Enterprise

  • Ultimate

x86, x64

Windows 7

  • Professional (with no service pack, or with SP1)

  • Enterprise (with no service pack, or with SP1)

  • Ultimate (with no service pack, or with SP1)

x86, x64

Windows 8

  • Pro

  • Enterprise

x86, x64

Windows 8.1

  • Pro

  • Enterprise

X86, x64


Hardware:
The following are minimum hardware requirements for installing the Intune client:

Requirement

More information

Network

The client requires the computer to have Internet connectivity and access to the domains defined in the Network infrastructure section of this topic.

Processor and Memory

Refer to the processor and RAM requirements for the computer's operating system.

Disk space

200 MB available disk space before the client software is installed.


Software:
The following are software requirements for installing the Intune client:

Requirement

More information

Administrative permissions

The account that installs the client software must have local administrator permissions to that computer.

Windows Installer 3.1

The computer must have, at a minimum, Windows Installer 3.1.

To view the version of Windows Installer on a client computer:

  • On the computer, right-click %windir%\System32\msiexec.exe, and then click Properties.

You can download the latest version of Windows Installer from Windows Installer Redistributables on the Microsoft Developer Network website.

Remove incompatible client software

Before you install the Intune client software, you must uninstall the following client software from that computer:

  • Any version of System Center 2012 Configuration Manager

  • Any version of Configuration Manager 2007

  • Any version of Systems Management Server

The following web browsers are supported.

Platform

Minimum browser version

Mobile device platforms

The Microsoft Intune company portal website is supported by the default web browser for each supported platform.

Windows computers

The following web browsers are supported for use with the Microsoft Intune account portal, Microsoft Intune administrator console, and the Microsoft Intune company portal website:

  • Internet Explorer 9 or later

  • Google Chrome 

    System_CAPS_importantImportant

    Starting with Chrome version 42, Chrome no longer supports, by default, the Netscape Plugin Application Programming Interface (NPAPI). The Intune admin console requires Silverlight, which is an NPAPI plug-in.

    To manually enable the NPAPI plug-in:

    1. Type chrome://flags into the Chrome browser window.

    2. Find the setting Enable NPAPI and click the enable link.

    3. Click the Relaunch Now button to restart the browser.

    In September of 2015, Chrome will drop all support for NPAPI, so you will need to use either an earlier version of Chrome or a different browser to access the Microsoft Intune admin console.

  • Mozilla Firefox 

  • Apple Safari

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2015 Microsoft