Diagram
Network Ports80,443 outbound traffic
If firewall enforce traffic according to the userOpen traffic from Windows Services (Network Services)
DNS Whitelistnet
windows.net
or allow Azure IP Datacenter (update every week)
Certificate Verificationmicrosoft.com:80
microsoft.com:80
msocsp.com:80
microsoft.com:80
registration processwindows.net
microsoftonline.net
Application Proxy Port Test Tools
https://aadap-portcheck.connectorporttest.msappproxy.net/
Connector Group: (publish applications on separate networks and locations.)Default
additional settings.Backend Application Timeout (Default)If Long: application is slow to authenticate and connect.
Translate URLs in Headers (Default Yes)If NO: app required the original host header in the authentication request.
Translate URLs in Application Body (Default: No)Yes: hardcoded HTML links to other on-premises applications, and don’t use custom domains.
Allow the following URL or IP:
DNS White List
Certificate Verification
Registration Process
· msappproxy.net
· servicebus.windows.net
· or allow Azure IP Datacenter (update every week)
· mscrl.microsoft.com:80
· crl.microsoft.com:80
· ocsp.msocsp.com:80
· www.microsoft.com:80
· login.windows.net
· login.microsoftonline.net
Also, make sure to open the following Network Ports to Outbound Traffic:
Port Number
Description
80
Downloading certificate revocation lists (CRLs) while validating the SSL certificate
443
All outbound communication with the Application Proxy service
Add a Comment