Azure AD Connect and On-premises AD
| Protocol | Ports | Description |
| DNS | 53 (TCP/UDP) | DNS lookups on the destination forest. |
| Kerberos | 88 (TCP/UDP) | Kerberos authentication to the AD forest. |
| MS-RPC | 135 (TCP/UDP) | Used during the initial configuration of the Azure AD Connect wizard when it binds to the AD forest, and also during Password synchronization. |
| LDAP | 389 (TCP/UDP) | Used for data import from AD. Data is encrypted with Kerberos Sign & Seal. |
| RPC | 445 (TCP/UDP) | Used by Seamless SSO to create a computer account in the AD forest. |
| LDAP/SSL | 636 (TCP/UDP) | Used for data import from AD. The data transfer is signed and encrypted. Only used if you are using SSL. |
| RPC | 49152- 65535 (Random high RPC Port) (TCP/UDP) | Used during the initial configuration of Azure AD Connect when it binds to the AD forests, and during Password synchronization. See KB929851, KB832017, and KB224196for more information. |
Azure AD Connect and Azure AD
| Protocol | Ports | Description |
| HTTP | 80 (TCP/UDP) | Used to download CRLs (Certificate Revocation Lists) to verify SSL certificates. |
| HTTPS | 443(TCP/UDP) | Used to synchronize with Azure AD. |
For a list of URLs and IP addresses, you need to open in your firewall, see Office 365 URLs and IP address ranges.
Azure AD Connect and AD FS Federation Servers/WAP
| Protocol | Ports | Description |
| HTTP | 80 (TCP/UDP) | Used to download CRLs (Certificate Revocation Lists) to verify SSL certificates. |
| HTTP | 443(TCP/UDP) | Used to synchronize with Azure AD. |
| WinRM | 5985 | WinRM Listener |
WAP and Federation Servers
| Protocol | Ports | Description |
| HTTPS | 443(TCP/UDP) | Used for authentication. |
WAP and Users
| Protocol | Ports | Description |
| HTTPS | 443(TCP/UDP) | Used for device authentication. |
| TCP | 49443 (TCP) | Used for certificate authentication. |
Add a Comment