Technical Tip: Updating Firewall Configurations to Include New Intune Network Endpoints

Atul_S · ‎09-23-2025

Description

This article describes the process of updating firewall configurations to include new Intune network endpoints as part of Microsoft's Secure Future Initiative. It provides a step-by-step guide on how to add the AzureFrontDoor.Microsoft Security Internet Service to the firewall policy to ensure uninterrupted Intune device and app management.

Scope

FortiGate, FortiManager, FortiProxy.

Solution

To update the firewall configurations and include the new Intune network endpoints, follow these steps:

Go to Policy & Objects -> Objects -> Internet Services and select AzureFrontDoor.MicrosoftSecurity.
Add the AzureFrontDoor.Microsoft Security Internet Service in the firewall policy.

Ensure that the firewall rules are updated and added to the firewall's allowlist with the additional IP addresses documented under Azure Front Door.
Alternatively, add the service tag AzureFrontDoor.MicrosoftSecurity to the firewall rules to allow outbound traffic on port 443 for the addresses in the tag.

For more information, refer to the Microsoft Intune network endpoints article: https://www.microsoft.com/en-us/download/details.aspx?id=56519 and the FortiGuard Internet Services database.

Technical Tip: Updating Firewall Configurations to Include New Intune Network Endpoints

You are leaving our website