Azure services URLs and IP addresses for firewall or proxy whitelisting

When you are working with Azure sometimes you have to whitelist specific IP address ranges or URLs in your corporate firewall or proxy to access all Azure services you are using or trying to use.

Some information like the datacenter IP ranges and some of the URLs are easy to find. Other things are more complicated to find like calling IP addresses of specific Azure services or specific URLs.

The list of Azure services specific URLs and IP addresses in this blog post is not complete and only a snapshot at the time of writing this post.

The post is divided into the following sections IP addresses, calling IP addresses and URLs.

I hope you find the summary useful and supportive for your day to day work with Azure.

IP addresses:

Datacenter IP ranges:

-> https://www.microsoft.com/en-us/download/details.aspx?id=41653

Azure CDN:

-> https://msdn.microsoft.com/library/mt757330.aspx

Calling IP addresses:

Logic App:

-> https://docs.microsoft.com/en-us/azure/app-service-logic/app-service-logic-limits-and-config#configuration

Traffic Manager:

Have a look at the section “What are the IP addresses from which the health checks originate?”.

-> https://docs.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring#faq

URLs:

PowerShell Get-AzureRmEnvironment / Azure main services URLs:

AzureEnvironment

Name Value Value 2
Active Directory Service Endpoint Resource Id https://management.core.windows.net/
Gallery Url https://gallery.azure.com/
Management Portal Url https://portal.azure.com https://manage.windowsazure.com
Service Management Url https://management.core.windows.net/
Publish Settings File Url https://manage.windowsazure.com/publishsettings/index
Resource Manager Url https://management.azure.com/
Sql Database Dns Suffix .database.windows.net
Storage Endpoint Suffix core.windows.net .blob.core.windows.net
.queue.core.windows.net
.table.core.windows.net
.file.core.windows.net
Active Directory Authority https://login.microsoftonline.com/
Graph Url https://graph.windows.net/
Graph Endpoint Resource Id https://graph.windows.net/
Traffic Manager Dns Suffix trafficmanager.net
Azure Key Vault Dns Suffix vault.azure.net
Azure Data Lake Store File System Endpoint Suffix azuredatalakestore.net
Azure Data Lake Analytics Catalog And Job Endpoint Suffix azuredatalakeanalytics.net
Azure Key Vault Service Endpoint Resource Id https://vault.azure.net

Other Azure services URLs:

Name Value Value 2
Redis Cache .redis.cache.windows.net
App Service .azurewebsites.net
DocumentDB documents.azure.com
Azure Batch batch.azure.com .{region}.batch.azure.com
Machine Learning Studio studio.azureml.net
Machine Learning Gallery https://gallery.cortanaintelligence.com/
Machine Learning Web Service Management services.azureml.net
Service Bus .servicesbus.windows.net
Event Hubs .servicesbus.windows.net
Azure IoT Hub .azure-devices.net
API Management .azure-api.net
Azure Automation .azure-automation.net
Azure Automation Webhooks https://s2events.azure-automation.net
Public IP, Azure LB, Web Application Gateway, Service Fabric, Azure Container Service cloudapp.azure.com .{region}.cloudapp.azure.com
Azure Search .search.windows.net
Azure Analysis Services asazure.windows.net .{region}.asazure.windows.net
Logic App logic.azure.com .{region}.logic.azure.com
CDN .azureedge.net
HDInsight .azurehdinsight.net

Azure Site Recovery:

-> https://docs.microsoft.com/en-us/azure/site-recovery/site-recovery-best-practices#url-access

Azure Backup:

-> https://docs.microsoft.com/en-us/azure/backup/backup-azure-backup-faq#what-firewall-rules-should-be-configured-for-azure-backup-br

Azure Log Analytics (OMS):

-> https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-proxy-firewall#configure-proxy-and-firewall-settings-with-the-microsoft-monitoring-agent

StorSimple:

-> https://docs.microsoft.com/en-us/azure/storsimple/storsimple-system-requirements#networking-requirements-for-your-storsimple-device

Data Factory – Data Management Gateway:

Have a look at “Ports and firewall” under the section “Installation”.

-> https://docs.microsoft.com/en-us/azure/data-factory/data-factory-data-management-gateway#installation

Azure MFA Server:

-> https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-server#install-and-configure-the-azure-multi-factor-authentication-server

Azure Automation Hybrid Runbook Worker:

-> https://docs.microsoft.com/en-us/azure/automation/automation-hybrid-runbook-worker#hybrid-runbook-worker-requirements

Azure KMS server:

-> https://blogs.technet.microsoft.com/supportingwindows/2015/05/20/use-azure-custom-routes-to-enable-kms-activation-with-forced-tunneling/