Workspace ONE Windows management proxy whitelisting

In nearly every environment, you need to configure a proxy server to connect to the internet. There are several documentations that are useful to read. But eventually you are whitelisting 10000000 URLs and IPs – which will, of course, be great since you will never face a network related issue, but most network teams will not do this whitelisting.

I used SQUID as proxy to really tear down which URLs are connected to during enrollment and to manage the device. This list is not complete but will show a small list of URLs that are really needed and without them you will not be able to manage Windows via Workspace ONE properly.

Required URLs

Microsoft:

  • *.wns.windows.com – WNS

VMware:

  • ds137.awmdm.com – Workspace ONE device server – IMPORTANT this URL is might be different in your environment!
  • awcm137.awmdm.com – Workspace ONE Cloud Massaging – IMPORTANT this URL is might be different in your environment!

Certificate revocation lists:

  • GoDaddy.com – is used for certification revocation
  • entrust.net – is used for certification revocation
  • digicert.com – is used for certification revocation

Optional:

Windows:

  • slscr.update.microsoft.com – Windows Update
  • notify.live.net – WNS requirement
  • login.live.com – WNS requirement
  • login.microsoftonline.com – WNS requirement
  • inference.location.live.net – Windows location service
  • arc.msn.com – Windows Spotlight
  • adl.windows.com – Microsoft Desktop Analytics
  • settings-win.data.microsoft.com – Used for Windows apps to dynamically update their configuration
  • checkappexec.microsoft.com – Windows SmartScreen
  • nav.smartscreen.microsoft.com – Windows SmartScreen
  • v20.events.data.microsoft.com – Microsoft Defender for Endpoint
  • wdcpalt.microsoft.com – Microsoft Active Protection Service
  • wdcp.microsoft.com – Used for Windows Defender when Cloud-based Protection is enabled

VMware:

  • cdnus04uat.awmdm.com – Workspace ONE CDN – IMPORTANT this URL is different from environment to environment !
  • discovery.awmdm.com – email discovery
  • catalog.vmwareidentity.com – App list – IMPORTANT this URL is might be different in your
  • rmstage01.awmdm.com – Workspace ONE Assist – IMPORTANT this URL is might be different in your environment!
  • *.vidmpreview.com – Workspace ONE Access – IMPORTANT this URL is might be different in your environment!
  • *.cloudfront.net – Amazon CDN – is used for Intelligent HUB Apps and “For you” section
  • vmwservices.com – used for automated application deployment

There are even more URL’s and IP’s that you might need to add to your proxy configuration.
For more information take a look here:

Microsoft:

https://docs.microsoft.com/en-us/windows/privacy/manage-windows-2004-endpoints

https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints

https://docs.microsoft.com/en-us/windows/uwp/design/shell/tiles-and-notifications/firewall-allowlist-config

VMware:

VMware Workspace ONE UEM Ports and Protocols

VMware Workspace ONE Access Ports and Protocols

Written by
+ posts

Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.

Leave a Reply

Your email address will not be published. Required fields are marked *.

*
*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

BCF Shop Theme By aThemeArt.
BACK TO TOP