Workspace ONE Windows management proxy whitelisting
In nearly every environment, you need to configure a proxy server to connect to the internet. There are several documentations that are useful to read. But eventually you are whitelisting 10000000 URLs and IPs – which will, of course, be great since you will never face a network related issue, but most network teams will not do this whitelisting.
I used SQUID as proxy to really tear down which URLs are connected to during enrollment and to manage the device. This list is not complete but will show a small list of URLs that are really needed and without them you will not be able to manage Windows via Workspace ONE properly.
- *.wns.windows.com – WNS
- ds137.awmdm.com – Workspace ONE device server – IMPORTANT this URL is might be different in your environment!
- awcm137.awmdm.com – Workspace ONE Cloud Massaging – IMPORTANT this URL is might be different in your environment!
Certificate revocation lists:
- GoDaddy.com – is used for certification revocation
- entrust.net – is used for certification revocation
- digicert.com – is used for certification revocation
- slscr.update.microsoft.com – Windows Update
- notify.live.net – WNS requirement
- login.live.com – WNS requirement
- login.microsoftonline.com – WNS requirement
- inference.location.live.net – Windows location service
- arc.msn.com – Windows Spotlight
- adl.windows.com – Microsoft Desktop Analytics
- settings-win.data.microsoft.com – Used for Windows apps to dynamically update their configuration
- checkappexec.microsoft.com – Windows SmartScreen
- nav.smartscreen.microsoft.com – Windows SmartScreen
- v20.events.data.microsoft.com – Microsoft Defender for Endpoint
- wdcpalt.microsoft.com – Microsoft Active Protection Service
- wdcp.microsoft.com – Used for Windows Defender when Cloud-based Protection is enabled
- cdnus04uat.awmdm.com – Workspace ONE CDN – IMPORTANT this URL is different from environment to environment !
- discovery.awmdm.com – email discovery
- catalog.vmwareidentity.com – App list – IMPORTANT this URL is might be different in your
- rmstage01.awmdm.com – Workspace ONE Assist – IMPORTANT this URL is might be different in your environment!
- *.vidmpreview.com – Workspace ONE Access – IMPORTANT this URL is might be different in your environment!
- *.cloudfront.net – Amazon CDN – is used for Intelligent HUB Apps and “For you” section
- vmwservices.com – used for automated application deployment
There are even more URL’s and IP’s that you might need to add to your proxy configuration.
For more information take a look here:
VMware Workspace ONE UEM Ports and Protocols
VMware Workspace ONE Access Ports and Protocols
Empowering customers in client management since 2012.
Empowering customers in modern management since 2018.