Azure MFA和目标IP的目标IP或域用于本地AD Connect&的AD Connect MFA服务器 [英] Destination IP's OR Domains for Azure MFA & AD Connect for on-prem AD Connect & MFA Servers
问题描述
我们正在实现Azure带有Azure MFA的AD Connect作为多因素解决方案,将与Citrix NetScaler集成以记录用户 通过NetScaler远程访问.
We are implementing Azure AD Connect with Azure MFA as a multifactor solution that will integrate with Citrix NetScaler for users logging in remotely via NetScaler.
我们需要配置本地核心防火墙,以允许从本地AD Connect/MFA服务器(单个服务器)到Azure进行通信 AD Connect和Azure MFA服务.
We need to configure the on-prem core firewalls to allow communication from the on-prem AD Connect/MFA Server (a single server) to Azure AD Connect and Azure MFA services.
我发现了以下IP和域列表,只是想知道是否真正需要所有这些才能获得Azure AD Connect和Azure MFA在工作?
I have found the following list of IP's and Domains and just want to know if all are actually required to get Azure AD Connect and Azure MFA working?
134.170.116.0/25 OR pfd.phonefactor.net
TCP
443
443
134.1470.165.0/25 OR pfd2.phonefactor.net
TCP
443
443
70.37.154.128/25或css.phonefactor.net
TCP
443
443
api.informationprotection.azure.com
TCP
443
443
mobile.pipe.aria.microsoft.com
TCP
443
443
*.portal.cloudappsecurity.com
TCP
443
443
*.us.portal.cloudappsecurity.com
TCP
443
443
*.eu.portal.cloudappsecurity.com
TCP
443
443
*.eu2.portal.cloudappsecurity.com
TCP
443
443
*.us2.portal.cloudappsecurity.com
TCP
443
443
*.us3.portal.cloudappsecurity.com
TCP
443
443
account.office.net
TCP
443
443
admin.microsoft.com
TCP
443
443
home.office.com
TCP
443
443
portal.office.com
TCP
443
443
www.office.com
TCP
443
443
*.aria.microsoft.com
TCP
443
443
browser.pipe.aria.microsoft.com
TCP
443
443
portal.microsoftonline.com
TCP
443
443
nexus.officeapps.live.com
TCP
443
443
nexusrules.officeapps.live.com
TCP
443
443
amp.azure.net
TCP
443
443
* .o365weve.com
TCP
443
443
auth.gfx.ms&s
TCP
443
443
appsforoffice.microsoft.com
TCP
443
443
assets.onestore.ms&s
TCP
443
443
az826701.vo.msecnd.net
TCP
443
443
c.microsoft.com
TCP
443
443
c1.microsoft.com
TCP
443
443
client.hip.live.com
TCP
443
443
contentstorage.osi.office.net
TCP
443
443
dgps.support.microsoft.com
TCP
443
443
docs.microsoft.com
TCP
443
443
groupsapi-prod.outlookgroups.ms
TCP
443
443
groupsapi2-prod.outlookgroups.ms
TCP
443
443
groupsapi3-prod.outlookgroups.ms
TCP
443
443
groupsapi4-prod.outlookgroups.ms
TCP
443
443
msdn.microsoft.com
TCP
443
443
products.office.com
TCP
443
443
prod.msocdn.com
TCP
443
443
r1.res.office365.com
TCP
443
443
r4.res.office365.com
TCP
443
443
*.manage.office.com
TCP
443
443
*.protection.office.com
TCP
443
443
protection.office.com
TCP
443
443
*.blob.core.windows.net
TCP
443
443
office365servicehealthcommunications.cloudapp.net
TCP
443
443
signup.microsoft.com
TCP
443
443
testconnectivity.microsoft.com
TCP
443
443
securescore.office.com
TCP
443
The above information was sourced from:
https://support.office.com/en-us/article/office-365-urls-and-ip-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-AU&ad=AU#bkmk_portal_ip
AND:
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfaserver-deploy
谢谢
James
推荐答案
Yes James, all the mentioned port numbers would be required for the Azure AD Connect and Azure MFA to function.
Yes James, all the mentioned port numbers would be required for the Azure AD Connect and Azure MFA to function.
这篇关于Azure MFA和目标IP的目标IP或域用于本地AD Connect&的AD Connect MFA服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
