This morning, I noticed this notification in Microsoft Intune started showing.
If you click on the link, it will take you to M365 Admin Center,
I reviewed the document to ensure I understand everything before I apply it.
So, what to do?
According to Microsoft Document, there are changes in IP Ranges and Service Tags for both Public and Government Cloud. These changes are part of the Secure Feature Initiative (SFI) and must be completed before December 2nd, 2025.
Entities (companies and government) need to configure their outbound firewall traffic for Intune or Azure to match Microsoft’s new ranges. This must be done on the firewall, router, proxy, and NSG levels, also by adding the new ranges without removing any existing network or firewall configuration. Include a new Azure Front Door tag, ‘AzureFrontDoor.MicrosoftSecurity’. To download the document (JSON) file for the government and the public, click the links below.
- Public clouds: Download Azure IP Ranges and Service Tags – Public Cloud from Official Microsoft Download Center
- Government clouds: Download Azure IP Ranges and Service Tags – US Government Cloud from Official Microsoft Download Center
If you search you should find these ranges:
This change is needed for both MDM and MAM. If these changes in the network do not happen, the end user may have issues with device communication with Intune and applications in the cloud, policies, etc.
All resources are here:-
- Azure Front Door
- Azure service tags
- Intune network endpoints
- US government network endpoints for Intune
- US Government endpoint https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/intune-us-government-endpoints#:~:text=for%20Windows.-,Ports%20and%20IP%20addresses%20list,-The%20following%20table
- Secure traffic to Axure Front Door origins Secure traffic to origins – Azure Front Door | Microsoft Learn
- Network endpoint for Microsoft Intune https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/intune-endpoints?tabs=north-america#intune-core-service:~:text=different%20ports%20listed.-,Intune%20core%20service,-Note
- Secure Feature Initiative Secure Future Initiative – Secure by Design | Microsoft
Have a nice morning.