data/endpoints.json
|
{
"$schema": "https://raw.githubusercontent.com/smitzlroy/AksArc.DeploymentReadiness/main/data/endpoints-schema.json", "schemaVersion": "2.0", "metadata": { "sourceUrl": "https://github.com/Azure/AzureStack-Tools/blob/master/HCI/EastUSendpoints/eastus-hci-endpoints.md", "sourceRegion": "eastus", "lastUpdated": "2026-04-14", "sourceCommitSha": "41f99d8c8157225201ee31f0ccf93f2110391ec7", "upstreamEndpointCount": 86, "moduleVersion": "0.2.0", "notes": "Complete endpoint reference from Azure/AzureStack-Tools EastUS. Component names match upstream exactly. Customer-specific endpoints (Key Vault, Arc Gateway) included as placeholder patterns." }, "regionUrlPatterns": [ { "pattern": "{region}.his.arc.azure.com", "component": "Azure Local Arc agent" }, { "pattern": "{region}.dp.kubernetesconfiguration.azure.com", "component": "Azure Local AKS infra" }, { "pattern": "{region}.dp.prod.appliances.azure.com", "component": "Azure Local ARB infra" }, { "pattern": "{region}.login.microsoft.com", "component": "Azure Local authentication" }, { "pattern": "{region}-gas.guestconfiguration.azure.com", "component": "Azure Local Arc agent" }, { "pattern": "{region}.obo.arc.azure.com", "component": "Azure Local AKS infra" }, { "pattern": "{region}-shared.prod.warm.ingest.monitor.core.windows.net", "component": "Azure Local monitoring" } ], "endpoints": [ { "id": 1, "url": "mcr.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Global site used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 2, "url": "westus.data.mcr.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "West US site used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 3, "url": "northeurope.data.mcr.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "North Europe site used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 4, "url": "westeurope.data.mcr.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Western Europe site used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 5, "url": "azurearcfork8s.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 6, "url": "linuxgeneva-microsoft.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 7, "url": "azurearcfork8sdev.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 8, "url": "hybridaks.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 9, "url": "aszk8snetworking.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 10, "url": "*.dl.delivery.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for AKS Arc VHD image download and update.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 11, "url": "*.do.dsp.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for AKS Arc VHD image download and update.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 12, "url": "*.prod.do.dsp.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for AKS Arc VHD image download and update.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 13, "url": "eastus.dp.kubernetesconfiguration.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Required for initial validation.", "arcGatewaySupported": true, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 14, "url": "sts.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "For Cluster Connect and Custom Location-based scenario.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 15, "url": "ecpacr.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for official Microsoft artifacts such as container images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 16, "url": "raw.githubusercontent.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for GitHub. Not required on 2504 and later new deployments.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 17, "url": "msk8s.api.cdp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Download product catalog, product bits, and OS images from SFS.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 18, "url": "msk8s.sb.tlu.dl.delivery.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Download the Arc Resource Bridge OS images.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 19, "url": "time.windows.com", "port": 123, "protocol": "UDP", "component": "Azure Local ARB infra", "notes": "OS time sync in appliance VM and Management machine (Windows NTP).", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": false, "regionSpecific": false }, { "id": 20, "url": "k8connecthelm.azureedge.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Deploy Azure Arc agent.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 21, "url": "kvamanagementoperator.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Pull artifacts for Appliance managed components.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 22, "url": "packages.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Download Linux installation package.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 23, "url": "k8sconnectcsp.azureedge.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Required for Custom Location.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 24, "url": "*.prod.hot.ingest.monitor.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Periodically sends Microsoft required diagnostic data.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 25, "url": "prod5.prod.hot.ingestion.msftcloudes.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Periodically sends Microsoft required diagnostic data.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 26, "url": "eastus.dp.prod.appliances.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Used for ARB data plane operations in East US.", "arcGatewaySupported": true, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 27, "url": "download.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For downloading the Windows installation package.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 28, "url": "pas.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For Microsoft Entra ID.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 29, "url": "guestnotificationservice.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For the notification service for extension and connectivity scenarios.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 30, "url": "gbl.his.arc.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For global metadata and hybrid identity services.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 31, "url": "eus.his.arc.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For East US metadata and hybrid identity services.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 32, "url": "eastus-gas.guestconfiguration.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For extension management and guest configuration services.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 33, "url": "agentserviceapi.guestconfiguration.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For notification service for extension and connectivity scenarios.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 34, "url": "azgn*.servicebus.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "Not required if endpoint 35 below is whitelisted.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 35, "url": "*.servicebus.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc agent", "notes": "For multiple Azure Local components.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 36, "url": "*.waconazure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local WAC", "notes": "For Windows Admin Center management after deployment.", "arcGatewaySupported": true, "requiredFor": "post-deployment", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 37, "url": "<your-arc-gateway-id>.gw.arc.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Arc gateway", "notes": "Required if using Arc Gateway for Azure Local. Replace with your unique gateway endpoint ID.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "manual" }, "wildcard": false, "regionSpecific": false, "customerSpecific": true }, { "id": 38, "url": "login.microsoftonline.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "For Active Directory Authority and authentication, token fetch, and validation.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 39, "url": "graph.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "For Graph authentication, token fetch, and validation.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 40, "url": "graph.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "For Graph authentication and Azure Resource Bridge RBAC.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 41, "url": "login.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "For Microsoft Entra ID.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 42, "url": "eastus.login.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "Required to fetch and update ARM tokens for logging into East US Azure.", "arcGatewaySupported": true, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 43, "url": "crl3.digicert.com", "port": 80, "protocol": "HTTP", "component": "Azure Local benefits", "notes": "Platform attestation service on Azure Local to perform a certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 44, "url": "crl4.digicert.com", "port": 80, "protocol": "HTTP", "component": "Azure Local benefits", "notes": "Platform attestation service on Azure Local to perform a certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 45, "url": "www.powershellgallery.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "To install required PSGallery modules for Arc registration.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 46, "url": "portal.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For Azure Local deployment.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 47, "url": "*.blob.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For multiple Azure Local components.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 48, "url": "hciarcvmscontainerregistry.azurecr.io", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For Arc VM container registry on Azure Local 23H2.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 49, "url": "azurestackreleases.download.prss.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For Azure Local Arc extensions deployment.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 50, "url": "<your-keyvault-name>.vault.azure.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "Key vault for deployment secrets. Replace with your unique Key Vault name.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "manual" }, "wildcard": false, "regionSpecific": false, "customerSpecific": true }, { "id": 51, "url": "settings-win.data.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For Azure Local deployment.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 52, "url": "dp.stackhci.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local diag and billing", "notes": "For Data plane diagnostics and billing data.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 53, "url": "licensing.platform.edge.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local diag and billing", "notes": "For Data plane licensing billing data. Required only for Azure Local.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 54, "url": "billing.platform.edge.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local diag and billing", "notes": "For Data plane licensing billing data. Required only for Azure Local.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 55, "url": "azurestackhci.azurefd.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local diag and billing", "notes": "Previous URL for Data plane for backwards compatibility.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 56, "url": "management.azure.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local management", "notes": "Initial Azure Local cluster registration, bootstrapping and management operations.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 57, "url": "global.prod.microsoftmetrics.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 58, "url": "prod5.prod.microsoftmetrics.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 59, "url": "dc.services.visualstudio.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 60, "url": "qos.prod.warm.ingest.monitor.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 61, "url": "eastus-shared.prod.warm.ingest.monitor.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 62, "url": "westus-shared.prod.warm.ingest.monitor.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 63, "url": "gcs.prod.monitoring.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 64, "url": "adhs.events.data.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 65, "url": "v20.events.data.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local monitoring", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 66, "url": "aka.ms", "port": 443, "protocol": "HTTPS", "component": "Azure Local deployment", "notes": "For resolving addresses to discover Azure Local.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 67, "url": "fe3.delivery.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Updates", "notes": "For updating Azure Local.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 68, "url": "fe3cr.delivery.mp.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local Updates", "notes": "For updating Azure Local.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 69, "url": "tlu.dl.delivery.mp.microsoft.com", "port": 80, "protocol": "HTTP", "component": "Azure Local Updates", "notes": "For updating Azure Local.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 70, "url": "crl.microsoft.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Azure Local certificate revocation list for mandatory Arc extensions.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 71, "url": "go.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Microsoft Update", "notes": "For Microsoft Update, allowing the OS to receive updates.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 72, "url": "*.endpoint.security.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Microsoft Defender", "notes": "Required only if using Microsoft Defender extension (MDE.windows).", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 73, "url": "login.microsoft.com", "port": 443, "protocol": "HTTPS", "component": "Azure Local authentication", "notes": "Required to fetch and update Azure Resource Manager tokens.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "https_get" }, "wildcard": false, "regionSpecific": false }, { "id": 74, "url": "*.blob.storage.azure.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "To access blob storage.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "dns_resolve" }, "wildcard": true, "regionSpecific": false }, { "id": 75, "url": "eastus.obo.arc.azure.com", "port": 8084, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Required for initial validation.", "arcGatewaySupported": false, "requiredFor": "post-deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": true }, { "id": 76, "url": "oneocsp.microsoft.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 77, "url": "ts-crl.ws.symantec.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 78, "url": "ts-ocsp.ws.symantec.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 79, "url": "s.symcd.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 80, "url": "ocsp.digicert.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 81, "url": "ocsp2.globalsign.com", "port": 80, "protocol": "HTTP", "component": "Azure Local CRLs", "notes": "Required for Public authorities' certificate revocation list.", "arcGatewaySupported": false, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 82, "url": "hciarcvmsstorage.z13.web.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Storage account for stack-hci-vm CLI extension files.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 83, "url": "www.msftconnecttest.com", "port": 80, "protocol": "HTTP", "component": "Azure Local AKS infra", "notes": "Bootstrap Windows outbound connectivity validation.", "arcGatewaySupported": false, "requiredFor": "deployment", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 84, "url": "edgesupprd.trafficmanager.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Remote Support Extension.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 85, "url": "azurewatsonanalysis-prod.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local AKS infra", "notes": "Used for metrics and monitoring telemetry traffic.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false }, { "id": 86, "url": "arcplatformcliextprod.z13.web.core.windows.net", "port": 443, "protocol": "HTTPS", "component": "Azure Local ARB infra", "notes": "Used to deploy ARB extensions.", "arcGatewaySupported": true, "requiredFor": "both", "validation": { "method": "tcp_connect" }, "wildcard": false, "regionSpecific": false } ], "crossSubnetPorts": [ { "port": 22, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toAks", "purpose": "SSH node access" }, { "port": 443, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toAks", "purpose": "HTTPS / API communication" }, { "port": 6443, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toAks", "purpose": "Kubernetes API server" }, { "port": 9440, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toAks", "purpose": "MOC cloud agent" }, { "port": 40343, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toCluster", "purpose": "Arc Gateway (when enabled)", "conditional": true }, { "port": 55000, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toCluster", "purpose": "gRPC / Cloud Agent" }, { "port": 65000, "protocol": "TCP", "direction": "management <-> AKS subnet", "testDirection": "toCluster", "purpose": "Cloud Agent Authentication" } ] } |