Those of you out there with firewalls may have run into issues with the Windows Intune clients having difficulty communicating with the service. The excerpt below provides detailed information on how to set up your firewall for a successful Windows Implementation. Thanks goes to our awesome documentation team for putting this together, and to the Windows Intune client team for doing the research and testing.
If you want to use Windows Intune™ to manage client computers that exist behind firewalls or proxy servers, you must configure the firewall or proxy server to allow Windows Intune to communicate with the client computers.
If the client computers exist behind a firewall, you must configure the firewall to allow communications with the domains through the specified ports that are listed in the following tables.
*.livemeeting.com
80 and 443
*.microsoftonline.com
80
onlinehelp.microsoft.com
*.social.technet.microsoft.com
blogs.technet.com
go.microsoft.com
www.microsoft.com
*.update.microsoft.com
download.microsoft.com
update.microsoft.com
Depending on the firewall and how it processes DNS lookup requests, you might also need to allow access to the domain manage.microsoft.com.nsatc.net on port 80.
*.manage.microsoft.com
*.spynet2.microsoft.com
443
manage.microsoft.com
wustat.microsoft.com
*.download.windowsupdate.com
*.windowsupdate.com
download.windowsupdate.com
ntservicepack.microsoft.com
windowsupdate.microsoft.com
If the client computers exist behind a proxy server, you must configure the proxy server as follows:
You can modify proxy server settings on individual client computers, or you can use Group Policy to change settings for all client computers that exist behind a specified proxy server. Authenticated proxy servers are not supported.