{"id":12807,"date":"2025-09-10T09:02:23","date_gmt":"2025-09-10T00:02:23","guid":{"rendered":"https:\/\/m365jp.net\/?p=12807"},"modified":"2025-09-10T09:03:58","modified_gmt":"2025-09-10T00:03:58","slug":"mc1150664-action-required-update-firewall-configurations-to-include-new-network-endpoints","status":"publish","type":"post","link":"https:\/\/m365jp.net\/index.php\/2025-09-10-mc1150664-action-required-update-firewall-configurations-to-include-new-network-endpoints","title":{"rendered":"MC1150664 | Action Required: Update firewall configurations to include new network endpoints"},"content":{"rendered":"<div class=\"postie-post\">\n<div>\n<hr>\n<table id=\"section\">\n<tbody>\n<tr>\n<th width=\"95%\">MC1150664 | Action Required: Update firewall configurations to include new network endpoints<\/th>\n<\/tr>\n<\/tbody>\n<\/table>\n<hr>\n<table id=\"data\">\n<tbody>\n<tr>\n<th>Classification<\/th>\n<td>planForChange<\/td>\n<\/tr>\n<tr>\n<th>Last Updated<\/th>\n<td>09\/09\/2025 23:10:12<\/td>\n<\/tr>\n<tr>\n<th>Start Time<\/th>\n<td>09\/09\/2025 23:10:04<\/td>\n<\/tr>\n<tr>\n<th>End Time<\/th>\n<td>03\/31\/2026 07:00:00<\/td>\n<\/tr>\n<tr>\n<th>Action Required By Date<\/th>\n<td>2025-12-01T08:00:00Z<\/td>\n<\/tr>\n<tr>\n<th>Message Content<\/th>\n<td>\n<p>As part of Microsoft\u2019s ongoing <a href=\"https:\/\/www.microsoft.com\/trust-center\/security\/secure-future-initiative\" target=\"_blank\">  Secure Future Initiative (SFI)<\/a>, starting on or shortly after <b>December&nbsp;2, 2025<\/b>,&nbsp;the network service endpoints for Microsoft Intune will also use the Azure Front Door IP addresses. Since  <b>Basic Mobility and Security for Microsoft 365<\/b>&nbsp;uses Intune infrastructure, customers may need to add Azure Front Door IP addresses, if using a firewall allowlist that allows outbound traffic based on IP addresses or Azure service tags.<\/p>\n<p>Do not remove any existing network endpoints required for Basic Mobility and Security for Microsoft 365. Additional network endpoints are documented as part of the Azure Front Door and service tags information referenced in the files linked below:<\/p>\n<ul>\n<li>Public clouds: <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=56519\" target=\"_blank\">  Download Azure IP Ranges and Service Tags \u2013 Public Cloud from Official Microsoft Download Center<\/a>&nbsp;<\/li>\n<li>Government clouds: <a href=\"https:\/\/www.microsoft.com\/download\/details.aspx?id=57063\" target=\"_blank\">  Download Azure IP Ranges and Service Tags \u2013 US Government Cloud from Official Microsoft Download Center<\/a>&nbsp;<\/li>\n<\/ul>\n<p>The additional ranges are those listed in the JSON files linked above and can be found by searching for \u201cAzureFrontDoor.MicrosoftSecurity\u201d.<\/p>\n<p>[How this will affect your organization:]  <\/p>\n<p>If you have configured an outbound traffic policy for IP address ranges or Azure service tags for your firewalls, routers, proxy servers, client-based firewalls, VPN or network security groups, you will need to update them to include the new Azure Front   Door ranges with the \u201cAzureFrontDoor.MicrosoftSecurity\u201d tag.&nbsp;<\/p>\n<p>[What you need to do to prepare:]  <\/p>\n<p>Ensure that your firewall rules are updated and added to your firewall\u2019s allowlist with the additional IP addresses documented under Azure Front Door by  <b>December 2, 2025<\/b>.&nbsp;<\/p>\n<p>Alternatively, you may add the service tag \u201cAzureFrontDoor.MicrosoftSecurity\u201d to your firewall rules to allow outbound traffic on port 443 for the addresses in the tag.&nbsp;<\/p>\n<p>If you are not the IT admin who can make this change, notify your networking team. If you are responsible for configuring internet traffic, refer to the following documentation for more details:<\/p>\n<ul>\n<li><a href=\"https:\/\/learn.microsoft.com\/azure\/frontdoor\/origin-security?tabs=app-service-functions&amp;pivots=front-door-classic\" target=\"_blank\">Azure Front Door<\/a><\/li>\n<li><a href=\"https:\/\/learn.microsoft.com\/azure\/virtual-network\/service-tags-overview\" target=\"_blank\">Azure service tags<\/a><\/li>\n<\/ul>\n<p>If you have a helpdesk, inform them about this upcoming change. If you need additional assistance, contact  <a href=\"https:\/\/learn.microsoft.com\/microsoft-365\/admin\/get-help-support?view=o365-worldwide\" target=\"_blank\">  Microsoft Support<\/a> and refer to this message center post.<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table><\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>MC1150664 | Action Required: Update firewall configurations to include new network endpoints Classification pl [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12807","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12807","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/comments?post=12807"}],"version-history":[{"count":0,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/posts\/12807\/revisions"}],"wp:attachment":[{"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/media?parent=12807"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/categories?post=12807"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/m365jp.net\/index.php\/wp-json\/wp\/v2\/tags?post=12807"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}