This page provides a comprehensive overview of the necessary endpoints for deploying Azure Stack HCI version 23H2 in the East US region. It outlines the specific URLs, ports and protocols that must be accessible during the deployment process to ensure successful integration with Azure services. The document serves as a crucial resource for IT professionals and system administrators who are preparing to deploy Azure Stack HCI solutions, offering detailed guidance on network configuration and external connectivity requirements. By adhering to the listed endpoints, users can facilitate a smooth deployment process, ensuring that their Azure Stack HCI environment is properly connected and functional within the East US region.
This list last update is from July 4th, 2024
| Id | HCI Component | Endpoint URL | Port | Notes |
|---|---|---|---|---|
| 1 | Azure Stack HCI AKS infra | mcr.microsoft.com | 443 | Used for official Microsoft artifacts such as container images. |
| 2 | Azure Stack HCI AKS infra | northeurope.data.mcr.microsoft.com | 443 | Used for official Microsoft artifacts such as container images. |
| 3 | Azure Stack HCI AKS infra | westeurope.data.mcr.microsoft.com | 443 | Used for official Microsoft artifacts such as container images. |
| 4 | Azure Stack HCI AKS infra | azurearcfork8s.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 5 | Azure Stack HCI AKS infra | linuxgeneva-microsoft.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 6 | Azure Stack HCI AKS infra | pipelineagent.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 7 | Azure Stack HCI AKS infra | azurearcfork8sdev.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 8 | Azure Stack HCI AKS infra | hybridaks.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 9 | Azure Stack HCI AKS infra | aszk8snetworking.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 10 | Azure Stack HCI AKS infra | docker.io | 443 | Used for Kubernetes official artifacts such as container base images. |
| 11 | Azure Stack HCI AKS infra | hybridaksstorage.z13.web.core.windows.net | 443 | AKSHCI static website hosted in Azure Storage. |
| 12 | Azure Stack HCI AKS infra | *.dl.delivery.mp.microsoft.com | 80, 443 | Used for AKS Arc VHD image download and update. |
| 13 | Azure Stack HCI AKS infra | *.do.dsp.mp.microsoft.com | 443 | Used for AKS Arc VHD image download and update. |
| 14 | Azure Stack HCI AKS infra | *.prod.do.dsp.mp.microsoft.com | 443 | Used for AKS Arc VHD image download and update. |
| 15 | Azure Stack HCI AKS infra | gcr.io | 443 | Used for AKS Arc VHD image download and update. |
| 16 | Azure Stack HCI AKS infra | eastus.dp.kubernetesconfiguration.azure.com | 443 | Used for Azure Arc configuration. |
| 17 | Azure Stack HCI AKS infra | sts.windows.net | 443 | For Cluster Connect and Custom Location-based scenario. |
| 18 | Azure Stack HCI AKS infra | ecpacr.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. |
| 19 | Azure Stack HCI AKS infra | pypi.org | 443 | Used to download Az CLI and Az CLI extensions. |
| 20 | Azure Stack HCI AKS infra | *.pypi.org | 443 | Used to download Az CLI and Az CLI extensions. |
| 21 | Azure Stack HCI AKS infra | files.pythonhosted.org | 443 | Used to download Az CLI and Az CLI extensions. |
| 22 | Azure Stack HCI AKS infra | raw.githubusercontent.com | 443 | Used for GitHub. |
| 23 | Azure Stack HCI ARB infra | msk8s.api.cdp.microsoft.com | 443 | Download product catalog, product bits, and OS images from SFS. |
| 24 | Azure Stack HCI ARB infra | msk8s.sb.tlu.dl.delivery.mp.microsoft.com | 443 | Download the Arc Resource Bridge OS images. |
| 25 | Azure Stack HCI ARB infra | time.windows.com | 123 | OS time sync in appliance VM & Management machine (Windows NTP). |
| 26 | Azure Stack HCI ARB infra | k8connecthelm.azureedge.net | 443 | deploy Azure Arc agent. |
| 27 | Azure Stack HCI ARB infra | kvamanagementoperator.azurecr.io | 443 | Pull artifacts for Appliance managed components. |
| 28 | Azure Stack HCI ARB infra | packages.microsoft.com | 443 | Download Linux installation package. |
| 29 | Azure Stack HCI ARB infra | k8sconnectcsp.azureedge.net | 443 | Required for Custom Location. |
| 30 | Azure Stack HCI ARB infra | *.prod.hot.ingest.monitor.core.windows.net | 443 | Periodically sends Microsoft required diagnostic data. |
| 31 | Azure Stack HCI ARB infra | eastus.dp.prod.appliances.azure.com | 443 | Used for data plane operations for Resource bridge (appliance). |
| 32 | Azure Stack HCI Arc agent | download.microsoft.com | 443 | For downloading the Windows installation package. |
| 33 | Azure Stack HCI Arc agent | pas.windows.net | 443 | For Microsoft Entra ID. |
| 34 | Azure Stack HCI Arc agent | guestnotificationservice.azure.com | 443 | For the notification service for extension and connectivity scenarios. |
| 35 | Azure Stack HCI Arc agent | gbl.his.arc.azure.com | 443 | For metadata and hybrid identity services. |
| 36 | Azure Stack HCI Arc agent | eus.his.arc.azure.com | 443 | For metadata and hybrid identity services. |
| 37 | Azure Stack HCI Arc agent | ae.his.arc.azure.com | 443 | For metadata and hybrid identity services. |
| 38 | Azure Stack HCI Arc agent | eastus-gas.guestconfiguration.azure.com | 443 | For extension management and guest configuration services. |
| 39 | Azure Stack HCI Arc agent | agentserviceapi.guestnotificationservice.azure.com | 443 | For notification service for extension and connectivity scenarios. |
| 40 | Azure Stack HCI Arc agent | azgn*.servicebus.windows.net | 443 | Not required if endpoint 41 below is whitelisted. For notification service for extension and connectivity. |
| 41 | Azure Stack HCI Arc agent | *.servicebus.windows.net | 443 | For multiple HCI components. |
| 42 | Azure Stack HCI Arc agent | *.waconazure.com | 443 | For Windows Admin Center connectivity. |
| 43 | Azure Stack HCI Arc gateway | .gw.arc.azure.net | 443 | Manage cluster from Azure portal. |
| 44 | Azure Stack HCI authentication | login.microsoftonline.com | 443 | For Active Directory Authority and authentication, token fetch, and validation. |
| 45 | Azure Stack HCI authentication | graph.windows.net | 443 | For Graph authentication, token fetch, and validation. |
| 46 | Azure Stack HCI authentication | graph.microsoft.com | 443 | For Graph authentication and Azure Resource Bridge RBAC. |
| 47 | Azure Stack HCI authentication | login.windows.net | 443 | For Microsoft Entra ID. |
| 48 | Azure Stack HCI authentication | login.microsoftonline.com | 443 | For Microsoft Entra ID. |
| 49 | Azure Stack HCI authentication | eastus.login.microsoft.com | 443 | Required to fetch and update Azure Resource Manager tokens for logging into Azure. |
| 50 | Azure Stack HCI benefits | crl3.digicert.com | 80 | Enables the platform attestation service on Azure Stack HCI to perform a certificate revocation list. check. |
| 51 | Azure Stack HCI benefits | crl4.digicert.com | 80 | Enables the platform attestation service on Azure Stack HCI to perform a certificate revocation list check. |
| 52 | Azure Stack HCI deployment | www.powershellgallery.com | 443 | To install required PSGallery modules for Arc registration. |
| 53 | Azure Stack HCI deployment | psg-prod-eastus.azureedge.net | 443 | To install required PSGallery modules for Arc registration. |
| 54 | Azure Stack HCI deployment | onegetcdn.azureedge.net | 443 | To install required PSGallery modules for Arc registration. |
| 55 | Azure Stack HCI deployment | portal.azure.com | 443 | For Azure Stack HCI deployment |
| 56 | Azure Stack HCI deployment | *.blob.core.windows.net | 443 | For firewall access to the Azure blob container, if using a cloud witness as the cluster witness. |
| 57 | Azure Stack HCI deployment | hciarcvmscontainerregistry.azurecr.io | 443 | For Arc VM container registry on Azure Stack HCI. Required only for Azure Stack HCI, version 23H2. |
| 58 | Azure Stack HCI deployment | azurestackreleases.download.prss.microsoft.com | 443 | For Azure Stack HCI Arc extensions deployment. |
| 59 | Azure Stack HCI deployment | .vault.azure.net | 443 | Access to key vault to access Azure Stack HCI deployment secrets. |
| 60 | Azure Stack HCI deployment | settings-win.data.microsoft.com | 443 | For Azure Stack HCI deployment |
| 61 | Azure Stack HCI diag & billing | dp.stackhci.azure.com | 443 | For Data plane diagnostics and billing data. |
| 62 | Azure Stack HCI diag & billing | licensing.platform.edge.azure.com | 443 | For Data plane licensing billing data. Required only for Azure Stack HCI, version 23H2. |
| 63 | Azure Stack HCI diag & billing | billing.platform.edge.azure.com | 443 | For Data plane licensing billing data. Required only for Azure Stack HCI, version 23H2. |
| 64 | Azure Stack HCI diag & billing | azurestackhci.azurefd.net | 443 | Previous URL for Data plane for backwards compatibility. |
| 65 | Azure Stack HCI management | management.azure.com | 443 | Initial HCI cluster registration, bootstrapping and management operations. |
| 66 | Azure Stack HCI monitoring | global.prod.microsoftmetrics.com | 443 | Used for metrics and monitoring telemetry traffic. |
| 67 | Azure Stack HCI monitoring | dc.services.visualstudio.com | 443 | Used for metrics and monitoring telemetry traffic. |
| 68 | Azure Stack HCI monitoring | qos.prod.warm.ingest.monitor.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. |
| 69 | Azure Stack HCI monitoring | eastus-shared.prod.warm.ingest.monitor.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. |
| 70 | Azure Stack HCI monitoring | gcs.prod.monitoring.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. |
| 71 | Azure Stack HCI monitoring | adhs.events.data.microsoft.com | 443 | Used for metrics and monitoring telemetry traffic. |
| 72 | Azure Stack HCI monitoring | v20.events.data.microsoft.com | 443 | Used for metrics and monitoring telemetry traffic. |
| 73 | Azure Stack HCI Updates discovery | aka.ms | 443 | For resolving addresses to discover Azure Stack HCI, version 23H2 and Solution Builder Extension Updates. |
| 74 | Azure Stack HCI Updates discovery | redirectiontool.trafficmanager.net | 443 | Underlying service that implements usage data tracking for the aka.ms redirection links. |
| 75 | Azure Stack HCI Updates download | fe3.delivery.mp.microsoft.com | 443 | For updating Azure Stack HCI, version 23H2. |
| 76 | Azure Stack HCI Updates download | tlu.dl.delivery.mp.microsoft.com | 80 | For updating Azure Stack HCI, version 23H2. |
| 77 | Microsoft official web site | www.microsoft.com | 80, 443 | Microsoft web site. |
| 78 | Microsoft Update | windowsupdate.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. |
| 79 | Microsoft Update | *.download.windowsupdate.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. |
| 80 | Microsoft Update | wustat.windows.com | 80 | For Microsoft Update, allowing the OS to receive updates. |
| 81 | Microsoft Update | ntservicepack.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. |
| 82 | Microsoft Update | go.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. |
| 83 | Microsoft Update | *.delivery.mp.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. |
| 84 | Microsoft Update | *.windowsupdate.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. |
| 85 | Microsoft Update | *.windowsupdate.com | 80 | For Microsoft Update, allowing the OS to receive updates. |
| 86 | Microsoft Update | *.update.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. |
| 87 | Microsoft Defender | *.endpoint.security.microsoft.com | 443 | Required only if using Microsoft Defender extension (MDE.windows). |
| 88 | Azure Stack HCI authentication | www.office.com | 443 | Used for graph authentication. |
| 89 | Azure Stack HCI authentication | login.microsoft.com | 443 | Required to fetch and update Azure Resource Manager tokens. |
| 90 | Azure Stack HCI AKS infra | pythonhosted.org | 443 | Used to download Az CLI and Az CLI extensions. |
| 91 | Azure Stack HCI AKS infra | *. blob.storage.azure.net | 443 | To access blob storage. |
| 92 | Azure Stack HCI AKS infra | dl.k8s.io | 443 | To access blob storage. |
| 93 | Azure Stack HCI AKS infra | eastus.obo.arc.azure.com:8084 | 443 | To access blob storage. |