This page provides a comprehensive overview of the necessary endpoints for deploying Azure Stack HCI version 23H2 in the East US region. It outlines the specific URLs, ports and protocols that must be accessible during the deployment process to ensure successful integration with Azure services. The document serves as a crucial resource for IT professionals and system administrators who are preparing to deploy Azure Stack HCI solutions, offering detailed guidance on network configuration and external connectivity requirements. By adhering to the listed endpoints, users can facilitate a smooth deployment process, ensuring that their Azure Stack HCI environment is properly connected and functional within the East US region.
This list last update is from September 26th, 2024
| Id | HCI Component | Endpoint URL | Port | Notes | Arc gateway support | Required for |
|---|---|---|---|---|---|---|
| 1 | Azure Stack HCI AKS infra | mcr.microsoft.com | 443 | Global site used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 2 | Azure Stack HCI AKS infra | westus.data.mcr.microsoft.com | 443 | West US site used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 3 | Azure Stack HCI AKS infra | northeurope.data.mcr.microsoft.com | 443 | North Europe site used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 4 | Azure Stack HCI AKS infra | westeurope.data.mcr.microsoft.com | 443 | Western Europe site used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 5 | Azure Stack HCI AKS infra | azurearcfork8s.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 6 | Azure Stack HCI AKS infra | linuxgeneva-microsoft.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 7 | Azure Stack HCI AKS infra | pipelineagent.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 8 | Azure Stack HCI AKS infra | azurearcfork8sdev.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 9 | Azure Stack HCI AKS infra | hybridaks.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 10 | Azure Stack HCI AKS infra | aszk8snetworking.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 11 | Azure Stack HCI AKS infra | hybridaksstorage.z13.web.core.windows.net | 443 | AKSHCI static website hosted in Azure Storage. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 12 | Azure Stack HCI AKS infra | *.dl.delivery.mp.microsoft.com | 80, 443 | Used for AKS Arc VHD image download and update. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 13 | Azure Stack HCI AKS infra | *.do.dsp.mp.microsoft.com | 443 | Used for AKS Arc VHD image download and update. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 14 | Azure Stack HCI AKS infra | *.prod.do.dsp.mp.microsoft.com | 443 | Used for AKS Arc VHD image download and update. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 15 | Azure Stack HCI AKS infra | eastus.dp.kubernetesconfiguration.azure.com | 443 | Required for initial validation. | Yes. 2408 or later new deployment | Deployment |
| 16 | Azure Stack HCI AKS infra | sts.windows.net | 443 | For Cluster Connect and Custom Location-based scenario. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 17 | Azure Stack HCI AKS infra | ecpacr.azurecr.io | 443 | Used for official Microsoft artifacts such as container images. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 18 | Azure Stack HCI AKS infra | pypi.org | 443 | Used to download Az CLI and Az CLI extensions. | No | Deployment & Post deployment |
| 19 | Azure Stack HCI AKS infra | files.pythonhosted.org | 443 | Used to download Az CLI and Az CLI extensions. | No | Deployment & Post deployment |
| 20 | Azure Stack HCI AKS infra | raw.githubusercontent.com | 443 | Used for GitHub. | No | Deployment & Post deployment |
| 21 | Azure Stack HCI ARB infra | msk8s.api.cdp.microsoft.com | 443 | Download product catalog, product bits, and OS images from SFS. | No | Deployment & Post deployment |
| 22 | Azure Stack HCI ARB infra | msk8s.sb.tlu.dl.delivery.mp.microsoft.com | 443 | Download the Arc Resource Bridge OS images. | No | Deployment & Post deployment |
| 23 | Azure Stack HCI ARB infra | time.windows.com | 123 | OS time sync in appliance VM & Management machine (Windows NTP). | No | Deployment & Post deployment |
| 24 | Azure Stack HCI ARB infra | k8connecthelm.azureedge.net | 443 | deploy Azure Arc agent. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 25 | Azure Stack HCI ARB infra | kvamanagementoperator.azurecr.io | 443 | Pull artifacts for Appliance managed components. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 26 | Azure Stack HCI ARB infra | packages.microsoft.com | 443 | Download Linux installation package. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 27 | Azure Stack HCI ARB infra | k8sconnectcsp.azureedge.net | 443 | Required for Custom Location. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 28 | Azure Stack HCI ARB infra | *.prod.hot.ingest.monitor.core.windows.net | 443 | Periodically sends Microsoft required diagnostic data. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 29 | Azure Stack HCI ARB infra | prod5.prod.hot.ingestion.msftcloudes.com | 443 | Periodically sends Microsoft required diagnostic data. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 30 | Azure Stack HCI ARB infra | eastus.dp.prod.appliances.azure.com | 443 | Used for ARB data plane operations in East Us. | Yes. 2408 or later new deployment | Deployment |
| 31 | Azure Stack HCI Arc agent | download.microsoft.com | 443 | For downloading the Windows installation package. | No. Arc registration required | Deployment & Post deployment |
| 32 | Azure Stack HCI Arc agent | pas.windows.net | 443 | For Microsoft Entra ID. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 33 | Azure Stack HCI Arc agent | guestnotificationservice.azure.com | 443 | For the notification service for extension and connectivity scenarios. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 34 | Azure Stack HCI Arc agent | gbl.his.arc.azure.com | 443 | For global metadata and hybrid identity services. | No. Arc registration required | Deployment & Post deployment |
| 35 | Azure Stack HCI Arc agent | eus.his.arc.azure.com | 443 | For Australia East metadata and hybrid identity services. | No. Arc registration required | Deployment & Post deployment |
| 36 | Azure Stack HCI Arc agent | eastus-gas.guestconfiguration.azure.com | 443 | For extension management and guest configuration services in Australia East. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 37 | Azure Stack HCI Arc agent | agentserviceapi.guestconfiguration.azure.com | 443 | For notification service for extension and connectivity scenarios. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 38 | Azure Stack HCI Arc agent | azgn*.servicebus.windows.net | 443 | Not required if endpoint 41 below is whitelisted. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 39 | Azure Stack HCI Arc agent | *.servicebus.windows.net | 443 | For multiple HCI components. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 40 | Azure Stack HCI WAC | *.waconazure.com | 443 | For Windows Admin Center management after deployment. | Yes. 2408 or later new deployment | Post deployment |
| 41 | Azure Stack HCI Arc gateway | yourarcgatewayendpointid.gw.arc.azure.net | 443 | Manage cluster from Azure portal. ENSURE THIS IS YOUR UNIQUE GATEWAY NAME | No. Arc registration required | Deployment & Post deployment |
| 42 | Azure Stack HCI authentication | login.microsoftonline.com | 443 | For Active Directory Authority and authentication, token fetch, and validation. | No. Arc registration required | Deployment & Post deployment |
| 43 | Azure Stack HCI authentication | graph.windows.net | 443 | For Graph authentication, token fetch, and validation. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 44 | Azure Stack HCI authentication | graph.microsoft.com | 443 | For Graph authentication and Azure Resource Bridge RBAC. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 45 | Azure Stack HCI authentication | login.windows.net | 443 | For Microsoft Entra ID. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 46 | Azure Stack HCI authentication | eastus.login.microsoft.com | 443 | Required to fetch and update ARM tokens for logging into East Us Azure. | Yes. 2408 or later new deployment | Deployment |
| 47 | Azure Stack HCI benefits | crl3.digicert.com | 80 | Platform attestation service on HCI to perform a certificate revocation list. | No | Deployment & Post deployment |
| 48 | Azure Stack HCI benefits | crl4.digicert.com | 80 | Platform attestation service on HCI to perform a certificate revocation list. | No | Deployment & Post deployment |
| 49 | Azure Stack HCI deployment | www.powershellgallery.com | 443 | To install required PSGallery modules for Arc registration. | No | Deployment & Post deployment |
| 50 | Azure Stack HCI deployment | psg-prod-eastus.azureedge.net | 443 | To install required PSGallery modules for Arc registration. | No | Deployment & Post deployment |
| 51 | Azure Stack HCI deployment | onegetcdn.azureedge.net | 443 | To install required PSGallery modules for Arc registration. | No | Deployment & Post deployment |
| 52 | Azure Stack HCI deployment | portal.azure.com | 443 | For Azure Stack HCI deployment | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 53 | Azure Stack HCI deployment | *.blob.core.windows.net | 443 | For multiple HCI components. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 54 | Azure Stack HCI deployment | hciarcvmscontainerregistry.azurecr.io | 443 | For Arc VM container registry on Azure Stack HCI 23H2. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 55 | Azure Stack HCI deployment | azurestackreleases.download.prss.microsoft.com | 443 | For Azure Stack HCI Arc extensions deployment. | No. Arc registration required | Deployment & Post deployment |
| 56 | Azure Stack HCI authentication | yourhcikeyvaultname.vault.azure.net | 443 | Access to key vault to access Azure Stack HCI deployment secrets. ENSURE THIS IS YOUR UNIQUE KEYVAULT NAME | No | Deployment & Post deployment |
| 57 | Azure Stack HCI deployment | settings-win.data.microsoft.com | 443 | For Azure Stack HCI deployment | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 58 | Azure Stack HCI diag & billing | dp.stackhci.azure.com | 443 | For Data plane diagnostics and billing data. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 59 | Azure Stack HCI diag & billing | licensing.platform.edge.azure.com | 443 | For Data plane licensing billing data. Required only for Azure Stack HCI, version 23H2. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 60 | Azure Stack HCI diag & billing | billing.platform.edge.azure.com | 443 | For Data plane licensing billing data. Required only for Azure Stack HCI, version 23H2. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 61 | Azure Stack HCI diag & billing | azurestackhci.azurefd.net | 443 | Previous URL for Data plane for backwards compatibility. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 62 | Azure Stack HCI management | management.azure.com | 443 | Initial HCI cluster registration, bootstrapping and management operations. | No. Arc registration required | Deployment & Post deployment |
| 63 | Azure Stack HCI monitoring | global.prod.microsoftmetrics.com | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 64 | Azure Stack HCI monitoring | prod5.prod.microsoftmetrics.com | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 65 | Azure Stack HCI monitoring | dc.services.visualstudio.com | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 66 | Azure Stack HCI monitoring | qos.prod.warm.ingest.monitor.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 67 | Azure Stack HCI monitoring | eastus-shared.prod.warm.ingest.monitor.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment |
| 68 | Azure Stack HCI monitoring | westus-shared.prod.warm.ingest.monitor.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment |
| 69 | Azure Stack HCI monitoring | gcs.prod.monitoring.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 70 | Azure Stack HCI monitoring | adhs.events.data.microsoft.com | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 71 | Azure Stack HCI monitoring | v20.events.data.microsoft.com | 443 | Used for metrics and monitoring telemetry traffic. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 72 | Azure Stack HCI deployment | aka.ms | 443 | For resolving addresses to discover Azure Stack HCI | No. Arc registration required | Deployment & Post deployment |
| 73 | Azure Stack HCI deployment | redirectiontool.trafficmanager.net | 443 | Usage data tracking for the aka.ms redirection links. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 74 | Azure Stack HCI Updates | fe3.delivery.mp.microsoft.com | 443 | For updating Azure Stack HCI, version 23H2. | No | Deployment & Post deployment |
| 75 | Azure Stack HCI Updates | fe3cr.delivery.mp.microsoft.com | 443 | For updating Azure Stack HCI, version 23H2. | No | Deployment & Post deployment |
| 76 | Azure Stack HCI Updates | tlu.dl.delivery.mp.microsoft.com | 80 | For updating Azure Stack HCI, version 23H2. | No | Deployment & Post deployment |
| 77 | Microsoft official web site | www.microsoft.com | 80, 443 | Microsoft web site. | No | Deployment & Post deployment |
| 78 | Microsoft Update | windowsupdate.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 79 | Microsoft Update | *.download.windowsupdate.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 80 | Microsoft Update | wustat.windows.com | 80 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 81 | Microsoft Update | ntservicepack.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 82 | Microsoft Update | go.microsoft.com | 80 | For Microsoft Update, allowing the OS to receive updates. | No. Arc registration required | Deployment & Post deployment |
| 83 | Microsoft Update | *.delivery.mp.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 84 | Microsoft Update | *.windowsupdate.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 85 | Microsoft Update | *.windowsupdate.com | 80 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 86 | Microsoft Update | *.update.microsoft.com | 80, 443 | For Microsoft Update, allowing the OS to receive updates. | No | Deployment & Post deployment |
| 87 | Microsoft Defender | *.endpoint.security.microsoft.com | 443 | Required only if using Microsoft Defender extension (MDE.windows). | No | Deployment & Post deployment |
| 88 | Azure Stack HCI authentication | www.office.com | 443 | Used for graph authentication. | No | Deployment & Post deployment |
| 89 | Azure Stack HCI authentication | login.microsoft.com | 443 | Required to fetch and update Azure Resource Manager tokens. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 90 | Azure Stack HCI AKS infra | pythonhosted.org | 443 | Used to download Az CLI and Az CLI extensions. | No | Deployment & Post deployment |
| 91 | Azure Stack HCI AKS infra | *.blob.storage.azure.net | 443 | To access blob storage. | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 92 | Azure Stack HCI AKS infra | https://eastus.obo.arc.azure.com | 8084 | Required for initial validation. | No | Post Deployment |
| 93 | Azure Stack HCI CRLs | oneocsp.microsoft.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 94 | Azure Stack HCI CRLs | ts-crl.ws.symantec.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 95 | Azure Stack HCI CRLs | ts-ocsp.ws.symantec.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 96 | Azure Stack HCI CRLs | s.symcb.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 97 | Azure Stack HCI CRLs | ocsp.digicert.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 98 | Azure Stack HCI CRLs | ocsp2.globalsign.com | 80 | Required for Public authorities’ certificate revocation list. | No | Deployment & Post deployment |
| 99 | Azure Stack HCI AKS infra | hciarcvmsstorage.z13.web.core.windows.net | 443 | Storage account for stack-hci-vm CLI extension files. | No | Deployment & Post deployment |
| 100 | Azure Stack HCI AKS infra | www.msftconnecttest.com/connecttest.txt | 80 | Bootstrap Windows outbound connectivity validation | No | Deployment |
| 101 | Azure Stack HCI AKS infra | edgesupprd.trafficmanager.net | 443 | Remote Support Extension | Yes. 2408 or later new deployment | Deployment & Post deployment |
| 102 | Azure Stack HCI AKS infra | azurewatsonanalysis-prod.core.windows.net | 443 | Used for metrics and monitoring telemetry traffic. | No | Deployment & Post deployment |