Table of Contents
What Happens If You Miss the Critical Intune Firewall Deadline in December 2025?
Microsoft Intune users need to update their firewall settings by December 2, 2025, to keep their systems working properly. If you manage devices through Intune, this change is required and cannot be skipped.
What Changed
Microsoft is adding new connection points called Azure Front Door IP addresses to Intune. Think of these as new doorways that your firewall needs to recognize. The new addresses use a special label called “AzureFrontDoor.MicrosoftSecurity”. This update is part of Microsoft’s plan to make their services safer and easier to manage.
What You Must Do
You have two simple options to fix this before the deadline:
- Option 1: Add the service tag “AzureFrontDoor.MicrosoftSecurity” to your firewall rules for outbound traffic on port 443
- Option 2: Download the list of new IP addresses from Microsoft and add them to your firewall’s allowed list
Keep all your current Intune settings in place. You are only adding new addresses, not replacing old ones.
Where to Get the Files
Microsoft provides two different files based on your cloud type:
- Public Clouds: Download from Microsoft Download Center (search for “Azure IP ranges and service tags – Public Cloud”)
- Government Clouds: Download from Microsoft Download Center (search for “Azure IP ranges and service tags – US Government Cloud”)
Once you download the JSON file, search for “AzureFrontDoor.MicrosoftSecurity” to find the exact addresses you need.
Who Needs to Act
This affects you if your organization uses any of these with IP address restrictions:
- Firewalls
- Routers
- Proxy servers
- VPN configurations
- Network security groups
Talk to your network team now to make sure this gets done before December 2, 2025. Missing this deadline could stop your device and app management from working correctly.