David Overton's Blog and Discussion Site
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small. I specialise in Windows Intune and SBS 2008.
This blog is purely the personal opinions of David Overton. If you can't find the information you were looking for e-mail me at admin@davidoverton.com.

To find out more about my Windows Intune BOOK - Microsoft Windows Intune 2.0: Quickstart Administration click here

To find out more about my SBS 2008 BOOK - Small Business Server 2008, Installation, Migration and Configuration click here

Windows Intune and firewalls / proxies
David Overton's Blog

Buy my books

Windows Intune:Quickstart Administration


This is the RAW book (Read as Written).
Click here for more information
Buy or pre-order today

SBS 2008 - Installation, Migration and Configuration

Small Business Server 2008 – Installation, Migration, and Configuration

Buy today in book or e-book form

Request a Review Copy

Twitter

Syndication

We had this question circulate around at work, so I wanted to share.  Window Intune needs access to the internet.  This means that the services need unhindered access to the internet.  While for most of us, once we are connected, we are connected, some firewall / proxy devices require extra information to be entered into a browser and this is something that Windows Intune cannot deal with.

Luckily, Richard at Windows Intunepedia has written about this and quite some time ago.  The key elements are:

Ports 80,443 will be needed for outgoing communications and the firewall / proxy must be as follows:

If the client computers exist behind an authenticating proxy server, you must configure the proxy server as follows:

1. Confirm that the proxy server supports HTTP and HTTPS.

2. Enable either Non-auth or Negotiate (Kerberos) authentication methods on the proxy.

If your proxy server is using the Negotiate (Kerberos) authentication method then you must configure it to allow authentication using computer accounts rather than user accounts. This is because the Windows Intune client agents run using the LocalSystem security context not that of a logged on user. If it is not possible for your proxy to be configured in this manner the agents will not be able to report to that Windows Intune service while they are behind that proxy.

More can be found from Richard at

Windows intunepedia

 

Thanks

David


Posted Thu, Jan 12 2012 7:34 PM by David Overton

Add a Comment

(optional)  
(optional)
(required)  
Remember Me?

(c)David Overton 2006-13