![]() ![]() For more information, see How to configure Internet Explorer. If Internet Explorer enhanced security is enabled, allow the following websites on the server where you install the agent: - The federation server for your organization that's trusted by Azure AD (for example, ). If Internet Explorer enhanced security is enabled, allow specified websites. For more information, see Hybrid identity required ports and protocols. Upgrade to the latest version so that only port 443 is required. The agent requires the following firewall ports to be open so that it can communicate with the Azure AD Connect Health service endpoints: - TCP port 443 - TCP port 5671 The latest version of the agent doesn't require port 5671. For more information, see Set up TLS inspection.įirewall ports on the server are running the agent. The agent registration step or data upload operations might fail if there's TLS inspection or termination for outbound traffic at the network layer. TLS inspection for outbound traffic is filtered or disabled. Outbound connectivity is based on IP addresses.įor information about firewall filtering based on IP addresses, see Azure IP ranges. If firewalls block outbound connectivity, add the outbound connectivity endpoints to an allowlist. The Azure service endpoints have outbound connectivity.ĭuring installation and runtime, the agent requires connectivity to Azure AD Connect Health service endpoints. Similarly, to get data from your on-premises Azure Active Directory Domain Services (Azure AD DS) infrastructure, you must install the agent on the domain controllers. For example, to get data from your Active Directory Federation Services (AD FS) infrastructure, you must install the agent on the AD FS server and on the Web Application Proxy server. Health agents must be installed and configured on targeted servers so that they can receive data and provide monitoring and analytics capabilities. The Azure AD Connect Health agent is installed on each targeted server. For more information, see Sign up for Azure as an organization. You can't use a Microsoft account to install the agents. Important: Use a work or school account to install the agents. For more information, see Azure RBAC for Azure AD Connect Health. By using Azure role-based access control (Azure RBAC), you can allow other users in your organization to access Azure AD Connect Health. For more information, see Administering your Azure AD directory. You're a hybrid identity administrator in Azure AD.īy default, only Hybrid Identity Administrator and Global Administrator accounts can install and configure health agents, access the portal, and do any operations within Azure AD Connect Health. To start a free 30-day trial, see Start a trial. For more information, see Sign up for Azure AD Premium. You have an Azure Active Directory (Azure AD) Premium (P1 or P2) Subscription.Īzure AD Connect Health is a feature of Azure AD Premium (P1 or P2). The following table lists requirements for using Azure AD Connect Health: Requirement ![]() Azure AD Connect Health is not available in the China sovereign cloud. ![]()
0 Comments
Leave a Reply. |