https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/262038#M51381 <P>Thanks for sharing with the community!</P> Thu, 06 Nov 2025 17:40:21 GMT Daniel_Kuhl1 2025-11-06T17:40:21Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/261865#M51339 <P><STRONG>Hello CheckMates,</STRONG></P> <P>Do you know that Microsoft is changing Intune network infrastructure impacting access control policies? Thanks to my colleague&nbsp;<a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/40764">@MatthieuFeroul</a>&nbsp;for bringing this <A title="Changes in Microsoft Intune communication" href="https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-upcoming-microsoft-intune-network-changes/4452738" target="_blank" rel="noopener">Microsoft Intune change</A> to my attention! In the article you read:&nbsp;</P> <P class="lia-indent-padding-left-30px">"[...]&nbsp;<SPAN>highlighting an important upcoming change to Intune network service endpoints. Starting on or shortly after</SPAN><STRONG><SPAN>&nbsp;</SPAN>December 2, 2025</STRONG><SPAN>, Intune will also use&nbsp;</SPAN><STRONG>Azure Front Door IP addresses</STRONG><SPAN>&nbsp;to improve security and simplify firewall management."</SPAN></P> <P><STRONG>What does it mean for Check Point Firewall administrators?</STRONG></P> <P><SPAN>Don't panic <span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span> Check Point <STRONG>Updatable Object 'Azure Front Door Public Services'</STRONG> allows defining with a few clicks the relevant communication flow. </SPAN></P> <P><SPAN>You can see in the example snip of my test rule base below, that my lab network group "vpn-dom-r82gw" has access to 'Intune Services" and "Azure Front Door" and both have hits.&nbsp;</SPAN></P> <P><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="rule-base-intune.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31994i43ADE550A085EBB8/image-size/large?v=v2&amp;px=999" role="button" title="rule-base-intune.png" alt="rule-base-intune.png" /></span></SPAN></P> <P>&nbsp;</P> <P>In my lab, I observe traffic matching the "Azure Front Door for Intune" rule since last week, but please keep in mind, this is just a lab and I am not giving any general statement here.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="rule-base-front-door-log.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31996iC8ABD29D1D8646A6/image-size/large?v=v2&amp;px=999" role="button" title="rule-base-front-door-log.png" alt="rule-base-front-door-log.png" /></span></P> <P>&nbsp;</P> <P><SPAN>I left the 'Services' column to 'Any' in order to understand which services are currently used by my Intune managed device (an elderly Windows 10 computer, ready to retire). Therefore, I observed that in my lab, 'Intune Services' is using HTTP and HTTPS for communication. I haven't investigated this further.</SPAN></P> <P><SPAN><SPAN><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="rule-base-front-intune-log.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/31998i845A5BB2C98A328E/image-size/large?v=v2&amp;px=999" role="button" title="rule-base-front-intune-log.png" alt="rule-base-front-intune-log.png" /></span></SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN><SPAN>Hope this heads up is helping you, shaping Access Control Policies for the relevant changes in the Microsoft Intune communication flow.</SPAN></SPAN></P> <P><SPAN><SPAN><SPAN>greetings</SPAN></SPAN></SPAN></P> <P><SPAN><SPAN><SPAN><SPAN>pelmer</SPAN></SPAN></SPAN></SPAN></P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 05 Nov 2025 10:05:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/261865#M51339 Peter_Elmer 2025-11-05T10:05:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/261930#M51350 <P>Amazing as always, Peter <span class="lia-unicode-emoji" title=":thumbs_up:">👍</span></P> Thu, 06 Nov 2025 00:10:54 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/261930#M51350 the_rock 2025-11-06T00:10:54Z https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/262038#M51381 <P>Thanks for sharing with the community!</P> Thu, 06 Nov 2025 17:40:21 GMT https://community.checkpoint.com/t5/Firewall-and-Security-Management/Securing-Microsoft-Intune-using-Access-Control-Policy/m-p/262038#M51381 Daniel_Kuhl1 2025-11-06T17:40:21Z