- Products
- Learn
- Local User Groups
- Partners
- More
Firewall Uptime, Reimagined
How AIOps Simplifies Operations and Prevents Outages
Introduction to Lakera:
Securing the AI Frontier!
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
SharePoint CVEs and More!
Hi,
Are there updateable objects in R80.20 for Microsoft Intunes and Autopilot?
Intune:https://docs.microsoft.com/en-us/intune/network-bandwidth-use
also, It would be nice if there could be a way to import/upload IP address xml, csv directly to the policy in R80.20 and not only via mgmt API. Or maybe there is something like this which I am not aware of
Has anyone got this working for unattended out-of-the-box Autopilot deployments?
According to this link Intune is required for Autopilot:
There is an AppControl object for Intune, but look into the detail and HTTPS inspection is required. How do you get a cert on to the device for HTTPS inspection when the whole point of Autopilot is to do a zero touch deployment on a fresh machine?
I've tried allowing the updatable objects for Azure Services and Office365 Services, but still get a whole heap of dropped packets to something.deploy.static.akamaitechnologies.com that aren't recognised as any particular app or URL.
I'm starting to think that the only option is to provision a separate build network to each building and just blacklist a few categories for inappropriate or high risk apps and URLs rather than try and make white-listing work. Any other ideas?
Hi Shahar and all,
We're here and listening 🙂 More use cases and vendor suggestions are always welcome.
I'll be glad to discuss the use case further on, please drop me an email...
Thanks,
Dima
Has anyone got this working for unattended out-of-the-box Autopilot deployments?
According to this link Intune is required for Autopilot:
There is an AppControl object for Intune, but look into the detail and HTTPS inspection is required. How do you get a cert on to the device for HTTPS inspection when the whole point of Autopilot is to do a zero touch deployment on a fresh machine?
I've tried allowing the updatable objects for Azure Services and Office365 Services, but still get a whole heap of dropped packets to something.deploy.static.akamaitechnologies.com that aren't recognised as any particular app or URL.
I'm starting to think that the only option is to provision a separate build network to each building and just blacklist a few categories for inappropriate or high risk apps and URLs rather than try and make white-listing work. Any other ideas?
Hi,
I'm getting very similar issues. The following appear in my logs:
a104-75-172-68.deploy.static.akamaitechnologies.com (104.75.172.68)
a23-209-84-4.deploy.static.akamaitechnologies.com (23.209.84.4)
a23-216-100-183.deploy.static.akamaitechnologies.com (23.216.100.183)
a95-100-144-120.deploy.static.akamaitechnologies.com (95.100.144.120)
Intune has made a lot of noise go away.
When will Autopilot be available as an Updatable Object?
the problem with intune and autopilot is that it uses many URLs that are not listed anywhere and unfortunately, you have to allow them manually
TAC will not able to assist in this case
a Tip from CPX: Try to contact Check Point overlay team via your local office, they might be able to assist
Quick update, I can see in SDB that Intune was added as an Updatable object.
There is a relatively new SK about it
I am testing to see if it is solving intune/autopilot issues. Will update as soon ...
Hello,
can anyone suggest if we allow Microsoft Intune + azure + office 365 updatable object then is it completing the requirement of Windows autopilot and is below URL;'s working when we allow those.
if not then how we can complete the project requirement in checkpoint(Allow Windows Autopilot )
Need urgent help on this.
a104-75-172-68.deploy.static.akamaitechnologies.com.
https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/windows-autopilot-requirements
Hello,
Thanks for reply,But i didn’t get your point what is the policy means ?
if i allow microsoft intune + azure + Office 365 updatebale objects so deploy.static.akami url work or not.
Because i can see when autopilot runs first request goes for Akami url’s.
If this will not allow Akami url,s the window autopilot won’t work.
Have you tested in your environment while allowing updateable objects.
Hello,
we only allow the networks in firewall so could you please tell me how i can allow the Akami in our firewall and as of now Url filtering is not enabled.
Also,we have any any drop in our firewall.(Clean up rule)
so not getting any idea how i can allow Akami in My firewall.
Thanks,
It s been almost 2 years from the first post. Is there a solution? I have all microst, azure,I tune updatable objects attached but still there are some destinations that are dropped. Thank you
Hi, I don't think this is the best solution after 2 years from (R80.20 to R81). There is some news or updates about this issue?
Thank you!
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
User | Count |
---|---|
26 | |
16 | |
4 | |
4 | |
3 | |
3 | |
3 | |
3 | |
3 | |
2 |
Tue 07 Oct 2025 @ 10:00 AM (CEST)
Cloud Architect Series: AI-Powered API Security with CloudGuard WAFThu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Thu 09 Oct 2025 @ 10:00 AM (CEST)
CheckMates Live BeLux: Discover How to Stop Data Leaks in GenAI Tools: Live Demo You Can’t Miss!Wed 22 Oct 2025 @ 11:00 AM (EDT)
Firewall Uptime, Reimagined: How AIOps Simplifies Operations and Prevents OutagesAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY