Hello CheckMates,

Do you know that Microsoft is changing Intune network infrastructure impacting access control policies? Thanks to my colleague @MatthieuFeroul for bringing this Microsoft Intune change to my attention! In the article you read: 

"[...] highlighting an important upcoming change to Intune network service endpoints. Starting on or shortly after December 2, 2025, Intune will also use Azure Front Door IP addresses to improve security and simplify firewall management."

What does it mean for Check Point Firewall administrators?

Don't panic 😊 Check Point Updatable Object 'Azure Front Door Public Services' allows defining with a few clicks the relevant communication flow.

You can see in the example snip of my test rule base below, that my lab network group "vpn-dom-r82gw" has access to 'Intune Services" and "Azure Front Door" and both have hits. 

In my lab, I observe traffic matching the "Azure Front Door for Intune" rule since last week, but please keep in mind, this is just a lab and I am not giving any general statement here.

I left the 'Services' column to 'Any' in order to understand which services are currently used by my Intune managed device (an elderly Windows 10 computer, ready to retire). Therefore, I observed that in my lab, 'Intune Services' is using HTTP and HTTPS for communication. I haven't investigated this further.

Hope this heads up is helping you, shaping Access Control Policies for the relevant changes in the Microsoft Intune communication flow.

greetings

pelmer