# Network

*Applies to: Patch My PC Publisher*

## Overview

As well as the [core network requirements](https://docs.patchmypc.com/patch-my-pc-publisher/core-requirements#network), the Publisher requires outbound connectivity to Microsoft Entra ID and Microsoft Graph to authenticate and manage applications in Intune. These endpoints are used for OAuth 2.0 client credential authentication, token acquisition, and for creating, updating, and assigning Win32 applications.

{% hint style="info" %}
**Note**

These URLs can be updated in the Publisher from the Options button in either the Intune Apps or Intune Updates tabs. See [Microsoft Graph API Settings](https://docs.patchmypc.com/patch-my-pc-publisher/publisher-requirements/intune-requirements/entra-id-app-registration) for more details.
{% endhint %}

The exact endpoints depend on the cloud environment your Intune tenant is hosted in, as outlined in the different scenarios below.

## **Scenario 1: Public / Commercial Cloud**

This is the default and most common configuration and applies to the majority of Patch My PC customers using standard Microsoft 365 and Intune tenants. Use this configuration unless your tenant is explicitly hosted in a government or sovereign cloud.

| Setting                | Value                               |
| ---------------------- | ----------------------------------- |
| **Authority**          | `https://login.microsoftonline.com` |
| **Authentication URL** | `https://graph.microsoft.com`       |
| **Graph Base URL**     | `https://graph.microsoft.com/beta`  |

The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:

* <https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=public-cloud>

These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.

## **Scenario 2: GCC High (US Government)**

Use this configuration if your organization operates in the GCC High (U.S. Government) cloud. These tenants use separate authentication and Microsoft Graph endpoints that differ from the commercial cloud and must be configured explicitly.

{% hint style="info" %}
**Note**

If your tenant is not explicitly documented as GCC High or 21Vianet, you should use the Public / Commercial Cloud endpoints. GCC and other non-sovereign government tenants (such as GCC non-High) continue to use the commercial cloud endpoints.
{% endhint %}

| Setting                | Value                              |
| ---------------------- | ---------------------------------- |
| **Authority**          | `https://login.microsoftonline.us` |
| **Authentication URL** | `https://graph.microsoft.us`       |
| **Graph Base URL**     | `https://graph.microsoft.us/beta`  |

The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:

* <https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=us-government-cloud>

These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.

## **Scenario 3: 21Vianet (China)**

Use this configuratio only if your Intune tenant is hosted in Microsoft 21Vianet (China). This sovereign cloud operates independently from the commercial and government clouds and requires region-specific endpoints.

| Setting                | Value                                          |
| ---------------------- | ---------------------------------------------- |
| **Authority**          | `https://login.chinacloudapi.cn`               |
| **Authentication URL** | `https://microsoftgraph.chinacloudapi.cn`      |
| **Graph Base URL**     | `https://microsoftgraph.chinacloudapi.cn/beta` |

The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:

* <https://learn.microsoft.com/en-us/azure/azure-portal/azure-portal-safelist-urls?tabs=azure-china-cloud>

These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.