Network
Applies to: Patch My PC Publisher
Overview
As well as the core network requirements, the Publisher requires outbound connectivity to Microsoft Entra ID and Microsoft Graph to authenticate and manage applications in Intune. These endpoints are used for OAuth 2.0 client credential authentication, token acquisition, and for creating, updating, and assigning Win32 applications.
Note
These URLs can be updated in the Publisher from the Options button in either the Intune Apps or Intune Updates tabs. See Microsoft Graph API Settings for more details.
The exact endpoints depend on the cloud environment your Intune tenant is hosted in, as outlined in the different scenarios below.
Scenario 1: Public / Commercial Cloud
This is the default and most common configuration and applies to the majority of Patch My PC customers using standard Microsoft 365 and Intune tenants. Use this configuration unless your tenant is explicitly hosted in a government or sovereign cloud.
Authority
https://login.microsoftonline.com
Authentication URL
https://graph.microsoft.com
Graph Base URL
https://graph.microsoft.com/beta
The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:
These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.
Scenario 2: GCC High (US Government)
Use this configuration if your organization operates in the GCC High (U.S. Government) cloud. These tenants use separate authentication and Microsoft Graph endpoints that differ from the commercial cloud and must be configured explicitly.
Note
If your tenant is not explicitly documented as GCC High or 21Vianet, you should use the Public / Commercial Cloud endpoints. GCC and other non-sovereign government tenants (such as GCC non-High) continue to use the commercial cloud endpoints.
Authority
https://login.microsoftonline.us
Authentication URL
https://graph.microsoft.us
Graph Base URL
https://graph.microsoft.us/beta
The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:
These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.
Scenario 3: 21Vianet (China)
Use this configuratio only if your Intune tenant is hosted in Microsoft 21Vianet (China). This sovereign cloud operates independently from the commercial and government clouds and requires region-specific endpoints.
Authority
https://login.chinacloudapi.cn
Authentication URL
https://microsoftgraph.chinacloudapi.cn
Graph Base URL
https://microsoftgraph.chinacloudapi.cn/beta
The table above lists the primary authentication and Microsoft Graph endpoints required by the Publisher. In addition to these, Microsoft Intune and Azure rely on a broader set of Azure service endpoints. For the full, authoritative list of Azure portal URLs, domains, and service dependencies, refer to Microsoft’s documentation:
These endpoints are required for authentication flows, token issuance, and service interactions used by Intune.
Last updated
Was this helpful?