Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If your monitored application or infrastructure is behind a firewall, you need to configure network access to allow communication with Azure Monitor services.
Azure Monitor uses service tags, which provide a more reliable and dynamic way to manage network access. Service tags are regularly updated and can be retrieved through an API, ensuring that you have the latest available IP address information without requiring manual updates.
If you're using Azure network security groups, you can manage access with Azure network service tags. For hybrid or on-premises resources, you can download the equivalent IP address lists as JSON files, which are refreshed weekly. To cover all necessary exceptions, use the service tags ActionGroup, ApplicationInsightsAvailability, and AzureMonitor. For more information, see Azure Service Tags Overview.
Note
- All Application Insights traffic represents outbound traffic except for availability monitoring and webhook action groups, which also require inbound firewall rules.
- Service tags don't replace validation/authentication checks required for cross-tenant communications between a customer's Azure resource and other service tag resources.
You need to open some outgoing ports in your server's firewall to allow the Application Insights SDK or Application Insights Agent to send data to the portal.
Note
These addresses are listed by using Classless Interdomain Routing notation. As an example, an entry like 51.144.56.112/28 is equivalent to 16 IPs that start at 51.144.56.112 and end at 51.144.56.127.
| Purpose | URL | Type | Ports |
|---|---|---|---|
| Telemetry | dc.applicationinsights.azure.cndc.applicationinsights.microsoft.comdc.services.visualstudio.com{region}.in.applicationinsights.azure.cn |
Global Global Global Regional |
443 |
| Live Metrics | live.applicationinsights.azure.cnrt.applicationinsights.microsoft.comrt.services.visualstudio.com{region}.livediagnostics.monitor.azure.cnExample for {region}: chinanorth2 |
Global Global Global Regional |
443 |
Note
- Application Insights ingestion endpoints are IPv4 only.
Application Insights Agent configuration is needed only when you're making changes.
| Purpose | URL | Ports |
|---|---|---|
| Configuration | management.core.chinacloudapi.cn |
443 |
| Configuration | management.chinacloudapi.cn |
443 |
| Configuration | login.chinacloudapi.cn |
443 |
| Configuration | login.partner.microsoftonline.cn |
443 |
| Configuration | secure.aadcdn.partner.microsoftonline-p.cn |
443 |
| Configuration | auth.gfx.ms |
443 |
| Configuration | login.live.com |
443 |
| Installation | globalcdn.nuget.org, packages.nuget.org ,api.nuget.org/v3/index.json nuget.org, api.nuget.org, dc.services.vsallin.net |
443 |
| Purpose | URI | Ports |
|---|---|---|
| API | api.applicationinsights.ioapi1.applicationinsights.ioapi2.applicationinsights.ioapi3.applicationinsights.ioapi4.applicationinsights.ioapi5.applicationinsights.iodev.applicationinsights.iodev.applicationinsights.microsoft.comdev.aisvc.visualstudio.comwww.applicationinsights.iowww.applicationinsights.microsoft.comwww.aisvc.visualstudio.comapi.loganalytics.io*.api.loganalytics.iodev.loganalytics.iodocs.loganalytics.iowww.loganalytics.ioapi.loganalytics.azure.cn |
80,443 |
| Azure Pipeline annotations extension | aigs1.aisvc.visualstudio.com |
443 |
| Purpose | URI | Ports |
|---|---|---|
| CDN (Content Delivery Network) | applicationanalytics.azureedge.net |
80,443 |
| Media CDN | applicationanalyticsmedia.azureedge.net |
80,443 |
The Application Insights team owns the *.applicationinsights.io domain.
| Purpose | URI | Ports |
|---|---|---|
| Portal | portal.loganalytics.io |
80,443 |
The Log Analytics team owns the *.loganalytics.io domain.
| Purpose | URI | Ports |
|---|---|---|
| Application Insights extension | stamp2.app.insightsportal.visualstudio.com |
80,443 |
| Application Insights extension CDN | insightsportal-prod2-cdn.aisvc.visualstudio.cominsightsportal-prod2-asiae-cdn.aisvc.visualstudio.cominsightsportal-cdn-aimon.applicationinsights.io |
80,443 |
| Purpose | URI | Ports |
|---|---|---|
| Application Insights JS SDK CDN | az416426.vo.msecnd.netjs.monitor.azure.com |
80,443 |
You can query the list of IP addresses used by action groups by using the Get-AzNetworkServiceTag PowerShell command.
| Purpose | URI | Ports |
|---|---|---|
| Agent | agent.azureserviceprofiler.net*.agent.azureserviceprofiler.netprofiler.monitor.azure.cn |
443 |
| Portal | gateway.azureserviceprofiler.netdataplane.diagnosticservices.azure.com |
443 |
| Storage | *.core.chinacloudapi.cn |
443 |
Note
Application Insights Profiler for .NET and Snapshot Debugger share the same set of IP addresses.
| Purpose | URI | Ports |
|---|---|---|
| Agent | agent.azureserviceprofiler.net*.agent.azureserviceprofiler.netsnapshot.monitor.azure.cn |
443 |
| Portal | gateway.azureserviceprofiler.netdataplane.diagnosticservices.azure.com |
443 |
| Storage | *.core.chinacloudapi.cn |
443 |
This section provides answers to common questions.
Yes, but you need to allow traffic to our services by either firewall exceptions or proxy redirects.
See IP addresses used by Azure Monitor to review our full list of services and IP addresses.
Route traffic from your server to a gateway on your intranet by overwriting endpoints in your configuration. If the Endpoint properties aren't present in your config, these classes use the default values which are documented in IP addresses used by Azure Monitor.
Your gateway should route traffic to our endpoint's base address. In your configuration, replace the default values with http://<your.gateway.address>/<relative path>.
If your product doesn't support service tags, take the following steps to ensure full connectivity:
- Check the latest IP ranges in the downloadable Azure IP ranges and service tags JSON file, which updates weekly.
- Review firewall logs for blocked requests and update your allowlist as needed.
For more information, see Azure Service Tags Overview.