

The installation wizard uses two different security contexts. Used to configure your Azure AD directory and import/export data. Used to download CRL lists for multifactor authentication (MFA). Used to download certificate revocation list (CRL) lists. The information is provided here to help with troubleshooting for the initial configuration. This list doesn't include any optional features, such as password writeback or Azure AD Connect Health. Of these URLs, the URLs listed in the following table are the absolute bare minimum to be able to connect to Azure AD at all. The official list is documented in Office 365 URLs and IP address ranges. The proxy server must also have the required URLs opened. For that reason, we recommend that you update nfig as described in this article. Even if the file works during the initial installation, the system stops working during the first upgrade. However, the file is overwritten on every upgrade.

Some non-Microsoft blogs indicate you should make changes to instead of the nfig file.
