Communication Data Points
If your devices are behind an enterprise firewall, the following ports and URLs must be allowed to enable smooth communication while using SureMDM.
Below is the list of services along with ports used by mentioned services,
SureMDM Services - These services are used for secured and encrypted communication between SureMDM enrolled devices and SureMDM Web Console.
SureMDM Remote Support - SureMDM offers a secure way to remotely view and control enrolled devices using SureMDM Web Console.
SureMDM Windows AppStore - This service is used for rendering Windows AppStore securely on enrolled Windows devices.
Firebase cloud messaging - Google Cloud Messaging (Firebase Cloud Messaging) by Google helps SureMDM server to send secure notifications to enrolled devices. Google uses any of these mentioned ports.
Zero Touch Enrollment: Zero-touch enrollment allows enterprises to provision Android devices by assigning enterprise configuration and security policies right out of the box.
Play Services and Android Management - Google Play services are used to securely update Google apps and apps from Google Play. It is also used for the communication and management of Android Enterprise (Work Managed Device) devices.
Samsung KNOX Enrollment - Samsung KNOX Enrollment is used for Samsung Account authentication for Knox service and also for access of enterprise devices to the Knox servers.
iOS APNS - iOS APNS enables secure communication of iOS and/or macOS devices through the SureMDM servers. This also enables third-party apps to send push notifications to iOS devices.
Apple services - Apple services are used for Apple's Mobile Asset Software Update service to provide an XML file with information about available iOS updates.
Microsoft services for Windows - This service is used for Windows notification service by Microsoft which allows secure communication between SureMDM and Windows devices.
Office 365 services - This service is used for managing Windows devices and services behind firewalls and enables secure communication.
MQTT Broker: The MQTT Broker service is used for secure, real-time communication between the SureMDM server and enrolled devices, enabling instant command delivery and status updates with minimal resource usage.
Zebra RFID Broker: The Zebra RFID Broker service is used for secure communication between Zebra RFID devices and the SureMDM server, enabling centralized management, configuration, and real-time data monitoring of RFID operations.
Zebra Printer Connector: The Zebra Printer Connector service is used to establish secure communication between Zebra printers and the SureMDM server, enabling remote management, configuration, and monitoring of printer operations.
IRIS Connector: The IRIS Connector service is used to integrate SureMDM with external enterprise systems, enabling secure data exchange and automated workflows for improved IT operations and device management.
The following table explains the communication data pointers for SureMDM:
| Port | Destination | Type | Protocol | Description |
|---|---|---|---|---|
| 443 | suremdm.42gears.com or yourdomain.suremdm.io | Outbound | HTTPS | SureMDM Services Note: Region can be included in the URL as in/us/eu during signup. |
| 443 | suremdm.42gears.com or yourdomain.suremdm.io | Outbound | TLS or WSS | SureMDM Remote Support Note: Region can be included in the URL as in/us/eu during signup. |
| 4434 | suremdm.42gears.com or yourdomain.suremdm.io | Outbound | HTTPS | SureMDM Windows AppStore Note: Region can be included in the URL as in/us/eu during signup |
| 443 | activate.42gears.com | Outbound | HTTPS | 42Gears Services |
| 443 | s3.amazonaws.com | Outbound | HTTPS | Jobs, Reports, File store and Application store. Note: Select a URL based on the region selected. |
| mars.astrouploads.com Note: The domain mars.42gears.com has been updated to mars.astrouploads.com as we transition to a new domain for 42Gears-hosted apps and files from the 5th of November 2024. | ||||
The following URLs will be allowed based on the region selected during signup: - suremdm-usstorage.s3.amazonaws.com - suremdm-eustorage.s3.eu-west-1.amazonaws.com - suremdm-instorage.s3.ap-south-1.amazonaws.com | ||||
| 443, 5228, 5229, 5230 | All traffic or Google's ASN of 15169 | Outbound | TLS/HTTPS | Firebase Cloud Messaging |
| 443 | www.googleapis.com | Outbound | HTTPS | Zero Touch Enrollment |
| 443 | *.ggpht.com | Outbound | HTTPS | Play Services and Android Management. Note: For more information, refer to page number 37 in the above link. |
| *.googleusercontent.com | Outbound | |||
| *.gvt1.com | Outbound | |||
| *play.googleapis.com | Outbound | |||
| android.clients.google.com | Outbound | |||
| 443 | *.samsung.com | Outbound | HTTPS | Samsung KNOX Enrollment |
| *.samsungknox.com | Outbound | |||
| *.secb2b.com | Outbound | |||
| 5223, 2195 - 2197 | 17\.0.0.0/8 | Outbound | TLS/HTTPS | iOS APNS |
| 443 | mesu.apple.com | Outbound | HTTPS | Apple services |
| 443 | *.notify.live.net | Outbound | HTTPS | Microsoft services for Windows |
| *.notify.windows.com | Outbound | |||
| *.wns.windows.com | Outbound | |||
| login.microsoftonline.com | Outbound | |||
| login.live.com | Outbound | |||
| 443 | *.manage.microsoft.com | Outbound | HTTPS | Office 365 services |
| *api.office.com | Outbound | |||
| *go.microsoft.com | Outbound | |||
| *login.windows-ppe.net | Outbound | |||
| *secure.aadcdn. microsoftonline-p.com | Outbound | |||
| *vortex.data.microsoft. com | Outbound | |||
| 1883 | mqttbrokerin.in.suremdm.io (IN region) | Outbound | TCP/TLS | MQTT Broker |
| mqttbrokereu.eu.suremdm.io (EU region) | ||||
| mqttbrokereu.eu2.suremdm.io (EU2 region) | ||||
| mqttbrokerusdns.suremdm.io (US DNS region) | ||||
| mqttbrokerusmaster.42gears.com (US Master region) | ||||
| 1884 | 13.235.112.244 (Static) or mqttbrokerin.in.suremdm.io (Dynamic) (IN region) | Outbound | TCP | Zebra RFID Broker |
| 18.202.132.180 (Static) or mqttbrokereu.eu.suremdm.io (Dynamic) (EU region) | ||||
| 3.73.177.50 (Static) or mqttbrokereu.eu2.suremdm.io (Dynamic) (EU2 region) | ||||
| 44.193.141.226 (Static) or mqttbrokerusdns.suremdm.io (Dynamic) (US DNS region) | ||||
| 52.2.197.183 (Static) or mqttbrokerusmaster.42gears.com (Dynamic) (US Master region) | ||||
| 11995, 8443, 85, 9443 | 65.1.187.73 (Static) or zebra-printer.in.suremdm.io (Dynamic) (IN Region) | Outbound | TCP | Zebra Printer Connector |
| 99.80.205.122 (Static) or zebra-printer.eu.suremdm.io (Dynamic) (EU Region) | ||||
| 18.199.188.108 (Static) or zebra-printer.eu2.suremdm.io (Dynamic) (EU2 Region) | ||||
| 3.231.87.161 (Static) or zebra-printer.suremdm.io (Dynamic) (US DNS Region) | ||||
| 3.221.69.178 (Static) or zebra-printer.42gears.com (Dynamic) (US Master Region) | ||||
| 86 | 65.1.187.73 (IN Region) | Outbound | TCP (Socket) | IRIS Connector |
| 99.80.205.122 (EU Region) | ||||
| 18.199.188.108 (EU2 Region) | ||||
| 3.231.87.161 (US DNS Region) | ||||
| 3.221.69.178 (US Master Region) |