Why does adminwebservice.microsoftonline.com appear in my firewall or proxy logs?

This endpoint appears in network logs when any Microsoft 365 administration tool or Azure AD synchronization service communicates with the Microsoft Online tenant management backend. Common sources include Azure AD Connect (formerly DirSync), the Microsoft Online Services Module for PowerShell, the Microsoft 365 Admin Center accessed through a browser, Microsoft Entra admin center operations, and automated tenant provisioning scripts. It is a legitimate Microsoft endpoint and should be allowed through your firewall for Microsoft 365 services to function properly.

Is adminwebservice.microsoftonline.com safe to allow through a corporate firewall?

Yes, it is a legitimate Microsoft-owned endpoint that is required for Office 365 and Microsoft Entra ID (Azure AD) administration. It is listed in Microsoft's official Office 365 URLs and IP address ranges documentation. You should allow outbound HTTPS (port 443) traffic to this endpoint. However, you should still monitor traffic to this URL for unusual patterns, as compromised admin credentials could be used to make unauthorized changes through this service endpoint.

What replaced adminwebservice.microsoftonline.com in newer Microsoft 365 deployments?

Microsoft has been consolidating its endpoints under the Microsoft Graph API (graph.microsoft.com) and the Microsoft Entra admin center. Many administrative operations that previously used adminwebservice.microsoftonline.com are now handled through the Microsoft Graph REST API. However, the legacy endpoint remains active for backward compatibility with older tools and scripts. The MSOnline PowerShell module (which uses this endpoint) is being deprecated in favor of the Microsoft Graph PowerShell SDK.

Qu'est-ce que http://adminwebservice.microsoftonline.com?

Note : Cet article a été publié à l’origine en 2013 and has been updated to reflect current Microsoft 365 and Microsoft Entra ID (formerly Azure AD) terminology and architecture. The endpoint remains in use for backward compatibility.

If you have examined your organization’s firewall logs, proxy server logs, or DNS query records, you may have noticed traffic directed to adminwebservice.microsoftonline.com. This endpoint is a core part of Microsoft’s cloud administration infrastructure, used by Office 365 (now Microsoft 365) and Azure Active Directory (now Microsoft Entra ID) for tenant management and directory synchronization operations. This guide explains what it is, why it appears in your network traffic, and how to handle it in your security and firewall configurations.

What Is adminwebservice.microsoftonline.com?

The URL adminwebservice.microsoftonline.com is a SOAP/REST web service endpoint operated by Microsoft that provides administrative functions for Microsoft 365 tenants. It serves as the backend API for several Microsoft administration tools and services.

Core Functions

Function	Description
Tenant Administration	Create, modify, and delete user accounts, groups, and organizational settings in a Microsoft 365 tenant
Directory Synchronization	Sync on-premises Active Directory objects to Microsoft Entra ID (Azure AD)
License Management	Assign and remove Microsoft 365 licenses programmatically
Password Operations	Password synchronization, reset, and policy enforcement
Domain Management	Verify and configure custom domains for the tenant
Service Configuration	Configure Exchange Online, SharePoint Online, and other service-specific settings

How It Fits in the Microsoft 365 Architecture

On-Premises Environment              Microsoft Cloud
+-------------------------+          +----------------------------------+
|                         |          |                                  |
| Active Directory        |          |  Microsoft Entra ID              |
| Domain Controller       |  HTTPS   |  (Azure Active Directory)        |
|          |              +--------->|          |                       |
|          v              |   443    |          v                       |
| Azure AD Connect        |          |  adminwebservice                 |
| (DirSync / AAD Sync)    +--------->|  .microsoftonline.com            |
|                         |          |          |                       |
+-------------------------+          |          v                       |
                                     |  Microsoft 365 Services          |
+-------------------------+          |  - Exchange Online               |
| Admin Workstation       |  HTTPS   |  - SharePoint Online             |
|                         +--------->|  - Teams                         |
| - Microsoft 365 Admin   |   443    |  - Intune                        |
|   Center (browser)      |          |                                  |
| - MSOnline PowerShell   |          +----------------------------------+
| - Azure AD PowerShell   |
+-------------------------+

Which Tools and Services Use This Endpoint

1. Azure AD Connect (Formerly DirSync and AAD Sync)

Azure AD Connect is the most common source of traffic to this endpoint. It synchronizes your on-premises Active Directory users, groups, and contacts to Microsoft Entra ID.

During a sync cycle, Azure AD Connect:

Reads changes from your on-premises AD
Applies filtering and transformation rules
Connects to adminwebservice.microsoftonline.com via HTTPS
Pushes created, updated, or deleted objects to the cloud directory
Pulls back any cloud-originated changes (writeback scenarios)

The sync cycle runs every 30 minutes by default. You can trigger a manual sync with PowerShell:

# Trigger a delta (incremental) sync
Start-ADSyncSyncCycle -PolicyType Delta

# Trigger a full sync (use sparingly)
Start-ADSyncSyncCycle -PolicyType Initial

2. MSOnline PowerShell Module

The legacy MSOnline PowerShell module (also called the Azure AD v1 module) communicates directly with this endpoint:

# Connect to Microsoft Online
Connect-MsolService

# Example operations that use adminwebservice.microsoftonline.com
Get-MsolUser -All
Set-MsolUser -UserPrincipalName user@contoso.com -DisplayName "New Name"
Get-MsolAccountSku
Set-MsolUserLicense -UserPrincipalName user@contoso.com -AddLicenses "contoso:ENTERPRISEPACK"

When you run Connect-MsolService, the module authenticates against login.microsoftonline.com and then uses adminwebservice.microsoftonline.com for all subsequent administrative API calls.

3. Microsoft 365 Admin Center

When administrators access the Microsoft 365 Admin Center through a web browser at admin.microsoft.com, the browser makes background API calls to adminwebservice.microsoftonline.com to retrieve and modify tenant data. You will see these requests in your browser’s Network tab (DevTools) or in your proxy logs.

4. Azure AD PowerShell Module (v2)

The newer AzureAD PowerShell module also communicates with this endpoint for certain legacy operations:

# Connect to Azure AD
Connect-AzureAD

# Operations that may use the admin web service
Get-AzureADUser -All $true
New-AzureADUser -DisplayName "Test User" -PasswordProfile $passwordProfile `
    -UserPrincipalName "testuser@contoso.com" -AccountEnabled $true `
    -MailNickName "testuser"

5. Microsoft Graph PowerShell SDK (Modern Replacement)

Microsoft is migrating administrative operations to the Microsoft Graph API (graph.microsoft.com). The Graph PowerShell SDK uses different endpoints:

# Modern approach using Microsoft Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"

# Operations use graph.microsoft.com instead
Get-MgUser -All
New-MgUser -DisplayName "Test User" -MailNickname "testuser" `
    -UserPrincipalName "testuser@contoso.com" `
    -PasswordProfile @{ Password = "TempPass123!" } `
    -AccountEnabled

Network and Firewall Configuration

Required Firewall Rules

For Microsoft 365 administration tools to function, your firewall must allow outbound traffic to the following endpoints:

Endpoint	Port	Protocol	Purpose
`adminwebservice.microsoftonline.com`	443	HTTPS	Tenant admin API
`login.microsoftonline.com`	443	HTTPS	Authentication
`login.microsoft.com`	443	HTTPS	Authentication (newer)
`graph.microsoft.com`	443	HTTPS	Microsoft Graph API
`graph.windows.net`	443	HTTPS	Azure AD Graph (legacy)
`provisioningapi.microsoftonline.com`	443	HTTPS	Provisioning
`management.azure.com`	443	HTTPS	Azure management

Proxy Server Configuration

If your organization uses a web proxy, ensure:

The proxy allows HTTPS traffic to *.microsoftonline.com
SSL inspection (if enabled) does not break certificate pinning used by Azure AD Connect
Authentication to the proxy does not interfere with the service account used by Azure AD Connect

Microsoft recommends bypassing proxy authentication for Azure AD Connect traffic. In many proxy solutions, you can configure this with a PAC file:

function FindProxyForURL(url, host) {
    // Bypass proxy for Microsoft 365 admin endpoints
    if (shExpMatch(host, "*.microsoftonline.com") ||
        shExpMatch(host, "*.microsoft.com") ||
        shExpMatch(host, "graph.microsoft.com")) {
        return "DIRECT";
    }
    return "PROXY proxy.contoso.com:8080";
}

Sécurité Considerations

Monitoring Traffic to This Endpoint

While adminwebservice.microsoftonline.com is a legitimate Microsoft endpoint, you should monitor traffic to it because:

Compromised admin credentials could be used to make unauthorized changes through this endpoint
Unusual volume of requests may indicate a misconfigured sync tool or an automated attack
Requests from unexpected sources (non-admin workstations or unknown servers) may indicate credential theft

Conditional Access Policies

Protect administrative operations by configuring Conditional Access policies in Microsoft Entra ID:

Require multi-factor authentication (MFA) for all administrative roles
Restrict admin access to compliant devices only
Block admin access from untrusted locations
Use Privileged Identity Management (PIM) for just-in-time admin access

Audit Logging

Microsoft 365 logs all administrative operations. Review these logs regularly:

# Search unified audit log for admin operations
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) `
    -RecordType AzureActiveDirectory -Operations "Add user", "Delete user", "Update user"

# Or use Microsoft Graph
$uri = "https://graph.microsoft.com/v1.0/auditLogs/directoryAudits"
Invoke-MgGraphRequest -Uri $uri -Method GET

Migration Path: MSOnline to Microsoft Graph

Microsoft has announced the deprecation of the MSOnline and AzureAD PowerShell modules. Organizations should migrate to the Microsoft Graph PowerShell SDK:

Legacy (MSOnline)	Modern (Microsoft Graph)
`Connect-MsolService`	`Connect-MgGraph`
`Get-MsolUser`	`Get-MgUser`
`Set-MsolUser`	`Update-MgUser`
`Get-MsolAccountSku`	`Get-MgSubscribedSku`
`Set-MsolUserLicense`	`Set-MgUserLicense`
`Get-MsolDomain`	`Get-MgDomain`
`Reset-MsolUserPassword`	`Reset-MgUserAuthenticationMethodPassword`

After migrating scripts to Microsoft Graph, the dependency on adminwebservice.microsoftonline.com is reduced (though not eliminated, as Azure AD Connect still uses it).

Dépannage Connection Issues

If Azure AD Connect or MSOnline PowerShell cannot reach this endpoint:

Test connectivity:

Test-NetConnection -ComputerName adminwebservice.microsoftonline.com -Port 443

Check DNS resolution:

Resolve-DnsName adminwebservice.microsoftonline.com

Verify TLS version: Microsoft requires TLS 1.2. Ensure it is enabled:

# Check TLS 1.2 support
[Net.ServicePointManager]::SecurityProtocol

# Enable TLS 1.2
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Check proxy settings: Azure AD Connect uses the machine’s default proxy. Verify with:
```
netsh winhttp show proxy
```

Résumé

The endpoint adminwebservice.microsoftonline.com is a legitimate Microsoft web service used for Microsoft 365 tenant administration and Azure AD (Microsoft Entra ID) directory synchronization. It appears in network logs when tools like Azure AD Connect, the MSOnline PowerShell module, or the Microsoft 365 Admin Center communicate with the cloud. For proper operation, allow outbound HTTPS traffic to this endpoint and related Microsoft authentication URLs. Monitor traffic for anomalies as part of your security posture, and plan to migrate administrative scripts from the legacy MSOnline module to the Microsoft Graph PowerShell SDK.

Qu'est-ce que http://adminwebservice.microsoftonline.com?

What Is adminwebservice.microsoftonline.com?

Core Functions

How It Fits in the Microsoft 365 Architecture

Which Tools and Services Use This Endpoint

1. Azure AD Connect (Formerly DirSync and AAD Sync)

2. MSOnline PowerShell Module

3. Microsoft 365 Admin Center

4. Azure AD PowerShell Module (v2)

5. Microsoft Graph PowerShell SDK (Modern Replacement)

Network and Firewall Configuration

Required Firewall Rules

Proxy Server Configuration

Sécurité Considerations

Monitoring Traffic to This Endpoint

Conditional Access Policies

Audit Logging

Migration Path: MSOnline to Microsoft Graph

Dépannage Connection Issues

Résumé

Articles Connexes

Frequently Asked Questions

What Is adminwebservice.microsoftonline.com?

Core Functions

How It Fits in the Microsoft 365 Architecture

Which Tools and Services Use This Endpoint

1. Azure AD Connect (Formerly DirSync and AAD Sync)

2. MSOnline PowerShell Module

3. Microsoft 365 Admin Center

4. Azure AD PowerShell Module (v2)

5. Microsoft Graph PowerShell SDK (Modern Replacement)

Network and Firewall Configuration

Required Firewall Rules

Proxy Server Configuration

Sécurité Considerations

Monitoring Traffic to This Endpoint

Conditional Access Policies

Audit Logging

Migration Path: MSOnline to Microsoft Graph

Dépannage Connection Issues

Résumé

Articles Connexes

Frequently Asked Questions

Articles Connexes

Qu'est-ce que http://clientconfig.microsoftonline-p.net?

Comment : Configure filtering for directory synchronization

Comment gérer Windows Azure AD avec Windows PowerShell