To ensure reliable operation of all Timetabling Solutions desktop and cloud applications, please allow the following domains, ports, and protocols.

1. Required Ports & Protocols

2. Required Domains (Must Be Allowed)

These should be whitelisted, bypassed from SSL inspection, and allowed through firewall filtering.

Timetabling Solutions

*.timetabling.education 
*.timetabling.onmicrosoft.com 
 services.timetabling.education

Microsoft Identity Platform (Authentication)

login.microsoftonline.com
login.windows.net
aadcdn.msftauth.net
aadcdn.msauth.net
graph.microsoft.com

Microsoft WebView2 Runtime / Edge Components

*.microsoft.com
*.edge.microsoft.com

Azure Platform Dependencies (App Services, Storage, CDN)

*.azurewebsites.net
*.cloudapp.azure.com
*.azureedge.net 
*.windows.net

Cloudflare (Edge Network & DNS)

*.cloudflare.com 
*.cloudflarestatus.com

3. Optional but Recommended

These are not always required, but some components may rely on them:

*.visualstudio.com (Microsoft DevOps assets) 
*.elev.io (Integrated help panel) 
*.salesforce.com (Training registration and embedded forms)

4. SSL Inspection Bypass (Critical)

Do not decrypt or inspect HTTPS traffic to these domains.
SSL proxies can break authentication, publishing, and token refresh.

*.timetabling.education
login.microsoftonline.com
login.windows.net
aadcdn.msftauth.net
aadcdn.msauth.net
graph.microsoft.com

5. DNS Filtering (If using DNS security products)

Ensure the following are resolvable and not blocked or rewritten:

*.timetabling.education
login.microsoftonline.com
graph.microsoft.com

6. Published Summary Version (for Schools / IT Teams) Required:

Allow outbound HTTPS (443) to *.timetabling.education and all Microsoft identity services.
Do not perform SSL inspection on timetabling.education or Microsoft login domains.
Ensure DNS filtering does not block or rewrite the Timetabling Solutions or Microsoft identity domains.