Network Considerations
Scope: Easy2Patch (All Versions)
Easy2Patch integrates with Microsoft SCCM and Intune to deliver third-party software updates. For proper operation, specific network endpoints and firewall rules must be allowed. This document outlines the necessary access in compliance with the architecture diagram.
Internet Access Requirements
Required Domains:
Licensing
https://license.arksoft.com.tr
Used for license validation and activation.
Catalog access
https://*.easy2patch.com
Access to update metadata, console communication.
Update source URLs
https://blog.easy2patch.com/domain-list
Contains the list of vendor domains that Easy2Patch uses to fetch binaries (e.g., Adobe, Google).
Microsoft Intune
https://learn.microsoft.com/en-us/intune/intune-service/fundamentals/intune-endpoints
Contains the list of URLs for Intune connection
Ports:
TCP 443 (HTTPS)
TCP 80 (HTTP) – used by some vendor websites (not preferred)
Note: Although HTTPS is default, some vendors may only serve their binaries over HTTP (e.g., older web servers). Therefore, both ports must be allowed.
🖥️ SCCM Server Role Requirements
Easy2Patch must be installed on the SCCM server that hosts:
WSUS (Windows Server Update Services)
SUP (Software Update Point) role
Required Internal Communication:
SCCM Site Server and SUP Role
Internet
TCP 80/443
Downloads updates from vendors
Easy2Patch (WSUS/SUP)
AD Domain Controller
TCP 389, TCP/UDP 88
LDAP & Kerberos (for AD login/authentication)
Clients (Only Management Clientsd)
SCCM Server
TCP 443 (default)
Management clients communicate with SUP/WSUS for updates
📌 Note: The port used by client → SCCM SUP is configurable via IIS. Ensure the selected port for Easy2Patch (default 443) is allowed.
🔐 Licensing & Expiry
Easy2Patch contacts
license.arksoft.com.tr
to assign a license.If the license server is unreachable:
The license remains active for 48 hours.
After that, the license is freed and unassigned.
Once the license is reacquired, it is automatically re-assigned.
✅ No manual re-activation is required after recovery.
📦 Intune Integration (Optional)
If you plan to use Easy2Patch with Microsoft Intune:
Ensure outbound access to all URLs and IP ranges listed by Microsoft:
Refer to: Intune Endpoints
These are required for:
App creation
Deployment through Microsoft Graph API
Tenant validation
🧱 Firewall Configuration Summary
SCCM Site Server
Internet
TCP
443, 80
Download update binaries from vendor sites
Easy2Patch (WSUS/SUP)
license.arksoft.com.tr
TCP
443
License assignment
Easy2Patch (WSUS/SUP)
*.easy2patch.com
TCP
443
Catalog, metadata, UI API
Easy2Patch
AD Domain Controller
TCP/UDP
389, 88
LDAP/Kerberos Authentication
Easy2Patch (WSUS/SUP)
Intune endpoints
TCP
443
App deployment via Microsoft Graph
Reference Architecture
As visualized in the network diagram, Easy2Patch functions as a bridge between your SCCM/Intune infrastructure and the vendor update sources over the internet. All communication flows through secure, authenticated channels with fallback mechanisms to preserve license state for up to 48 hours.

Last updated