Use Apple products on enterprise networks
Find out which hosts and ports are required to use your Apple products on enterprise networks.
This article is intended for enterprise and education network administrators.
Apple products require access to the internet hosts listed in this article for a variety of services. Here's how your devices connect to hosts and work with proxies:
Network connections to the hosts below are initiated by the device, not by hosts operated by Apple.
Apple services will fail any connection that uses HTTPS Interception (SSL Inspection). If the HTTPS traffic traverses a web proxy, disable HTTPS Interception for the hosts listed in this article.
Make sure your Apple devices can access the hosts listed below.
Apple Push Notifications
Find out how to troubleshoot connecting to the Apple Push Notification service (APNs). For devices that send all traffic through an HTTP proxy, you can configure the proxy either manually on the device or with Mobile Device Management (MDM). Devices can connect to APNs when configured to use the HTTP proxy with a proxy auto-config (PAC) file.
Device setup
Apple devices need access to the following hosts during the setup process, or when installing, updating or restoring the operating system.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
albert.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Device activation | Yes |
captive.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Internet connectivity validation for networks that use captive portals | Yes |
gs.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
humb.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
static.ips.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
sq-device.apple.com | 443 | TCP | iOS, iPadOS, and visionOS | eSIM activation | β |
tbsc.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
time-ios.apple.com | 123 | UDP | iOS, iPadOS, tvOS and visionOS | Used by devices to set their date and time | β |
time.apple.com | 123 | UDP | iOS, iPadOS, tvOS, macOS and visionOS | Used by devices to set their date and time | β |
time-macos.apple.com | 123 | UDP | macOS only | Used by devices to set their date and time | β |
Device management
Apple devices enrolled in MDM need access to the following hosts and domains.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
*.push.apple.com | 443, 80, 5223, 2197 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Push notifications | |
deviceenrollment.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | DEP provisional enrolment | β |
deviceservices-external.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | Used by an MDM server to disable Activation Lock on managed devices | β |
gdmf.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | Used by an MDM server to identify which software updates are available for devices that use managed software updates | Yes |
identity.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | APNs certificate request portal | Yes |
iprofiles.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | Hosts enrolment profiles used when devices enrol in Apple School Manager or Apple Business Manager through Device Enrolment | Yes |
mdmenrollment.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | MDM servers to upload enrolment profiles used by clients enrolling through Device Enrolment in Apple School Manager or Apple Business Manager, and to look up devices and accounts | Yes |
setup.icloud.com | 443 | TCP | iOS and iPadOS | Required to log in to a Managed Apple Account on Shared iPad | β |
vpp.itunes.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | MDM servers to perform operations related to Apps and Books, such as assigning or revoking licences on a device | Yes |
*.appattest.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Managed device attestation | β |
axm-servicediscovery.apple.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | Service discovery for account-driven enrolments | β |
Apple Business Manager and Apple School Manager
Administrators and managers
Administrators and managers need access to the following hosts and domains in order to administer and manage Apple Business Manager and Apple School Manager.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
*.business.apple.com | 443, 80 | TCP | - | Apple Business Manager | β |
*.school.apple.com | 443, 80 | TCP | - | Apple School Manager | β |
appleid.cdn-apple.com | 443 | TCP | - | Login authentication | Yes |
idmsa.apple.com | 443 | TCP | - | Login authentication | Yes |
*.itunes.apple.com | 443, 80 | TCP | - | Apps and Books | Yes |
*.mzstatic.com | 443 | TCP | - | Apps and Books | β |
api.ent.apple.com | 443 | TCP | - | Apps and Books (ABM) | β |
api.edu.apple.com | 443 | TCP | - | Apps and Books (ASM) | β |
statici.icloud.com | 443 | TCP | - | Device icons | β |
*.vertexsmb.com | 443 | TCP | - | Validating tax-exempt status | β |
www.apple.com | 443 | TCP | - | Fonts for certain languages | β |
upload.appleschoolcontent.com | 22 | SSH | - | SFTP uploads | Yes |
api-business.apple.com | 443 | TCP | - | Apple Business Manager API | β |
api-school.apple.com | 443 | TCP | - | Apple School Manager API | β |
Schools that use Claris Connect to sync their supported Student Information System (SIS) to Apple School Manager and upload OneRoster files must also allow access to Claris Connect hosts.
Employees and students
Employees and students using Managed Apple Accounts need access to the following host in order to look up others in their business or school when composing messages or sharing documents.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
ws-ee-maidsvc.icloud.com | 443, 80 | TCP | iOS, iPadOS, macOS and visionOS | User lookup service | β |
Apple Business Essentials device management
Administrators and devices managed by Apple Business Essentials need access to the following hosts and domains, along with those listed above for Apple Business Manager.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
axm-adm-enroll.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | DEP enrolment server | β |
axm-adm-mdm.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | MDM server | β |
axm-adm-scep.apple.com | 443 | TCP | iOS, iPadOS, tvOS and macOS | SCEP server | β |
axm-app.apple.com | 443 | TCP | iOS, iPadOS and macOS | View and manage apps and devices | β |
*.apple-mapkit.com | 443 | TCP | iOS and iPadOS | View the location of devices in Managed Lost Mode | β |
icons.axm-usercontent-apple.com | 443 | TCP | macOS | Custom Package icons | β |
Classroom and Schoolwork
Student and Teacher devices using the Classroom or Schoolwork apps need access to the following hosts, as well as those listed in the Apple Account and iCloud sections below.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
s.mzstatic.com | 443 | TCP | iPadOS and macOS | Classroom and Schoolwork device verification | β |
play.itunes.apple.com | 443 | TCP | iPadOS and macOS | Classroom and Schoolwork device verification | β |
ws-ee-maidsvc.icloud.com | 443 | TCP | iPadOS and macOS | Classroom and Schoolwork class register service | β |
ws.school.apple.com | 443 | TCP | iPadOS and macOS | Classroom and Schoolwork class register service | β |
pg-bootstrap.itunes.apple.com | 443 | TCP | iPadOS | Schoolwork handout service | β |
cls-iosclient.itunes.apple.com | 443 | TCP | iPadOS | Schoolwork handout service | β |
cls-ingest.itunes.apple.com | 443 | TCP | iPadOS | Schoolwork handout service | β |
Software updates
Apple devices need access to the following hosts when installing, restoring and updating iOS, iPadOS, macOS, watchOS, tvOS and visionOS.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
appldnld.apple.com | 80 | TCP | iOS, iPadOS, watchOS and visionOS | iOS, iPadOS and watchOS updates | β |
configuration.apple.com | 443 | TCP | macOS only | Rosetta 2 updates | β |
gdmf.apple.com | 443 | TCP | iOS, iPadOS, tvOS, watchOS and macOS | Software update catalogue | β |
gg.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, watchOS, macOS and visionOS | iOS, iPadOS, tvOS, watchOS and macOS updates | Yes |
gs.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, watchOS, macOS and visionOS | iOS, iPadOS, tvOS, watchOS and macOS updates | Yes |
ig.apple.com | 443 | TCP | macOS only | macOS updates | Yes |
mesu.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, watchOS, macOS and visionOS | Hosts software update catalogues | β |
oscdn.apple.com | 443, 80 | TCP | macOS only | macOS Recovery | β |
osrecovery.apple.com | 443, 80 | TCP | macOS only | macOS Recovery | β |
skl.apple.com | 443 | TCP | macOS only | macOS updates | β |
swcdn.apple.com | 443, 80 | TCP | macOS only | macOS updates | β |
swdist.apple.com | 443 | TCP | macOS only | macOS updates | β |
swdownload.apple.com | 443, 80 | TCP | macOS only | macOS updates | Yes |
swscan.apple.com | 443 | TCP | macOS only | macOS updates | β |
updates-http.cdn-apple.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Software update downloads | β |
updates.cdn-apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Software update downloads | β |
xp.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
gdmf-ados.apple.com | 443 | TCP | iOS, iPadOS and macOS | Software update catalogue for additional components | Yes |
gsra.apple.com | 443 | TCP | iOS, iPadOS and macOS | OS updates for additional components | Yes |
wkms-public.apple.com | 443 | TCP | iOS, iPadOS and macOS | Installing iOS, iPadOS or macOS on an attached device | Yes |
fcs-keys-pub-prod.cdn-apple.com | 443 | TCP | iOS, iPadOS and macOS | Installing iOS, iPadOS or macOS on an attached device | Yes |
Apps and additional content
Apple devices need access to the following hosts and domains for installing and updating apps, using certain app features and downloading additional content. Some additional content may also be hosted on third-party content distribution networks.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
*.itunes.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Store content, such as apps, books and music | Yes |
*.apps.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Store content, such as apps, books and music | Yes |
*.mzstatic.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Store content, such as apps, books and music, and apps from websites and alternative marketplaces | β |
itunes.apple.com | 443, 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Yes | |
ppq.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Enterprise App validation | β |
api.apple-cloudkit.com | 443 | TCP | macOS | App notarisation | β |
*.appattest.apple.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | App validation, Touch ID and Face ID authentication for websites | β |
*.apps-marketplace.apple.com | 443 | TCP | iOS | Installing apps from websites and alternative marketplaces | Yes |
token.safebrowsing.apple | 443 | TCP | iOS, iPadOS, macOS and visionOS | Safari fraudulent website warnings | __ |
audiocontentdownload.apple.com | 80, 443 | TCP | iOS, iPadOS and macOS | GarageBand downloadable content | β |
devimages-cdn.apple.com | 80, 443 | TCP | macOS | Xcode downloadable components | β |
download.developer.apple.com | 80, 443 | TCP | macOS | Xcode downloadable components | β |
playgrounds-assets-cdn.apple.com | 443 | TCP | iPadOS and macOS | Swift Playgrounds | β |
playgrounds-cdn.apple.com | 443 | TCP | iPadOS and macOS | Swift Playgrounds | β |
sylvan.apple.com | 80, 433 | TCP | tvOS and macOS | Aerial screen savers and wallpaper | β |
gateway.icloud.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | CloudKit content including XProtect updates and Voice Control assets | β |
Network provider updates
Mobile devices need access to the following hosts to install network provider bundle updates.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
appldnld.apple.com | 80 | TCP | iOS and iPadOS | Mobile network provider bundle updates | β |
appldnld.apple.com.edgesuite.net | 80 | TCP | iOS and iPadOS | Mobile network provider bundle updates | β |
itunes.com | 80 | TCP | iOS and iPadOS | Network provider bundle update discovery | β |
itunes.apple.com | 443 | TCP | iOS and iPadOS | Network provider bundle update discovery | β |
updates-http.cdn-apple.com | 80 | TCP | iOS and iPadOS | Mobile network provider bundle updates | β |
updates.cdn-apple.com | 443 | TCP | iOS and iPadOS | Mobile network provider bundle updates | β |
Content caching
A Mac that provides content caching needs access to the following hosts, as well as the hosts listed in this document that provide Apple content such as software updates, apps and additional content.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
lcdn-registration.apple.com | 443 | TCP | macOS | Server registration | Yes |
suconfig.apple.com | 80 | TCP | macOS | Configuration | β |
xp-cdn.apple.com | 443 | TCP | macOS | Reporting | Yes |
Clients of macOS content caching need access to the following hosts.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
lcdn-locator.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Content caching locator service | β |
serverstatus.apple.com | 443 | TCP | macOS | Content caching client public IP determination | β |
Beta updates
Apple devices need access to the following hosts to sign in to Beta Updates and report feedback using the Feedback Assistant app.
Hosts | Port | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
bpapi.apple.com | 443 | TCP | iOS, iPadOS, tvOS, watchOS, macOS and visionOS | Beta update enrolment | Yes |
cssubmissions.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Used by Feedback Assistant to upload files | Yes |
fba.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Used by Feedback Assistant to file and view feedback | Yes |
Apple diagnostics
Apple devices may access the following host in order to perform diagnostics used to detect a possible hardware issue.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
diagassets.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Used by Apple devices to help detect possible hardware issues | Yes |
Domain Name System resolution
Encrypted Domain Name System (DNS) resolution in iOS 14, iPadOS 14, tvOS 14, and macOS Big Sur and later uses the following host.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
doh.dns.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Used for DNS over HTTPS (DoH) | Yes |
Certificate validation
Apple devices must be able to connect to the following hosts to validate digital certificates used by the hosts listed in this article.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
certs.apple.com | 80, 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
crl.apple.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
crl3.digicert.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
crl4.digicert.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
ocsp.apple.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
ocsp.digicert.cn | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation in China mainland | β |
ocsp.digicert.com | 80 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
ocsp2.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | β |
valid.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Certificate validation | Yes |
Apple Account
Apple devices must be able to connect to the following hosts in order to authenticate an Apple Account. This is required for all services that use an Apple Account, such as iCloud, app installation and Xcode.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
account.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Apple Account authentication in Settings and System Preferences | Yes |
appleid.cdn-apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Apple Account authentication in Settings and System Preferences | Yes |
idmsa.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Apple Account authentication | Yes |
gsa.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | Apple Account authentication | Yes |
iCloud
In addition to the Apple Account hosts listed above, Apple devices must be able to connect to hosts in the following domains to use iCloud services.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
*.apple-cloudkit.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.apple-livephotoskit.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.apzones.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services in China mainland | β |
*.cdn-apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.gc.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.icloud.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.icloud.com.cn | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services in China mainland | β |
*.icloud.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.icloud-content.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iCloud services | β |
*.iwork.apple.com | 443 | TCP | iOS, iPadOS, tvOS, macOS and visionOS | iWork documents | β |
mask.icloud.com | 443 | UDP | iOS, iPadOS, macOS and visionOS | iCloud Private Relay | β |
mask-h2.icloud.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | iCloud Private Relay | β |
mask-api.icloud.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | iCloud Private Relay | Yes |
Apple Intelligence, Siri and Search
Apple devices must be able to connect to the following hosts to process Apple Intelligence requests that use Private Cloud Compute and to process Siri requests, including dictation and searching in Apple apps.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
guzzoni.apple.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | Siri and dictation requests | β |
*.smoot.apple.com | 443 | TCP | iOS, iPadOS, macOS and visionOS | Search services, including Siri, Spotlight, Lookup, Safari, News, Messages and Music | β |
apple-relay.cloudflare.com | 443 | TCP, UDP | iOS, iPadOS and macOS | Private Cloud Compute | β |
apple-relay.fastly-edge.com | 443 | TCP, UDP | iOS, iPadOS and macOS | Private Cloud Compute | β |
cp4.cloudflare.com | 443 | TCP, UDP | iOS, iPadOS and macOS | Private Cloud Compute | β |
apple-relay.apple.com | 443 | TCP, UDP | iOS, iPadOS and macOS | Apple Intelligence Extensions | β |
Associated domains
Apple devices must be able to connect to the following hosts to use Associated Domains in iOS 14, iPadOS 14, and macOS Big Sur and later. Associated Domains underpin universal links, a feature that allows an app to present content in place of all or part of its website. Handoff, App Clips and single sign-on extensions all use Associated Domains.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
app-site-association.cdn-apple.com | 443 | TCP, UDP | iOS, iPadOS, macOS and visionOS | Associated domains for universal links | β |
app-site-association.networking.apple | 443 | TCP, UDP | iOS, iPadOS, macOS and visionOS | Associated domains for universal links | β |
Tap to Pay on iPhone
To use a payment app to accept contactless payments, an iPhone must be able to reach the following hosts.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
pos-device.apple.com | 443 | TCP, UDP | iOS | Tap to Pay on iPhone | Yes |
humb.apple.com | 443 | TCP | iOS | Tap to Pay on iPhone setup | Yes |
iphonesubmissions.apple.com | 443 | TCP | iOS | Optional analytics sharing | Yes |
ID Verifier on iPhone
To use an ID Verifier-enabled app to accept mobile IDs, an iPhone must be able to reach the following hosts.
Hosts | Ports | Protocol | OS | Description | Supports proxies |
|---|---|---|---|---|---|
smp-device-content.apple.com | 443 | TCP | iOS | ID Verifier on iPhone | Yes |
idv.cdn-apple.com | 443 | TCP | iOS | ID Verifier on iPhone | Yes |
idv-prod1.apple.com | 443 | TCP | iOS | ID Verifier on iPhone | Yes |
humb.apple.com | 443 | TCP | iOS | ID Verifier on iPhone | Yes |
Firewalls
If your firewall supports using hostnames, you may be able to use most Apple services listed above by allowing outbound connections to *.apple.com. If your firewall can only be configured with IP addresses, allow outbound connections to the following IP address ranges that Apple owns, based on the IP version.
For IPv4, you can allow outbound connections to 17.0.0.0/8.
For IPv6, you can allow outbound connections to these network ranges:
2403:300::/32
2620:149::/32
2a01:b740::/32
HTTP proxy
You can use Apple services through a proxy if you disable packet inspection and authentication for traffic to and from the listed hosts. Exceptions to this are noted above. Attempts to perform content inspection on encrypted communications between Apple devices and services will result in a dropped connection to preserve platform security and user privacy.
Content Distribution Networks and DNS Resolution
Some of the hosts listed in this article may have CNAME records in DNS instead of A or AAAA records. These CNAME records may refer to other CNAME records in a chain before ultimately resolving to an IP address. This DNS resolution allows Apple to provide fast and reliable content delivery to users in all regions and is transparent to devices and proxy servers. Apple doesn't publish a list of these CNAME records because they are subject to change. You shouldn't need to configure your firewall or proxy server to allow them as long as you don't block DNS lookups and allow access to the hosts and domains named above.
Recent changes
July 2025: Added IPv6 information related to firewalls, added new hosts for Apple School Manager and Apple Business Manager API, and updated the host gateway.icloud.com to include XProtect updates.
April 2025: Removed a host (ns.itunes.apple.com), corrected a host name (iphonesubmissions.apple.com) and added information for a host (deviceservices-external.apple.com).
November 2024: Added additional hosts for Software Updates and corrected a host name.
October 2024: Added information about Apple Intelligence Extensions.
September 2024: Updated for Apple Account, added information for Claris Connect and updated the Certificate Validation section.
June 2024: added information about Private Cloud Compute.
April 2024: added information for visionOS, ID Verifier on iPhone and alternative marketplaces. Reorganised tables for Software Updates and combined App Store and App features tables into a new Apps and additional content table.
July 2023: removed the macOS version requirement for APN connection.
Find out more
See a list of TCP and UDP ports used by Apple software products.