![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 47%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESA%3C/text%3E%3C/svg%3E)
Azure Firewall
An Azure network security service that is used to protect Azure Virtual Network resources.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 48%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJS%3C/text%3E%3C/svg%3E)
Hello @Sadaqah Aid,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
I understand your question. You would like to secure inbound LDAPS (port 636) traffic using Azure Firewall and integrate Workspace ONE UEM with Entra ID.
Here is the suggested approach:
Protecting LDAPS using Azure Firewall: Azure Firewall allows filtering by FQDNs and IP addresses for outbound traffic only. For inbound LDAPS (port 636), filtering by FQDN is not supported; inbound rules can only be set using IP address ranges.
Best Practices:
Limit inbound LDAPS access to trusted IP ranges only.
Do not expose LDAPS directly to the internet, use a VPN or ExpressRoute for secure connections.
How to configure Firewall rule: Azure Firewall rule processing logic | Microsoft Learn
Secure LDAP with Azure AD DS__:__ Tutorial - Configure LDAPS for Microsoft Entra Domain Services - Microsoft Entra ID | Microsoft Learn
Integration of Workspace ONE UEM with Entra ID
For SAML integration, LDAPS is mainly used for directory synchronization rather than authentication. To keep LDAPS secure and internal, you should:
Run Azure AD Connect or Workspace ONE Directory Sync behind your firewall, and use Azure Firewall network rules to restrict LDAPS access to internal traffic only.
Get started integrating Microsoft Entra ID with apps - Microsoft Entra ID | Microsoft Learn
Kindly let us know if the above helps or you need further assistance on this issue.
Please do not forget to "Accept the answer” and “up-vote it” wherever the information provided helps you, this can be beneficial to other community members__.__ It would be greatly appreciated and helpful to others.