We use a number of services to provide Kiosk Browser Remote Management.

Heartbeat & REST API: TCP 443 - https://www.kbremote.net / (currently)
Mobile Backend (2.6.4 or lower only): TCP 443 - https://kbremote.azure-mobile.net / multiple ip addresses
Push (GCM/FCM): TCP 5228-5230, 443 - outbound - multiple ip addresses
Storage: TCP 443 - kbremote.table.core.windows.net kbremote.blob.core.windows.net
Authentication: TCP 443 *.auth0.com

The user interface for Remote Management is provided via https://ui.kbremote.net, your devices do not need access to this URL.

Note: If your organization has a firewall that restricts the traffic to or from the Internet, you need to configure it to allow connectivity with GCM in order for your GCM client apps to receive messages. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs, so you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169.
Was this article helpful?
Thank you!