Topology overview when using the MDM conditional access
For implementing MDM integration, access should be allowed from the Admin Portal to the MDM server to allow web service API call to get the list of devices managed in MDM and their status.
Port can be configured, but typically use HTTPS.
The diagram below shows the topology.