This document will help you to understand about setting up Mobile Device Management (MDM) for iOS, Android and Windows devices.
The MDM Architecture diagram is depicted below:
8383 - Used for secured communication between the agent and the Desktop Central
The following URLs, api.push.apple.com:443 and gateway.push.apple.com:2195 and - Should be allowed for the MDM Server to contact Apple Push Notification Services(APNs)
TCP port 5223 - If the mobile device connects to the internet through the WiFi, then this port should be opened. For better security, you can restrict these connections on the IP range 17.0.0.0/8. If all the managed devices have access to cellular data network, this requirement is not needed (Outbound port). This port is used by devices to communicate with APNs servers.
TCP port 2195/443 - Used to send notifications to the APNs
TCP port 2196 - Used by the APNs feedback service
TCP Port 443 - Used as a fallback on Wi-fi only, when devices are unable to communicate to APNs on port 5223
443 - Used for secured communication between the Desktop Central server and the FCM server.
Port numbers 5228, 5229, 5230 should be open on the fire wall if the mobile device connects to the internet through Wi-Fi. This enables communication between the mobile devices and the FCM. As FCM doesn't provide specific IPs, you should allow your firewall to accept outgoing connections to all IP addresses contained in the IP blocks listed in Google's ASN of 15169.
TCP port 443 should be opened, this will allow the Desktop Central Server to communicate with the WNS.