Forum Discussion

Gary Smith's avatar
Gary Smith
Brass Contributor
Jul 11, 2023

Defender pre-reqs - ports.

Hi

 

We are running through the pre-reqs and unsure what exactly is required for the firewall section and allowing the ports: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites#ports

 

Particularly the to column:

Protocol Transport Port From To

Internet ports    
SSL (*.atp.azure.com)TCP443Defender for Identity sensorDefender for Identity cloud service
Internal ports    
DNSTCP and UDP53Defender for Identity sensorDNS Servers
Netlogon (SMB, CIFS, SAM-R)TCP/UDP445Defender for Identity sensorAll devices on network
RADIUSUDP1813RADIUSDefender for Identity sensor
Localhost ports*Required for Sensor Service updater   
SSL (localhost)TCP444Sensor ServiceSensor Updater Service
NNR ports**    
NTLM over RPCTCPPort 135Defender for Identity sensorAll devices on network
NetBIOSUDP137Defender for Identity sensorAll devices on network
RDPTCP3389, only the first packet of Client helloDefender for Identity sensorAll devices on network

 

Any ideas?

 

Thanks

  • Gary Smith 
    It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
    Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".

    Does this clarify the table syntax?

  • Gary Smith 
    It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
    Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".

    Does this clarify the table syntax?

    • Gary Smith's avatar
      Gary Smith
      Brass Contributor
      We haven't made any changes to our firewall, so I presume most of the traffic passes over port 443? Either way our DCs with agents are working.

Resources