Forum Discussion
IP Subnets used by Azure ATP
We can't create firewall rules with the recommended *.atp.com DNS records, because our firewall doesn't support DNS names in firewall rules. What are the IP Subnets used by Azure ATP?
12 Replies
Download the Public IP in JSON format and find what you need athttps://www.microsoft.com/en-us/download/details.aspx?id=56519
Here is the data for TAG AzureAdvancedThreatProtection , the IP infor you are looking for
I got ServiceTags_Public_20200413.json version and I notice many IP adress blocks and no region is yet defined on the list Microsoft is providing
{
"name": "AzureAdvancedThreatProtection",
"id": "AzureAdvancedThreatProtection",
"properties": {
"changeNumber": 2,
"region": "",
"platform": "Azure",
"systemService": "AzureAdvancedThreatProtection",
"addressPrefixes": [
"13.72.105.31/32",
"13.72.105.76/32",
"13.93.176.195/32",
"13.93.176.215/32",
"20.36.120.112/29",
"20.37.64.112/29",
"20.37.156.192/29",
"20.37.195.8/29",
"20.37.224.112/29",
"20.38.84.96/29",
"20.38.136.112/29",
"20.39.11.16/29",
"20.41.4.96/29",
"20.41.65.128/29",
"20.41.192.112/29",
"20.42.4.192/29",
"20.42.129.176/29",
"20.42.224.112/29",
"20.43.41.144/29",
"20.43.65.136/29",
"20.43.130.88/29",
"20.45.112.112/29",
"20.45.192.112/29",
"20.150.160.112/29",
"20.184.13.55/32",
"20.184.14.129/32",
"20.189.106.120/29",
"20.192.160.24/29",
"20.192.225.16/29",
"40.65.107.78/32",
"40.65.111.206/32",
"40.67.48.112/29",
"40.74.30.96/29",
"40.80.56.112/29",
"40.80.168.112/29",
"40.80.188.16/29",
"40.82.253.64/29",
"40.85.133.119/32",
"40.85.133.178/32",
"40.87.44.77/32",
"40.87.45.222/32",
"40.89.16.112/29",
"40.119.9.224/29",
"51.104.25.144/29",
"51.105.80.112/29",
"51.105.88.112/29",
"51.107.48.112/29",
"51.107.144.112/29",
"51.120.40.112/29",
"51.120.224.112/29",
"51.137.161.128/29",
"51.143.183.3/32",
"51.143.183.52/32",
"51.143.192.112/29",
"52.136.48.112/29",
"52.140.104.112/29",
"52.150.139.64/29",
"52.170.0.116/32",
"52.170.1.228/32",
"52.170.249.197/32",
"52.174.66.179/32",
"52.174.66.180/32",
"52.225.176.98/32",
"52.225.181.34/32",
"52.225.183.206/32",
"52.228.81.128/29",
"104.42.25.10/32",
"104.42.29.8/32",
"168.63.46.233/32",
"168.63.46.241/32",
"191.233.8.24/29",
"191.235.225.136/29"
]
}
},Hi Ryan,
We dont list the IPs / Subnets because its a cloud service and could use many different ips or subnets. if you cant use DNS the recommend option is to allow HTTPS outbound.
I appreciate the response, but can't really accept that answer. Suggesting that we allow broader access than needed, because we are working with a cloud service doesn't make sense to me. Most other Azure and Office 365 services provide a list of subnets, because they recognize that DNS doesn't work in firewall rules for all customers.
Microsoft's https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack limiting connectivity for domain controllers. Suggesting that we just allow all outbound https connectivity goes against that recommendation and will not work for us. What is the best way to escalate further, so we can get a list of Subnets used?
- EliOfek
Microsoft
Ryan, Can you give some example links of other Azure services that provided IP Subnet lists?
