Forum Discussion

Brass Contributor

Oct 30, 2018

IP Subnets used by Azure ATP

We can't create firewall rules with the recommended *.atp.com DNS records, because our firewall doesn't support DNS names in firewall rules. What are the IP Subnets used by Azure ATP?

Nicholas DiCola (SECURITY JEDI)

Former Employee

Oct 30, 2018

Hi Ryan,

We dont list the IPs / Subnets because its a cloud service and could use many different ips or subnets. if you cant use DNS the recommend option is to allow HTTPS outbound.

Ryan Marchant
Brass Contributor
Oct 30, 2018
I appreciate the response, but can't really accept that answer. Suggesting that we allow broader access than needed, because we are working with a cloud service doesn't make sense to me. Most other Azure and Office 365 services provide a list of subnets, because they recognize that DNS doesn't work in firewall rules for all customers.

Microsoft's https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack limiting connectivity for domain controllers. Suggesting that we just allow all outbound https connectivity goes against that recommendation and will not work for us. What is the best way to escalate further, so we can get a list of Subnets used?
- EliOfek
  Microsoft
  Oct 31, 2018
  Ryan, Can you give some example links of other Azure services that provided IP Subnet lists?
  - Paul Cunningham
    Iron Contributor
    Nov 16, 2018
    Why wouldn't the IPs be published through the existing REST service?
    
    https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

Resources