Forum Discussion
Registration Failure - Connectivity Issues
The failure is before that folder is created, so no logs. I was able to get a couple more to run by watching the network. They needed an outbound rule added to allow HTTPS to 13.90.138.89. Are there any other IPs we need, or a way to tell the sensor to use a proxy?
Hi Eric, There is information about how to connect via a proxy in "What you will need to on board Azure ATP – a list of prerequisites" entry. Under "For the Azure ATP Sensors to communicate with Azure ATP cloud service" there are specific details on connectivity through a proxy.
Firewall/proxy open - For your Domain Controllers to communicate with the cloud service, you must have open: *.atp.azure.com port 443 in your firewall/proxy. The configuration needs to be at the machine level (=machine account) and not a user account. Note that you need to setup access to the DNS name not individual IP addresses as there are subject to change.
Thanks. Our firewalls don't support rules by DNS name, so I'll have to figure out some way around that.
A couple of these are core, so the URL probes won't work for testing connectivity. It doesn't appear that core supports authenticated proxies, so that's out too.
Are there any plans for a forwarding server like the OMS Gateway?
The only forwarding-like solution we have right now is the stand-alone sensor - you would need to port mirror the traffic from the Domain Controllers to the stand-alone sensor and also forward windows events from either the DCs or from a SIEM. The stand-alone sensor rather than the DCs would communicate with Azure ATP.
Just following up on this issue again.
Are there any options on the road-map that can utilise forwarding of ATP data to the standalone sensor without requiring the port mirror option?
It would be great if we can have something like the Windows Defender ATP setup where the OMS / Log Analytics gateway can be used to collect logs from other endpoints and then send it out over HTTP rather than requiring port mirror setup. (https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Connecting-servers-without-Internet-access-to-Windows-Defender/ba-p/131425 )
