Forum Discussion
Live Response URL's
Hoping to clarify URL requirements for Live Response in Defender for Endpoint. The URLs listed in the Defender URLs spreadsheet online that reference being required for Live Response are:
*.wns.windows.com
login.microsoftonline.com
login.live.com
When you run the client analyzer tool, the MDEClientAnalyzer.txt file contains a results section called
############# Connectivity Check for Live Response URL################
That section lists the following 2 URLs as being tested:
Host: global.notify.windows.com on Port: 443
Host: client.wns.windows.com on Port: 443
I can see no reference to global.notify.windows.com (or *.windows.com) in the URL spreadsheet?
In my testing I have been able to successfully connect via Live Response to servers that show failed connections to global.notify.windows in their MDEClientAnalyzer.txt files.
Can anyone confirm if global.notify.windows.com is a required URL for Live Response?
Thanks
I've found an older version of the Defender URLs spreadsheet that has an entry for
*.notify.windows.com
The latest version of the spreadsheet doesnt contain this URL anymore and only lists the following requirements for Live Response:
*.wns.windows.com
login.live.com
login.microsoftonline.comInterestingly in the ChangeLog tab on the latest version of the spreadsheet, it notes that *.notify.windows.com was removed on the 25/01/22. I have a version I downloaded in May this year with that URL present.
Regardless of the above it looks like perhaps they havent updated the connectivity analyzer to remove the test to global.notify.windows.com.
- jbmartin6Iron ContributorWell, (client.wns.windows.com) is covered by *.wns.windows.com, maybe there is a wildcard elsewhere in the reference that covers (global.notify.windows.com)
- jbmartin6Iron ContributorAh sorry, I see you already considered that, my mistake I should have re-read before replying.
- PJR_CDFIron Contributor
I've found an older version of the Defender URLs spreadsheet that has an entry for
*.notify.windows.com
The latest version of the spreadsheet doesnt contain this URL anymore and only lists the following requirements for Live Response:
*.wns.windows.com
login.live.com
login.microsoftonline.comInterestingly in the ChangeLog tab on the latest version of the spreadsheet, it notes that *.notify.windows.com was removed on the 25/01/22. I have a version I downloaded in May this year with that URL present.
Regardless of the above it looks like perhaps they havent updated the connectivity analyzer to remove the test to global.notify.windows.com.