May 22 2022 11:48 PM
Hello,
We need to onboard Windows and Linux server to Microsoft Defender.
We are trying to onboard the servers with a firewall that not working with URL allowing technique, so we can't add the wildcard URL to the firewall, it's just working with URL mapped to IP, if we need to get all URL with IP, there will be too much allowing rules (as you know there are a lot of urls to allowing through internet), so we are tried to find other solution.
We checked OMS Gateway (Connecting servers without Internet access to Windows Defender ATP - Microsoft Tech Community) which can be implemented in specific server and all the servers connect to internet though it, but it's seem that risky in security domain, bcz it's http forward proxy, also it's just working as forwarder and we can take action in server like Isolation, live response,,,etc.
We are trying to find another solution for onboarding.
Is there a subnets that combined all URL need to be allowed? or Dns server have all URLs ?or other workaround way for this onboarding?
Thank you.
May 25 2022 06:38 AM
Hello, I know some companies uses a firewall with a so called "updateable objects" which will update automatically all IP addresses or URL for the defender services if they change. I don´t know if your firewall have such a feature.
Regarding your OMS topic we cancelled that way because of the new unified solution package for Windows Server 2012 R2 and 2016 because the new solution, like Microsoft Defender for Endpoint on Windows Server 2019, Windows Server 2022, and Windows 10, does not support this gateway.
May 29 2022 03:52 AM
Jun 16 2022 02:52 AM
Check the Microsoft Defender for Endpoint URLs list for the complete list of requirements for your region (refer to the Service URLs Spreadsheet).