Forum Discussion

Copper Contributor

Aug 27, 2020

ATP and APP proxy awareness

Hi All, We have been told by our VAR that the ATP and APP client require Internet DNS lookup to operate, specifically for registration. Our environment is secured by having a default route wh...

EliOfek

Microsoft

Aug 27, 2020

Bogwitch

See this:

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxy#enable-access-to-azure-atp-service-urls-in-the-proxy-server

You need to be able to resolve the addresses mentioned there.

You don't need to use an internet DNS as long as your local DNS knows how to forward those requests or resolve them correctly on its own.

Notice not to use a local static resolution like hosts file to resolve that , as while it's rare, those IP addresses can change without notice to something else in the service tag range...

Bogwitch
Copper Contributor
Aug 28, 2020
EliOfek

Hi Eli,

thanks for getting back to me. I'm a little confused as to why the DNS lookup is required. If the software is proxy aware, there should be no need for a DNS lookup as the proxy will perform to resolution.

Our security model is one that greatly reduces the likelihood of a command and control or data exfiltration channel being established via DNS and we're keen to avoid reducing that stance.

Is the IP address returned by the DNS lookup actually used for any requests? If so, are those requests direct (meaning we will need to create static routes to bypass the proxy) or are the IP addresses replacing the URL in the request that's sent to the proxy?

If the IP addresses are not used at all, why the DNS lookup and why would it be a problem if we simply resolved to BOGON addresses?

Thanks,

Bog
- Bogwitch
  Copper Contributor
  Sep 03, 2020
  Does anyone else have any insights here?
  
  thanks,
  
  Bog

Forum Discussion

ATP and APP proxy awareness

Share

Resources