cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ATP and APP proxy awareness

Bogwitch
Copper Contributor

‎Aug 27 2020 03:38 AM - last edited on ‎Nov 30 2021 09:27 AM by

‎Aug 27 2020 03:38 AM - last edited on ‎Nov 30 2021 09:27 AM by

ATP and APP proxy awareness

Hi All,

 

We have been told by our VAR that the ATP and APP client require Internet DNS lookup to operate, specifically for registration.

 

Our environment is secured by having a default route which is *NOT* the Internet (it's a switch in the Datacentre) and our Domain Controllers do not peer to the Internet for DNS resolution, all our Internet connectivity goes via a proxy.

 

It is true that ATP and APP require the DNS lookup and if so, what other communication will need to travel outside of the proxy?

 

Thanks in advance,

 


Bog

4,151 Views
0 Likes
3 Replies
Reply
3 Replies
Eli Ofek

‎Aug 27 2020 05:52 AM

‎Aug 27 2020 05:52 AM

Re: ATP and APP proxy awareness

@Bogwitch 

See this:

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-proxy#enable-access-to-a...

You need to be able to resolve the addresses mentioned there.

You don't need to use an internet DNS as long as your local DNS knows how to forward those requests or resolve them correctly on its own.

Notice not to use a local static resolution like hosts file to resolve that , as while it's rare, those IP addresses can change without notice to something else in the service tag range...

1 Like
Reply
Bogwitch

‎Aug 28 2020 01:18 AM

‎Aug 28 2020 01:18 AM

Re: ATP and APP proxy awareness

@Eli Ofek 

 

Hi Eli,

 

thanks for getting back to me. I'm a little confused as to why the DNS lookup is required. If the software is proxy aware, there should be no need for a DNS lookup as the proxy will perform to resolution.

 

Our security model is one that greatly reduces the likelihood of a command and control or data exfiltration channel being established via DNS and we're keen to avoid reducing that stance.

 

Is the IP address returned by the DNS lookup actually used for any requests? If so, are those requests direct (meaning we will need to create static routes to bypass the proxy) or are the IP addresses replacing the URL in the request that's sent to the proxy? 

 

If the IP addresses are not used at all, why the DNS lookup and why would it be a problem if we simply resolved to BOGON addresses?

 

Thanks,

 

Bog

0 Likes
Reply
Bogwitch

‎Sep 03 2020 07:32 AM

‎Sep 03 2020 07:32 AM

Re: ATP and APP proxy awareness

Does anyone else have any insights here?

 

thanks,

 

Bog

 

0 Likes
Reply