SOLVED

Azure ATP Sensor- Pré requisites

%3CLINGO-SUB%20id%3D%22lingo-sub-991719%22%20slang%3D%22en-US%22%3EAzure%20ATP%20Sensor-%20Pr%C3%A9%20requisites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-991719%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20everybody%3CBR%20%2F%3EI%20am%20in%20an%20azure%20atp%20project%20and%20I%20have%20some%20doubts%20regarding%20Sensor%20ATP%20installation.%3CBR%20%2F%3EI%20am%20using%20a%20lot%20of%20microsoft%20documentation%20and%20found%20on%20this%20page%20the%20requirements%20to%20enable%20the%20firewall%20-%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-z%2Fazure-advanced-threat-protection%2Fconfigure-proxy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-z%2Fazure-advanced-threat-protection%2Fconfigure-proxy%3C%2FA%3E.%3CBR%20%2F%3EEnable%20access%20to%20Azure%20ATP%20service%20URLs%20on%20proxy%20server%3CBR%20%2F%3ETo%20enable%20Azure%20ATP%20access%2C%20allow%20traffic%20to%20the%20following%20URLs%3A%3CBR%20%2F%3E%3CYOUR-INSTANCE-NAME%3E%20.atp.azure.com%20-%20for%20console%20connectivity.%20For%20example%2C%20%22Contoso-corp.atp.azure.com%22%3CBR%20%2F%3E%3CYOUR-INSTANCE%20name%3D%22%22%3E%20sensorapi.atp.azure.com%20-%20for%20sensor%20connectivity.%20For%20example%2C%20%22contoso-corpsensorapi.atp.azure.com%22%3CBR%20%2F%3EPrevious%20URLs%20are%20automatically%20mapped%20to%20the%20correct%20service%20location%20of%20the%20Azure%20ATP%20instance.%20If%20you%20need%20more%20granular%20control%2C%20consider%20allowing%20traffic%20to%20the%20relevant%20endpoints%20in%20the%20following%20table%3A%3CBR%20%2F%3EService%20Location%20DNS%20Registration%20*%20.atp.azure.com%3CBR%20%2F%3EUSA%20triprd1wcusw1sensorapi.atp.azure.com%20triprd1wcusw1sensorapi.atp.azure.com%20triprd1wcuse1sensorapi.atp.azure.com%3C%2FYOUR-INSTANCE%3E%3C%2FYOUR-INSTANCE-NAME%3E%3C%2FP%3E%3CP%3EWestern%20triprd1wceun1sensorapi.atp.azure.com%20triprd1wceun1sensorapi.atp.azure.com%3CBR%20%2F%3EAsia%20triprd1wcasse1sensorapi.atp.azure.com%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMY%20QUESTION%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThese%20rules%20have%20to%20be%20inbound%20and%20outbound%3F%20-%20because%20we're%20talking%20about%20Domain%20Controllers%20and%20would%20have%20a%20problem%20that%20they%20would%20be%20exposed%20to.%20Could%20I%20just%20release%20outbound%20%3F%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3Eif%20not%2C%20why%3F%20I%20would%20like%20to%20have%20more%20arguments%20to%20present%20to%20the%20firewall%20team.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-991731%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20ATP%20Sensor-%20Pr%C3%A9%20requisites%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-991731%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F437277%22%20target%3D%22_blank%22%3E%40Valdoscarin%3C%2FA%3E%26nbsp%3B%2C%20outbound%20connections%20only%20to%20the%20internet.%20the%20sensor%20won't%20accept%20connections%20from%20outside%20of%20local%20machine.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello everybody
I am in an azure atp project and I have some doubts regarding Sensor ATP installation.
I am using a lot of microsoft documentation and found on this page the requirements to enable the firewall - https://docs.microsoft.com/en-z/azure-advanced-threat-protection/configure-proxy.
Enable access to Azure ATP service URLs on proxy server
To enable Azure ATP access, allow traffic to the following URLs:
<your-instance-name> .atp.azure.com - for console connectivity. For example, "Contoso-corp.atp.azure.com"
<your-instance name> sensorapi.atp.azure.com - for sensor connectivity. For example, "contoso-corpsensorapi.atp.azure.com"
Previous URLs are automatically mapped to the correct service location of the Azure ATP instance. If you need more granular control, consider allowing traffic to the relevant endpoints in the following table:
Service Location DNS Registration * .atp.azure.com
USA triprd1wcusw1sensorapi.atp.azure.com triprd1wcusw1sensorapi.atp.azure.com triprd1wcuse1sensorapi.atp.azure.com

Western triprd1wceun1sensorapi.atp.azure.com triprd1wceun1sensorapi.atp.azure.com
Asia triprd1wcasse1sensorapi.atp.azure.com

 

MY QUESTION

 

These rules have to be inbound and outbound? - because we're talking about Domain Controllers and would have a problem that they would be exposed to. Could I just release outbound ??

 

if not, why? I would like to have more arguments to present to the firewall team.

 

Thanks

1 Reply
Highlighted
Best Response confirmed by Valdoscarin (Occasional Contributor)
Solution

@Valdoscarin , outbound connections only to the internet. the sensor won't accept connections from outside of local machine.