Hello everybody I am in an azure atp project and I have some doubts regarding Sensor ATP installation. I am using a lot of microsoft documentation and found on this page the requirements to enable the firewall - https://docs.microsoft.com/en-z/azure-advanced-threat-protection/configure-proxy. Enable access to Azure ATP service URLs on proxy server To enable Azure ATP access, allow traffic to the following URLs: <your-instance-name> .atp.azure.com - for console connectivity. For example, "Contoso-corp.atp.azure.com" <your-instance name> sensorapi.atp.azure.com - for sensor connectivity. For example, "contoso-corpsensorapi.atp.azure.com" Previous URLs are automatically mapped to the correct service location of the Azure ATP instance. If you need more granular control, consider allowing traffic to the relevant endpoints in the following table: Service Location DNS Registration * .atp.azure.com USA triprd1wcusw1sensorapi.atp.azure.com triprd1wcusw1sensorapi.atp.azure.com triprd1wcuse1sensorapi.atp.azure.com
Western triprd1wceun1sensorapi.atp.azure.com triprd1wceun1sensorapi.atp.azure.com Asia triprd1wcasse1sensorapi.atp.azure.com
These rules have to be inbound and outbound? - because we're talking about Domain Controllers and would have a problem that they would be exposed to. Could I just release outbound ??
if not, why? I would like to have more arguments to present to the firewall team.