Forum Discussion
Defender pre-reqs - ports.
Hi
We are running through the pre-reqs and unsure what exactly is required for the firewall section and allowing the ports: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites#ports
Particularly the to column:
Protocol Transport Port From To
| Internet ports | ||||
| SSL (*.atp.azure.com) | TCP | 443 | Defender for Identity sensor | Defender for Identity cloud service |
| Internal ports | ||||
| DNS | TCP and UDP | 53 | Defender for Identity sensor | DNS Servers |
| Netlogon (SMB, CIFS, SAM-R) | TCP/UDP | 445 | Defender for Identity sensor | All devices on network |
| RADIUS | UDP | 1813 | RADIUS | Defender for Identity sensor |
| Localhost ports* | Required for Sensor Service updater | |||
| SSL (localhost) | TCP | 444 | Sensor Service | Sensor Updater Service |
| NNR ports** | ||||
| NTLM over RPC | TCP | Port 135 | Defender for Identity sensor | All devices on network |
| NetBIOS | UDP | 137 | Defender for Identity sensor | All devices on network |
| RDP | TCP | 3389, only the first packet of Client hello | Defender for Identity sensor | All devices on network |
Any ideas?
Thanks
Gary Smith
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".
Does this clarify the table syntax?
- EliOfek
Microsoft
Gary Smith
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".
Does this clarify the table syntax?- We haven't made any changes to our firewall, so I presume most of the traffic passes over port 443? Either way our DCs with agents are working.
