Jul 11 2023 01:47 AM
Hi
We are running through the pre-reqs and unsure what exactly is required for the firewall section and allowing the ports: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites#ports
Particularly the to column:
Protocol Transport Port From To
Internet ports | ||||
SSL (*.atp.azure.com) | TCP | 443 | Defender for Identity sensor | Defender for Identity cloud service |
Internal ports | ||||
DNS | TCP and UDP | 53 | Defender for Identity sensor | DNS Servers |
Netlogon (SMB, CIFS, SAM-R) | TCP/UDP | 445 | Defender for Identity sensor | All devices on network |
RADIUS | UDP | 1813 | RADIUS | Defender for Identity sensor |
Localhost ports* | Required for Sensor Service updater | |||
SSL (localhost) | TCP | 444 | Sensor Service | Sensor Updater Service |
NNR ports** | ||||
NTLM over RPC | TCP | Port 135 | Defender for Identity sensor | All devices on network |
NetBIOS | UDP | 137 | Defender for Identity sensor | All devices on network |
RDP | TCP | 3389, only the first packet of Client hello | Defender for Identity sensor | All devices on network |
Any ideas?
Thanks
Jul 11 2023 02:43 AM
Solution@Gary Smith
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".
Does this clarify the table syntax?
Jul 27 2023 02:43 AM
Jul 11 2023 02:43 AM
Solution@Gary Smith
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".
Does this clarify the table syntax?