SOLVED

Defender pre-reqs - ports.

Brass Contributor

Hi

 

We are running through the pre-reqs and unsure what exactly is required for the firewall section and allowing the ports: https://learn.microsoft.com/en-us/defender-for-identity/prerequisites#ports

 

Particularly the to column:

Protocol Transport Port From To

Internet ports    
SSL (*.atp.azure.com)TCP443Defender for Identity sensorDefender for Identity cloud service
Internal ports    
DNSTCP and UDP53Defender for Identity sensorDNS Servers
Netlogon (SMB, CIFS, SAM-R)TCP/UDP445Defender for Identity sensorAll devices on network
RADIUSUDP1813RADIUSDefender for Identity sensor
Localhost ports*Required for Sensor Service updater   
SSL (localhost)TCP444Sensor ServiceSensor Updater Service
NNR ports**    
NTLM over RPCTCPPort 135Defender for Identity sensorAll devices on network
NetBIOSUDP137Defender for Identity sensorAll devices on network
RDPTCP3389, only the first packet of Client helloDefender for Identity sensorAll devices on network

 

Any ideas?

 

Thanks

2 Replies
best response confirmed by Gary Smith (Brass Contributor)
Solution

@Gary Smith 
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".

Does this clarify the table syntax?

We haven't made any changes to our firewall, so I presume most of the traffic passes over port 443? Either way our DCs with agents are working.
1 best response

Accepted Solutions
best response confirmed by Gary Smith (Brass Contributor)
Solution

@Gary Smith 
It should be read like "The machine running the sensor should be allowed to connect to the MDI azure backend via port 433 using TCP."
Or "The machine running the sensor should be allowed to connect to all your DNS servers via port 53 using TCP or UDP".

Does this clarify the table syntax?

View solution in original post