Needs Ports MDI

%3CLINGO-SUB%20id%3D%22lingo-sub-2113737%22%20slang%3D%22en-US%22%3ENeeds%20Ports%20MDI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113737%22%20slang%3D%22en-US%22%3E%3CP%3EHello%20Everyone%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI'm%20working%20on%20Microsoft%20Defender%20for%20Identity%20topic%2C%20i%20am%20at%20the%20ports%20opening%20part.%20can%20you%20please%20tell%20me%20what%20is%20the%20need%20to%20open%20port%20444%3F%20for%20updates%20are%20there%20not%20automatic%20updates%20without%20opening%20this%20port%3F%3CBR%20%2F%3EThank%20you%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2114013%22%20slang%3D%22en-US%22%3ERe%3A%20Needs%20Ports%20MDI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2114013%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F954755%22%20target%3D%22_blank%22%3E%40Nawel335%3C%2FA%3E%26nbsp%3B%5CNo%2C%20it's%20localhost%2C%20internal%20machine%20communication%20between%202%20windows%20services%20on%20the%20machine%20itself.%20nothing%20goes%20out%20of%20the%20machine%20via%20444.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113911%22%20slang%3D%22en-US%22%3ERe%3A%20Needs%20Ports%20MDI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113911%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F106935%22%20target%3D%22_blank%22%3E%40Eli%20Ofek%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3Ethank%20you%20for%20the%20reply%2C%20on%20the%20other%20hand%20I%20will%20like%20to%20know%20for%20the%20port%20444%26nbsp%3B%20is%20open%20from%20the%20sensor%20service%20to%20the%20sensor%20update%20service.%20it's%20in%20the%20cloud%20or%20to%20a%20URL%20like%20'*%20.atp.azure.com%22%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2113880%22%20slang%3D%22en-US%22%3ERe%3A%20Needs%20Ports%20MDI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2113880%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F954755%22%20target%3D%22_blank%22%3E%40Nawel335%3C%2FA%3E%26nbsp%3B%3CBR%20%2F%3ENote%20that%20this%20is%20only%20TCP%2F444%20for%20localhost%2C%20in%2099%25%20of%20cases%20it's%26nbsp%3B%20open%20by%20default.%3CBR%20%2F%3EIt%20is%20used%20for%20communication%20between%20the%20sensor%20service%20and%20the%20updater%20service%2C%26nbsp%3B%3C%2FP%3E%0A%3CP%3Eand%20it's%20not%20just%20for%20automatic%20updates%2C%20the%20services%20needs%20to%20communicate%20for%20more%20operations%2C%20and%20if%20it's%20not%20working%20the%20sensor%20will%20fail%20to%20start.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2186608%22%20slang%3D%22en-US%22%3ERe%3A%20Needs%20Ports%20MDI%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2186608%22%20slang%3D%22en-US%22%3EBefore%20installation%20of%20DFI%2FATP%2C%20due%20we%20need%20to%20check%20for%20port%20444%20open%20status%20in%20server%20or%20this%20port%20will%20list%20after%20the%20agent%20installtion%3F%3C%2FLINGO-BODY%3E
Occasional Contributor

Hello Everyone,

 

I'm working on Microsoft Defender for Identity topic, i am at the ports opening part. can you please tell me what is the need to open port 444? for updates are there not automatic updates without opening this port?
Thank you

5 Replies

@Nawel335 
Note that this is only TCP/444 for localhost, in 99% of cases it's  open by default.
It is used for communication between the sensor service and the updater service, 

and it's not just for automatic updates, the services needs to communicate for more operations, and if it's not working the sensor will fail to start.

@Eli Ofek 

thank you for the reply, on the other hand I will like to know for the port 444  is open from the sensor service to the sensor update service. it's in the cloud or to a URL like '* .atp.azure.com"?

@Nawel335 \No, it's localhost, internal machine communication between 2 windows services on the machine itself. nothing goes out of the machine via 444.

Before installation of DFI/ATP, due we need to check for port 444 open status in server or this port will list after the agent installtion?
It's best to verify it's open before deployment (it should be by default, we added this requirement to the docs because we had a few customers how tend to over harden, and it was blocked for them...)