Needs Ports MDI

Copper Contributor

Hello Everyone,

 

I'm working on Microsoft Defender for Identity topic, i am at the ports opening part. can you please tell me what is the need to open port 444? for updates are there not automatic updates without opening this port?
Thank you

7 Replies

@Nawel335 
Note that this is only TCP/444 for localhost, in 99% of cases it's  open by default.
It is used for communication between the sensor service and the updater service, 

and it's not just for automatic updates, the services needs to communicate for more operations, and if it's not working the sensor will fail to start.

@EliOfek 

thank you for the reply, on the other hand I will like to know for the port 444  is open from the sensor service to the sensor update service. it's in the cloud or to a URL like '* .atp.azure.com"?

@Nawel335 \No, it's localhost, internal machine communication between 2 windows services on the machine itself. nothing goes out of the machine via 444.

Before installation of DFI/ATP, due we need to check for port 444 open status in server or this port will list after the agent installtion?
It's best to verify it's open before deployment (it should be by default, we added this requirement to the docs because we had a few customers how tend to over harden, and it was blocked for them...)

@EliOfek what about when installing on exchange servers. they use port 444 already. so is there a way to change this?

MDI sensor was not designed to be used on Exchange servers, not just because of port 444,
Simply because it wouldn't know how to monitor it.
There is no reason to install it on Exchange machines.