Azure ATP Sensor Proxy Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-1792999%22%20slang%3D%22en-US%22%3EAzure%20ATP%20Sensor%20Proxy%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1792999%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EAll%20internet%20traffic%20in%20our%20org%20goes%20via%20a%20forward%20web%20proxy.%20It%20also%20has%20the%20capability%20to%20bypass%20SSL%20inspection%20should%20we%20need%20to.%20I%20have%20been%20looking%20at%20deploying%20the%20Azure%20ATP%20sensor%20to%20my%20domain%20controllers%20but%20security%20teams%20are%20uncomfortable%20with%20it's%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fsecurity%2Fthreat-protection%2Fmicrosoft-defender-atp%2Fconfigure-proxy-internet%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Eegress%20requirements%20to%20the%20internet%3C%2FA%3E%3CSPAN%3E.%20From%20the%20documentation%20it%20seems%20like%20you%20must%20use%20the%20WinHTTP%20proxy%20as%20the%20agent%20runs%20in%20the%20SYSTEM%20content%20but%20that%20essentially%20means%20anything%20running%20in%20that%20context%20has%20access%20to%20POST%20to%20the%20those%20URLs.%20Granted%20they%20are%20Microsoft%20URLs.%20I%20was%20wondering%20if%20the%20proxy%20can%20be%20setup%20just%20for%20the%20agent%20within%20it's%20config%20or%20if%20it%20supported%20certificate%20based%20proxy%20authentication%20or%20the%20like%3F%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

All internet traffic in our org goes via a forward web proxy. It also has the capability to bypass SSL inspection should we need to. I have been looking at deploying the Azure ATP sensor to my domain controllers but security teams are uncomfortable with it's egress requirements to the internet. From the documentation it seems like you must use the WinHTTP proxy as the agent runs in the SYSTEM content but that essentially means anything running in that context has access to POST to the those URLs. Granted they are Microsoft URLs. I was wondering if the proxy can be setup just for the agent within it's config or if it supported certificate based proxy authentication or the like?

0 Replies