Azure NSG rule to allow VM to access MS 365 Defender

Question

I have a VNET which restricts all access outbound using an NSG except for 1 specific port which is used for an app it hosts. However I need a way to allow Defender to communicate with the MS 365 Defender portal so it can report in. I tried using a couple of the service tags (MS Cloud App security and ATP) but don't seem to work. Is there an IP or set of IPs I need to allow out for it to communicate?

score 0 · Answer 1 · answered Dec 09 '22 at 19:12

0

If it is the end point of the application you are protecting then:

MicrosoftDefenderForEndpoint

A full list of service tags is available here:

https://learn.microsoft.com/en-us/azure/virtual-network/service-tags-overview

answered Dec 09 '22 at 19:12

Shiraz Bhaiji

64,065
34
143
252

There is no MicrosoftDefenderForEndpoint tag (even though it is listed on the URL). I've tried a few tags but none seem to work. Is there a list of IP addresses required for Defender? – amaru96 Dec 13 '22 at 22:19

Azure NSG rule to allow VM to access MS 365 Defender

1 Answers1