Azure Arc and Defender for Endpoint Ports & URLs
Security, Microsoft 36508/02/2022
During the onboarding / rollout of Defender for Endpoint and Azure Arc Agent, the network plays a significant role. Communication via the Internet is usually restricted by segmented networks and secured by firewalls and proxies. To prevent errors or communication problems, the required ports & URLs should be opened to ensure seamless onboarding and operational processes.
For this purpose, I have collected the relevant ports and URLs for Defender for Endpoint, Microsoft Defender Antivirus, Azure Arc Agent, Microsoft Defender SmartScreen, Azure Monitor Agent in the table below.
| Usage | Region | Subcategory | Port | Url |
|---|---|---|---|---|
| Microsoft Defender for Endpoint | WW | CRL | 80 | crl.microsoft.com |
| Microsoft Defender for Endpoint | WW | CRL | 80 | ctldl.windowsupdate.com |
| Microsoft Defender for Endpoint | WW | CRL | 80 | www.microsoft.com/pkiops/* |
| Microsoft Defender for Endpoint | WW | CRL | 80 | www.microsoft.com/pki/* |
| Microsoft Defender for Endpoint | WW | Common | 443 | events.data.microsoft.com |
| Microsoft Defender for Endpoint | WW | Common | 443 | *.wns.windows.com |
| Microsoft Defender for Endpoint | WW | Common | 443 | login.microsoftonline.com |
| Microsoft Defender for Endpoint | WW | Common | 443 | login.live.com |
| Microsoft Defender for Endpoint | WW | Common | 443 | settings-win.data.microsoft.com |
| Microsoft Defender for Endpoint | WW | Common (Mac/Linux) | 443 | x.cp.wd.microsoft.com |
| Microsoft Defender for Endpoint | WW | Common (Mac/Linux) | 443 | cdn.x.cp.wd.microsoft.com |
| Microsoft Defender for Endpoint | WW | Common (Mac/Linux) | 443 | officecdn-microsoft-com.akamaized.net |
| Microsoft Defender for Endpoint | WW | Common (Linux) | 443 | packages.microsoft.com |
| Microsoft Defender for Endpoint | WW | Microsoft Defender for Endpoint | 443 | login.windows.net |
| Microsoft Defender for Endpoint | WW | Microsoft Defender for Endpoint | 443 | *.security.microsoft.com |
| Microsoft Defender for Endpoint | WW | Microsoft Defender for Endpoint | 443 | .blob.core.windows.net/networkscannerstable/ |
| Microsoft Defender for Endpoint | WW | Security Management | 443 | enterpriseregistration.windows.net |
| Microsoft Defender for Endpoint | WW | Security Management | 443 | *.dm.microsoft.com |
| Microsoft Defender for Endpoint | WW | Microsoft Monitoring Agent (MMA) | 443 | *.ods.opinsights.azure.com |
| Microsoft Defender for Endpoint | WW | Microsoft Monitoring Agent (MMA) | 443 | *.oms.opinsights.azure.com |
| Microsoft Defender for Endpoint | WW | Microsoft Monitoring Agent (MMA) | 443 | *.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | unitedstates.x.cp.wd.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | us.vortex-win.data.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | us-v20.events.data.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | winatp-gw-cus.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | winatp-gw-eus.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | winatp-gw-cus3.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | winatp-gw-eus3.microsoft.com |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | automatedirstrprdcus.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | automatedirstrprdeus.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | automatedirstrprdcus3.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | automatedirstrprdeus3.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus1eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus2eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus3eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus4eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | wsus1eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | wsus2eastprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus1westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus2westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus3westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | ussus4westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | wsus1westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | US | Microsoft Defender for Endpoint US | 443 | wsus2westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | europe.x.cp.wd.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | eu.vortex-win.data.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | eu-v20.events.data.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | winatp-gw-neu.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | winatp-gw-weu.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | winatp-gw-neu3.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | winatp-gw-weu3.microsoft.com |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | automatedirstrprdneu.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | automatedirstrprdweu.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | automatedirstrprdneu3.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | automatedirstrprdweu3.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | usseu1northprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | wseu1northprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | usseu1westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | EU | Microsoft Defender for Endpoint EU | 443 | wseu1westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | unitedkingdom.x.cp.wd.microsoft.com |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | uk.vortex-win.data.microsoft.com |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | uk-v20.events.data.microsoft.com |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | winatp-gw-uks.microsoft.com |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | winatp-gw-ukw.microsoft.com |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | automatedirstrprduks.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | automatedirstrprdukw.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | ussuk1southprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | wsuk1southprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | ussuk1westprod.blob.core.windows.net |
| Microsoft Defender for Endpoint | UK | Microsoft Defender for Endpoint UK | 443 | wsuk1westprod.blob.core.windows.net |
| Microsoft Defender Antivirus | WW | UTC | 443 | vortex-win.data.microsoft.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | *.update.microsoft.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | *.delivery.mp.microsoft.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | *.windowsupdate.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | go.microsoft.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | definitionupdates.microsoft.com |
| Microsoft Defender Antivirus | WW | MU / WU | 443 | https://www.microsoft.com/security/encyclopedia/adlpackages.aspx |
| Microsoft Defender Antivirus | WW | MU (ADL) | 443 | *.download.windowsupdate.com |
| Microsoft Defender Antivirus | WW | MU (ADL) | 443 | *.download.microsoft.com |
| Microsoft Defender Antivirus | WW | MU (ADL) | 443 | fe3cr.delivery.mp.microsoft.com/ClientWebService/client.asmx |
| Microsoft Defender Antivirus | WW | Symbols | 443 | https://msdl.microsoft.com/download/symbols |
| Microsoft Defender Antivirus | WW | MAPS | 443 | *.wdcp.microsoft.com |
| Microsoft Defender Antivirus | WW | MAPS | 443 | *.wd.microsoft.com |
| Microsoft Defender SmartScreen | WW | Reporting and Notifications | 443 | *.smartscreen-prod.microsoft.com |
| Microsoft Defender SmartScreen | WW | Reporting and Notifications | 443 | *.smartscreen.microsoft.com |
| Microsoft Defender SmartScreen | WW | Reporting and Notifications | 443 | *.checkappexec.microsoft.com |
| Microsoft Defender SmartScreen | WW | Reporting and Notifications | 443 | *.urs.microsoft.com |
| Azure Arc Agent | WW | Used to resolve the download script during installation | aka.ms | |
| Azure Arc Agent | WW | Used to download the Windows installation package | download.microsoft.com | |
| Azure Arc Agent | WW | Used to download the Linux installation package | packages.microsoft.com | |
| Azure Arc Agent | WW | Azure Active Directory | login.windows.net | |
| Azure Arc Agent | WW | Azure Active Directory | login.microsoftonline.com | |
| Azure Arc Agent | WW | Azure Active Directory | pas.windows.net | |
| Azure Arc Agent | WW | Azure Resource Manager - to create or delete the Arc server resource | management.azure.com | |
| Azure Arc Agent | WW | Metadata and hybrid identity services | *.his.arc.azure.com | |
| Azure Arc Agent | WW | Extension management and guest configuration services | *.guestconfiguration.azure.com | |
| Azure Arc Agent | WW | Notification service for extension and connectivity scenarios | guestnotificationservice.azure.com,*.guestnotificationservice.azure.com | |
| Azure Arc Agent | WW | Notification service for extension and connectivity scenarios | azgn*.servicebus.windows.net | |
| Azure Arc Agent | WW | For Windows Admin Center and SSH scenarios | *.servicebus.windows.net | |
| Azure Arc Agent | WW | Download source for Azure Arc-enabled servers extensions | *.blob.core.windows.net | |
| Azure Arc Agent | WW | Agent telemetry | dc.services.visualstudio.com | |
| Log Analytics Agent/Microsoft Monitoring Agent | WW | 443 | *.ods.opinsights.azure.com | |
| Log Analytics Agent/Microsoft Monitoring Agent | WW | 443 | *.oms.opinsights.azure.com | |
| Log Analytics Agent/Microsoft Monitoring Agent | WW | 443 | *.blob.core.windows.net | |
| Log Analytics Agent/Microsoft Monitoring Agent | WW | 443 | *.azure-automation.net | |
| Azure Monitor Agent | WW | Access control service | 443 | global.handler.control.monitor.azure.com |
| Azure Monitor Agent | WW | Fetch data collection rules for specific machine | 443 | *.handler.control.monitor.azure.com |
Azure Active Directory License Assignment for Groups
The Azure Active Directory has for some time been offering the ability to assign licenses to users such as EMS, Office 365 (Exchange, SharePoint, etc.), but can also provide groups with licenses. As soon as a user is added to a group, if there are still enough licenses available, the user will receive the corresponding license assigned to the group. This works with synchronized groups from the local Active Directory as well as with Azure AD Security and dynamic groups.
Azure DevOps PowerShell Module - Part 1
If you are like me - at least in terms of lazyness - you automate the stuff that you face more than once. Recently, I came accross the reoccuring task of creating Azure DevOps projects with several teams over and over again.