check before: 2025-04-29
Product:
Defender, Defender for Cloud Apps, Defender XDR, Microsoft 365 Apps
Platform:
Online, World tenant
Status:
Change type:
User impact, Admin impact
Links:
Details:
Summary:
Update your firewall rules by April 29, 2025, to ensure continued access to Microsoft Defender for Cloud Apps. Allow outbound traffic on port 443 for specified IP addresses or add the Azure service tag 'AzureFrontDoor.MicrosoftSecurity'. More details can be found in the network requirements documentation.
Details:
Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 29, 2025.
Please follow these instructions by April 29, 2025, to ensure uninterrupted access to our services.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-05
updated:
2025-04-23
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
XXXXXXX ... free basic plan only
Direct effects for Operations**
Firewall Configuration Failure
If firewall rules are not updated, outbound traffic on port 443 may be blocked, leading to loss of access to Microsoft Defender for Cloud Apps services.
- roles: Network Administrator, IT Security Officer
- references: https://aka.ms/MDANetworkDocs
Service Disruption
Failure to update the firewall may result in service disruptions for users relying on Microsoft Defender for Cloud Apps, impacting their ability to perform security tasks.
- roles: End User, IT Support Specialist
- references: https://aka.ms/MDANetworkDocs
Increased Security Risks
Not updating the firewall could expose the organization to security vulnerabilities, as users may not receive critical updates and protections from Microsoft Defender.
- roles: IT Security Officer, Compliance Officer
- references: https://aka.ms/MDANetworkDocs
User Experience Degradation
Users may experience degraded performance or inability to access necessary security features, leading to frustration and decreased productivity.
- roles: End User, IT Support Specialist
- references: https://aka.ms/MDANetworkDocs
Compliance Issues
Failure to comply with the update requirements may lead to non-compliance with security standards, potentially resulting in audits or penalties.
- roles: Compliance Officer, IT Manager
- references: https://aka.ms/MDANetworkDocs
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
Imagine your office building has a security system that only allows certain people to enter through specific doors. Now, imagine Microsoft Defender for Cloud Apps as a VIP guest who needs access to your building to keep everything running smoothly. However, the doors they need to use are locked unless you update your security system to recognize them.
In IT terms, this means you need to update your firewall settings. Firewalls are like those security doors, controlling who can come in and out of your network. To keep Microsoft Defender for Cloud Apps functioning, you need to ensure your firewall allows them through. Specifically, you need to allow traffic on port 443, which is like a special entrance for secure communication.
Think of IP addresses as the unique identifiers for each guest trying to enter. You need to add specific IP addresses to your firewall's allowlist, much like giving a list of approved visitors to your security team. Alternatively, you can use a service tag, which is like a group pass that automatically includes all necessary guests.
If you don't make these updates by April 29, 2025, it's like leaving your VIP guest standing outside, unable to enter and perform their important tasks. To avoid this, ensure your firewall is updated to recognize the necessary IP addresses or service tag. This will ensure that Microsoft Defender for Cloud Apps can continue to provide its services without interruption. For more detailed instructions, you can refer to the network requirements documentation provided by Microsoft.
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-04-23 | MC prepare | Please ensure that your firewall rules are updated to allow outbound traffic on port 443 for the following IP addresses. This update should be completed and the IP addresses added to your firewall's allowlist by April 21, 2025:
13.107.228.0/24 13.107.229.0/24 13.107.219.0/24 13.107.227.0/24 150.171.97.0/24 All required outbound access IP addresses can also be found in Defender for Cloud Apps network requirements page under 'Portal Access'. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag: 'AzureFrontDoor.MicrosoftSecurity' to your allowlist. This tag will be adjusted to reflect the above range by April 21, 2025. Learn more: Network requirements documentation https://aka.ms/MDANetworkDocs | Please ensure that your firewall rules are updated to allow outbound traffic on port 443 for the following IP addresses. This update should be completed and the IP addresses added to your firewall's allowlist by April 29, 2025:
13.107.228.0/24 13.107.229.0/24 13.107.219.0/24 13.107.227.0/24 150.171.97.0/24 All required outbound access IP addresses can also be found in Defender for Cloud Apps network requirements page under 'Portal Access'. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag: 'AzureFrontDoor.MicrosoftSecurity' to your allowlist. This tag will be adjusted to reflect the above range by April 28, 2025. Learn more: Network requirements documentation https://aka.ms/MDANetworkDocs |
| 2025-04-23 | MC Summary | Update your firewall rules by April 29, 2025, to ensure continued access to Microsoft Defender for Cloud Apps. Allow outbound traffic on port 443 for specified IP addresses or add the Azure service tag 'AzureFrontDoor.MicrosoftSecurity'. More details can be found in the network requirements documentation. | |
| 2025-04-23 | MC Last Updated | 04/04/2025 21:58:44 | 2025-04-22T21:31:04Z |
| 2025-04-23 | MC Messages | Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 21, 2025.
Please follow these instructions by April 21, 2025, to ensure uninterrupted access to our services. | Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 29, 2025.
Please follow these instructions by April 29, 2025, to ensure uninterrupted access to our services. |
| 2025-04-23 | MC Action Required By | 04/21/2025 02:00:00 | 2025-04-29T02:00:00Z |
| 2025-04-23 | MC Title | Take Action by April 21, 2025 - Microsoft Defender for Cloud Apps Network Configuration | Take Action by April 29, 2025 - Microsoft Defender for Cloud Apps Network Configuration |
| 2025-04-23 | MC How Affect | You are receiving this message because our telemetry indicates your organization may be using Microsoft Defender for Cloud Apps.
If your organization restricts outbound traffic to Microsoft Defender for Cloud Apps based only on the DNS names in our documentation, or does not restrict access by IPs, this change will not impact you. This change will only impact your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Administrators may no longer be able to access some Microsoft Defender for Cloud Apps services if the changes listed below are not completed by April 21, 2025, when the changes listed below will start to be implemented. | You are receiving this message because our telemetry indicates your organization may be using Microsoft Defender for Cloud Apps.
If your organization restricts outbound traffic to Microsoft Defender for Cloud Apps based only on the DNS names in our documentation, or does not restrict access by IPs, this change will not impact you. This change will only impact your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Administrators may no longer be able to access some Microsoft Defender for Cloud Apps services if the changes listed below are not completed by April 29, 2025, when the changes listed below will start to be implemented. |
Last updated 4 months ago ago
