check before: 2025-12-15
Product:
Defender, Defender for Identity, Defender XDR
Platform:
Online, US Instances, World tenant
Status:
Change type:
Feature update, User impact, Admin impact
Links:
Details:
Summary:
Microsoft Defender for Identity v2.x sensors will start using new IP addresses from the AzureAdvancedThreatProtection service tag range beginning mid-December 2025. Organizations restricting outbound IPs must update firewall rules to allow this range to avoid connectivity loss; no action is needed if the full range is already allowed.
Details:
[Introduction]
As part of ongoing infrastructure and security improvements, Microsoft Defender for Identity (MDI) v2.x sensors will begin using new IP addresses to communicate with the MDI cloud. These IPs will come exclusively from the published range associated with the service tag AzureAdvancedThreatProtection. This change improves reliability and aligns with Azure networking standards.
[When this will happen:]
General Availability (Worldwide, GCC, GCCH, DoD): Gradual rollout begins mid-December 2025.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-12-11
updated:
2025-12-11
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
Microsoft Defender for Identity v2.x sensors are updating their IP addresses for improved reliability and security, requiring organizations that restrict outbound traffic by IP address to update their firewall rules to recognize the new AzureAdvancedThreatProtection service tag range by mid-December 2025 to avoid connectivity issues.
Direct effects for Operations**
Loss of Connectivity
If organizations do not update their firewall rules to allow the new IP addresses, MDI sensors may lose connectivity to the MDI cloud, leading to potential security gaps.
- roles: Network Administrator, Security Analyst
- references: https://learn.microsoft.com/azure/virtual-network/service-tags-overview
Increased Security Risks
Failure to allow the new IP addresses may result in unmonitored network activity, increasing the risk of security incidents due to lack of visibility from MDI sensors.
- roles: Security Analyst, IT Manager
- references: https://learn.microsoft.com/azure/virtual-network/service-tags-overview
User Experience Degradation
If MDI sensors lose connectivity, users may experience delays or failures in security alerts and monitoring, impacting overall user experience and trust in security measures.
- roles: End User, IT Support
- references: https://learn.microsoft.com/azure/virtual-network/service-tags-overview
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
Last updated 3 weeks ago ago
