check before: 2025-04-29
Product:
Defender, Defender for Cloud Apps, Defender XDR, Microsoft 365 Apps
Platform:
Online, World tenant
Status:
Change type:
User impact, Admin impact
Links:
Details:
Summary:
Update your firewall rules by April 29, 2025, to ensure continued access to Microsoft Defender for Cloud Apps. Allow outbound traffic on port 443 for specified IP addresses or add the Azure service tag 'AzureFrontDoor.MicrosoftSecurity'. More details can be found in the network requirements documentation.
Details:
Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 29, 2025.
Please follow these instructions by April 29, 2025, to ensure uninterrupted access to our services.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2025-04-05
updated:
2025-04-23
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
summary for non-techies**
To ensure Microsoft Defender for Cloud Apps functions properly, update your firewall settings to allow traffic on port 443 and add the necessary IP addresses or service tag to the allowlist by April 29, 2025.
Direct effects for Operations**
Firewall Configuration Failure
If firewall rules are not updated, outbound traffic on port 443 may be blocked, leading to loss of access to Microsoft Defender for Cloud Apps services.
- roles: Network Administrator, IT Security Officer
- references: https://aka.ms/MDANetworkDocs
Service Disruption
Failure to update the firewall may result in service disruptions for users relying on Microsoft Defender for Cloud Apps, impacting their ability to perform security tasks.
- roles: End User, IT Support Specialist
- references: https://aka.ms/MDANetworkDocs
Increased Security Risks
Not updating the firewall could expose the organization to security vulnerabilities, as users may not receive critical updates and protections from Microsoft Defender.
- roles: IT Security Officer, Compliance Officer
- references: https://aka.ms/MDANetworkDocs
User Experience Degradation
Users may experience degraded performance or inability to access necessary security features, leading to frustration and decreased productivity.
- roles: End User, IT Support Specialist
- references: https://aka.ms/MDANetworkDocs
Compliance Issues
Failure to comply with the update requirements may lead to non-compliance with security standards, potentially resulting in audits or penalties.
- roles: Compliance Officer, IT Manager
- references: https://aka.ms/MDANetworkDocs
Configutation Options**
XXXXXXX ... paid membership only
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
explanation for non-techies**
XXXXXXX ... free basic plan only
** AI generated content. This information must be reviewed before use.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.
change history
| Date | Property | old | new |
| 2025-04-23 | MC prepare | Please ensure that your firewall rules are updated to allow outbound traffic on port 443 for the following IP addresses. This update should be completed and the IP addresses added to your firewall's allowlist by April 21, 2025:
13.107.228.0/24 13.107.229.0/24 13.107.219.0/24 13.107.227.0/24 150.171.97.0/24 All required outbound access IP addresses can also be found in Defender for Cloud Apps network requirements page under 'Portal Access'. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag: 'AzureFrontDoor.MicrosoftSecurity' to your allowlist. This tag will be adjusted to reflect the above range by April 21, 2025. Learn more: Network requirements documentation https://aka.ms/MDANetworkDocs | Please ensure that your firewall rules are updated to allow outbound traffic on port 443 for the following IP addresses. This update should be completed and the IP addresses added to your firewall's allowlist by April 29, 2025:
13.107.228.0/24 13.107.229.0/24 13.107.219.0/24 13.107.227.0/24 150.171.97.0/24 All required outbound access IP addresses can also be found in Defender for Cloud Apps network requirements page under 'Portal Access'. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag: 'AzureFrontDoor.MicrosoftSecurity' to your allowlist. This tag will be adjusted to reflect the above range by April 28, 2025. Learn more: Network requirements documentation https://aka.ms/MDANetworkDocs |
| 2025-04-23 | MC Summary | Update your firewall rules by April 29, 2025, to ensure continued access to Microsoft Defender for Cloud Apps. Allow outbound traffic on port 443 for specified IP addresses or add the Azure service tag 'AzureFrontDoor.MicrosoftSecurity'. More details can be found in the network requirements documentation. | |
| 2025-04-23 | MC Last Updated | 04/04/2025 21:58:44 | 2025-04-22T21:31:04Z |
| 2025-04-23 | MC Messages | Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 21, 2025.
Please follow these instructions by April 21, 2025, to ensure uninterrupted access to our services. | Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 29, 2025.
Please follow these instructions by April 29, 2025, to ensure uninterrupted access to our services. |
| 2025-04-23 | MC Action Required By | 04/21/2025 02:00:00 | 2025-04-29T02:00:00Z |
| 2025-04-23 | MC Title | Take Action by April 21, 2025 - Microsoft Defender for Cloud Apps Network Configuration | Take Action by April 29, 2025 - Microsoft Defender for Cloud Apps Network Configuration |
| 2025-04-23 | MC How Affect | You are receiving this message because our telemetry indicates your organization may be using Microsoft Defender for Cloud Apps.
If your organization restricts outbound traffic to Microsoft Defender for Cloud Apps based only on the DNS names in our documentation, or does not restrict access by IPs, this change will not impact you. This change will only impact your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Administrators may no longer be able to access some Microsoft Defender for Cloud Apps services if the changes listed below are not completed by April 21, 2025, when the changes listed below will start to be implemented. | You are receiving this message because our telemetry indicates your organization may be using Microsoft Defender for Cloud Apps.
If your organization restricts outbound traffic to Microsoft Defender for Cloud Apps based only on the DNS names in our documentation, or does not restrict access by IPs, this change will not impact you. This change will only impact your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Administrators may no longer be able to access some Microsoft Defender for Cloud Apps services if the changes listed below are not completed by April 29, 2025, when the changes listed below will start to be implemented. |
Last updated 3 weeks ago
