This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
All internet traffic in our org goes via a forward web proxy. It also has the capability to bypass SSL inspection should we need to. I have been looking at deploying the Azure ATP sensor to my domain controllers but security teams are uncomfortable with it's egress requirements to the internet. From the documentation it seems like you must use the WinHTTP proxy as the agent runs in the SYSTEM content but that essentially means anything running in that context has access to POST to the those URLs. Granted they are Microsoft URLs. I was wondering if the proxy can be setup just for the agent within it's config or if it supported certificate based proxy authentication or the like?
@shockoQA
Thank you for the post!
Have you looked into the Configure endpoint proxy and Internet connectivity settings for your Azure ATP Sensor documentation? It goes over setting up the Azure ATP sensor via CLI, WinINet, or your server registry.
If you require more granular control over your ports, you can consider allowing traffic using the following service URLs:
Additional Link:
Azure ATP Tech Community
If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.
@shockoQA
I just wanted to check in and see if you had any other questions or if you were able to resolve this issue?