You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/network-requirements.md
+14-14Lines changed: 14 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,7 +9,7 @@ ms.topic: reference
9
9
10
10
>[!IMPORTANT]
11
11
>
12
-
> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag will be adjusted to reflect the above range by April 21, 2025.
12
+
> **Take Immediate Action by April, 29 2025**, to ensure optimal service quality and prevent the interruption of some services. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag will be adjusted to reflect the above range by April 28, 2025.
13
13
> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
14
14
15
15
This article provides a list of ports and IP addresses you need to allow and allowlist to work with Microsoft Defender for Cloud Apps.
@@ -19,7 +19,7 @@ In order to stay up to date on IP ranges, it's recommended to refer to the follo
19
19
| Service tag name | Defender for Cloud Apps services included |
20
20
|:---|:---|
21
21
| MicrosoftCloudAppSecurity | Portal access, Access and session controls, SIEM agent connection, App connector, Mail server, Log collector. |
The following tables list the current static IP ranges covered by the MicrosoftCloudAppSecurity service tag. For latest list, refer to the [Azure service tags](/azure/virtual-network/service-tags-overview) documentation.
25
25
@@ -58,18 +58,18 @@ To use Defender for Cloud Apps in the Microsoft Defender Portal:
58
58
59
59
1. Allow the following items based on your data center:
> For portal access, instead of a wildcard (\*), you can choose to open only your specific tenant URL. For example, based on the screenshot above you can open: `contoso.us.portal.cloudappsecurity.com`. To determine your tenant URL, see the earlier section [View your data center](#view-your-data-center), and look for **API URL**.
> For portal access, instead of a wildcard (\*), you can choose to open only your specific tenant URL. For example, based on the screenshot above you can open: `contoso.us.portal.cloudappsecurity.com`. To determine your tenant URL, see the earlier section [View your data center](#view-your-data-center), and look for **API URL**.
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/protect-github.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -129,7 +129,7 @@ These steps can be completed independently of the [Configure GitHub Enterprise C
129
129
130
130
1. Select the **GitHub Profile picture** -> **your enterprises**.
131
131
1. Select **your enterprise account** and choose the account you want to connect to Microsoft Defender for Cloud Apps.
132
-
1. Confirm that the URL is the enterprise slug. For instance, in this example `https://github.com/enterprises/testEnterprise`*testEnterprise* is the enterprise slug.
132
+
1. Confirm that the URL is the enterprise slug. For instance, in this example `https://github.com/enterprises/testEnterprise`*testEnterprise* is the enterprise slug. Enter only the enterprise slug, not the entire URL.
133
133
134
134
1. Select **Next**.
135
135
@@ -142,7 +142,7 @@ These steps can be completed independently of the [Configure GitHub Enterprise C
142
142
-**admin:org** - required for synchronizing your organization's audit log
143
143
-**read:user** and **user:email** - required for synchronizing your organization's members
144
144
-**repo:status** - required for synchronizing repository-related events in the audit log
145
-
-**admin:enterprise** - required for SSPM capabilities, Note that provided user must be the owner of the enterprise account.
145
+
-**read:enterprise** - required for SSPM capabilities. Note that provided user must be the owner of the enterprise account.
146
146
147
147
For more information about OAuth scopes, see [Understanding scopes for OAuth Apps](https://docs.github.com/developers/apps/building-oauth-apps/scopes-for-oauth-apps).
Copy file name to clipboardExpand all lines: CloudAppSecurityDocs/release-notes.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,7 +22,7 @@ For news about earlier releases, see [Archive of past updates for Microsoft Defe
22
22
23
23
>[!IMPORTANT]
24
24
>
25
-
> **Take Immediate Action by April, 21 2025**, to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you're using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 21, 2025.
25
+
> **Take Immediate Action by April, 29 2025**, to ensure optimal service quality and prevent the interruption of some services. This change will only affect your organization if you're using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags. Update your firewall rules to allow outbound traffic on port 443 for the following IP addresses: 13.107.228.0/24, 13.107.229.0/24, 13.107.219.0/24, 13.107.227.0/24, 150.171.97.0/24. Alternatively use as an additional Azure service tag, ‘AzureFrontDoor.MicrosoftSecurity’, that will be adjusted to reflect the above range by April 21, 2025. This update should be completed and the IP addresses or new Azure service tag added to your firewall's allowlist by April 28, 2025.
26
26
> This change only affects commercial customers of Microsoft Defender for Cloud Apps. Customers connected to the Gov US1 or GCC datacenters won't be affected.
| Amazon Linux 2 |[https://packages.microsoft.com/config/amazonlinux/2/prod.repo](https://packages.microsoft.com/config/amazonlinux/2/prod.repo)|
87
88
| Amazon Linux 2023 |[https://packages.microsoft.com/config/amazonlinux/2023/prod.repo](https://packages.microsoft.com/config/amazonlinux/2023/prod.repo)|
0 commit comments