Summary: Due to ongoing work on Microsoft Defender
for Cloud Apps aimed at improving security and performance, you are required to
update network information in your system’s firewall by April 21, 2025.
Please follow these instructions by April 21, 2025, to
ensure uninterrupted access to our services.
How this will affect your organization:
You are receiving this message because our telemetry
indicates your organization may be using Microsoft Defender for Cloud Apps.
If your organization restricts outbound traffic to Microsoft
Defender for Cloud Apps based only on the DNS names in our documentation, or
does not restrict access by IPs, this change will not impact you. This
change will only impact your organization if you are using a firewall allowlist
that restricts outbound traffic based on IP addresses or Azure service tags.
Administrators may no longer be able to access some
Microsoft Defender for Cloud Apps services if the changes listed below are not
completed by April 21, 2025, when the changes listed below will start to be
implemented.
What you need to do to prepare:
Please ensure that your firewall rules are updated to allow
outbound traffic on port 443 for the following IP addresses. This update should
be completed and the IP addresses added to your firewall’s allowlist by April
21, 2025:
13.107.228.0/24
13.107.229.0/24
13.107.219.0/24
13.107.227.0/24
150.171.97.0/24
All required outbound access IP addresses can also be found
in Defender for Cloud Apps
network requirements page under ‘Portal Access’.
Alternatively, if you currently allow outbound traffic based
on Azure service tags, please add the new Azure service tag:
‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag will be adjusted
to reflect the above range by April 21, 2025.
Learn more: Network requirements
documentation