Take Action by April 21, 2025 – Microsoft Defender for Cloud Apps Network Configuration

Originally posted by Microsoft Apr 7, 2025 Uncategorized 0 Comments

Summary: Due to ongoing work on Microsoft Defenderfor Cloud Apps aimed at improving security and performance, you are required toupdate network information in your system’s firewall by April 21, 2025.

Please follow these instructions by April 21, 2025, toensure uninterrupted access to our services.

How this will affect your organization:

You are receiving this message because our telemetryindicates your organization may be using Microsoft Defender for Cloud Apps.

If your organization restricts outbound traffic to MicrosoftDefender for Cloud Apps based only on the DNS names in our documentation, ordoes not restrict access by IPs, this change will not impact you. Thischange will only impact your organization if you are using a firewall allowlistthat restricts outbound traffic based on IP addresses or Azure service tags.

Administrators may no longer be able to access someMicrosoft Defender for Cloud Apps services if the changes listed below are notcompleted by April 21, 2025, when the changes listed below will start to beimplemented.

What you need to do to prepare:

Please ensure that your firewall rules are updated to allowoutbound traffic on port 443 for the following IP addresses. This update shouldbe completed and the IP addresses added to your firewall’s allowlist by April21, 2025:

13.107.228.0/24

13.107.229.0/24

13.107.219.0/24

13.107.227.0/24

150.171.97.0/24

All required outbound access IP addresses can also be foundin Defender for Cloud Appsnetwork requirements page under ‘Portal Access’.

Alternatively, if you currently allow outbound traffic basedon Azure service tags, please add the new Azure service tag:‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag will be adjustedto reflect the above range by April 21, 2025.

Learn more: Network requirementsdocumentation 

Message ID: MC1048530