Take Action by April 29, 2025 - Microsoft Defender for Cloud Apps Network Configuration

Summary: Due to ongoing work on Microsoft Defender for Cloud Apps aimed at improving security and performance, you are required to update network information in your system's firewall by April 29, 2025.

Please follow these instructions by April 29, 2025, to ensure uninterrupted access to our services.

How this will affect your organization:

You are receiving this message because our telemetry indicates your organization may be using Microsoft Defender for Cloud Apps.

If your organization restricts outbound traffic to Microsoft Defender for Cloud Apps based only on the DNS names in our documentation, or does not restrict access by IPs, this change will not impact you. This change will only impact your organization if you are using a firewall allowlist that restricts outbound traffic based on IP addresses or Azure service tags.

Administrators may no longer be able to access some Microsoft Defender for Cloud Apps services if the changes listed below are not completed by April 29, 2025, when the changes listed below will start to be implemented.

What you need to do to prepare:

Please ensure that your firewall rules are updated to allow outbound traffic on port 443 for the following IP addresses. This update should be completed and the IP addresses added to your firewall's allowlist by April 29, 2025:

13.107.228.0/24

13.107.229.0/24

13.107.219.0/24

13.107.227.0/24

150.171.97.0/24

All required outbound access IP addresses can also be found in Defender for Cloud Apps network requirements page under 'Portal Access'.

Alternatively, if you currently allow outbound traffic based on Azure service tags, please add the new Azure service tag: ‘AzureFrontDoor.MicrosoftSecurity’ to your allowlist. This tag will be adjusted to reflect the above range by April 28, 2025.

Learn more: Network requirements documentation