This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 20%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Hi,
We found there are requests to the domain ami.cloud-dev.defender.microsoft.com from the AKS begining few days ago. It is blocked by the outbound firewall. We want to whitelist the domain, but we cannot find it listed in https://learn.microsoft.com/en-us/azure/aks/outbound-rules-control-egress. May I know what this domain is for ?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(294.40000000000003, 47%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMR%3C/text%3E%3C/svg%3E)
Hi Kit Shing Kwong,
I would like to check the status of this case. Please let me know if you have any further queries!
Let me know if you have any further queries!
If the information is helpful, please click "upvote" to let us know.
Hi Kit Shing Kwong,
Microsoft Defender for Containers is a cloud-native solution to enhance, monitor, and maintain the security of your containerized assets (Kubernetes clusters, nodes, workloads, registries, images, and more) and their applications across multicloud and on-premises environments.
To protect your Kubernetes containers, Defender for Containers receives and analyzes:
To learn more about implementation details such as supported operating systems, feature availability, outbound proxy, see Defender for Containers feature availability.
Hope this helps!
Let me know if you have any further queries!
If the information is helpful, please click "upvote" to let us know.
thanks for your reply.
so the domain ami.cloud-dev.defender.microsoft.com is a endpoint in Microsoft Defender for Containers for collecting security data and event?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(214.4, 32%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKS%3C/text%3E%3C/svg%3E)
Here is a list of domains to whitelist in AKS. However i cannot find the mentioned domain in the list. I am also experiencing FW block for this domain. https://learn.microsoft.com/en-us/azure/aks/outbound-rules-control-egress#aks-features-addons-and-integrations
Hi Kit Shing Kwong,
Just to make sure and confirm the domain is tied to Defender’s onboarding, can you run the command tcpdump --snapshot-length=0 -vvv | grep defender.microsoft.com.
AFAIK, If you have enabled Defender, then no issue in whitelisting the domain.
Hope it helps!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(51.2, 30%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES4%3C/text%3E%3C/svg%3E)
We saw this aswell. Also strange is how it is communicating on port 80 without https