Networking requirements
This article lists the interfaces that must be accessible on Microsoft Defender for IoT network sensors, on-premises management consoles, and deployment workstations in order for services to function as expected.
Make sure that your organization's security policy allows access for the interfaces listed in the tables below.
User access to the sensor and management console
| Protocol | Transport | In/Out | Port | Used | Purpose | Source | Destination |
|---|---|---|---|---|---|---|---|
| SSH | TCP | In/Out | 22 | CLI | To access the CLI | Client | Sensor and on-premises management console |
| HTTPS | TCP | In/Out | 443 | To access the sensor, and on-premises management console web console | Access to Web console | Client | Sensor and on-premises management console |
Sensor access to Azure portal
| Protocol | Transport | In/Out | Port | Purpose | Source | Destination |
|---|---|---|---|---|---|---|
| HTTPS | TCP | Out | 443 | Access to Azure | Sensor | OT network sensors connect to Azure to provide alert and device data and sensor health messages, access threat intelligence packages, and more. Connected Azure services include IoT Hub, Blob Storage, Event Hubs, and the Microsoft Download Center. Download the list from the Sites and sensors page in the Azure portal. Select an OT sensor with software versions 22.x or higher, or a site with one or more supported sensor versions. Then, select More options > Download endpoint details. For more information, see Sensor management options from the Azure portal. |
Sensor access to the on-premises management console
| Protocol | Transport | In/Out | Port | Used | Purpose | Source | Destination |
|---|---|---|---|---|---|---|---|
| NTP | UDP | In/Out | 123 | Time Sync | Connects the NTP to the on-premises management console | Sensor | On-premises management console |
| TLS/SSL | TCP | In/Out | 443 | Give the sensor access to the on-premises management console. | The connection between the sensor, and the on-premises management console | Sensor | On-premises management console |
Other firewall rules for external services (optional)
Open these ports to allow extra services for Defender for IoT.
| Protocol | Transport | In/Out | Port | Used | Purpose | Source | Destination |
|---|---|---|---|---|---|---|---|
| SMTP | TCP | Out | 25 | Used to open the customer's mail server, in order to send emails for alerts, and events | Sensor and On-premises management console | Email server | |
| DNS | TCP/UDP | In/Out | 53 | DNS | The DNS server port | On-premises management console and Sensor | DNS server |
| HTTP | TCP | Out | 80 | The CRL download for certificate validation when uploading certificates. | Access to the CRL server | Sensor and on-premises management console | CRL server |
| WMI | TCP/UDP | Out | 135, 1025-65535 | Monitoring | Windows Endpoint Monitoring | Sensor | Relevant network element |
| SNMP | UDP | Out | 161 | Monitoring | Monitors the sensor's health | On-premises management console and Sensor | SNMP server |
| LDAP | TCP | In/Out | 389 | Active Directory | Allows Active Directory management of users that have access, to sign in to the system | On-premises management console and Sensor | LDAP server |
| Proxy | TCP/UDP | In/Out | 443 | Proxy | To connect the sensor to a proxy server | On-premises management console and Sensor | Proxy server |
| Syslog | UDP | Out | 514 | LEEF | The logs that are sent from the on-premises management console to Syslog server | On-premises management console and Sensor | Syslog server |
| LDAPS | TCP | In/Out | 636 | Active Directory | Allows Active Directory management of users that have access, to sign in to the system | On-premises management console and Sensor | LDAPS server |
| Tunneling | TCP | In | 9000 In addition to port 443 Allows access from the sensor, or end user, to the on-premises management console Port 22 from the sensor to the on-premises management console |
Monitoring | Tunneling | Endpoint, Sensor | On-premises management console |
Next steps
For more information, see Plan and prepare for deploying a Defender for IoT site.