From 70d6ce55feed59c6b416559c7228479c2eb0516f Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 9 Apr 2020 09:25:37 -0700 Subject: [PATCH 1/5] Add warning about proxy support for Mac and Linux --- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 5 +++++ .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 5 +++++ 2 files changed, 10 insertions(+) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 14e534cd2c..bc6258a7dd 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -119,6 +119,11 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. For transparent proxies, no additional configuration is needed for Microsoft Defender ATP. For static proxy, follow the steps in [Manual Static Proxy Configuration](linux-static-proxy-configuration.md). +> [!WARNING] +> PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. +> +> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. + For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. ## How to update Microsoft Defender ATP for Linux diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index d5135bbd1c..1d466e8f1a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -84,6 +84,11 @@ Microsoft Defender ATP can discover a proxy server by using the following discov If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. +> [!WARNING] +> Authenticated proxies are not supported. Ensure that only WPAD or a static proxy is being used. +> +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. + To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. If you prefer the command line, you can also check the connection by running the following command in Terminal: From 00532f83f148d9cd4630d2bcc9d250be6942d57b Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 9 Apr 2020 09:46:32 -0700 Subject: [PATCH 2/5] Add warning about proxy support for Mac and Linux --- .../microsoft-defender-atp/linux-support-connectivity.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index d34c004a38..e351c06c07 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -54,7 +54,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index bc6258a7dd..b329eb98c9 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -122,7 +122,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> Intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. From 055bfa6736ad39f6ae7c60f04445fbc7da2b9290 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 9 Apr 2020 10:18:25 -0700 Subject: [PATCH 3/5] Updates --- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index b329eb98c9..1e1e74bd48 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -122,7 +122,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index 1d466e8f1a..faef121306 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -79,15 +79,16 @@ The following table lists the services and their associated URLs that your netwo | United States | unitedstates.x.cp.wd.microsoft.com
us-v20.events.data.microsoft.com
ussus1eastprod.blob.core.windows.net 
ussus1westprod.blob.core.windows.net | Microsoft Defender ATP can discover a proxy server by using the following discovery methods: +- Proxy auto-config (PAC) - Web Proxy Auto-discovery Protocol (WPAD) - Manual static proxy configuration If a proxy or firewall is blocking anonymous traffic, make sure that anonymous traffic is permitted in the previously listed URLs. > [!WARNING] -> Authenticated proxies are not supported. Ensure that only WPAD or a static proxy is being used. +> Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser. From 227b396e531ab3d4f51a679185e5f331d9f56b0f Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 9 Apr 2020 10:46:28 -0700 Subject: [PATCH 4/5] One more update --- .../microsoft-defender-atp/linux-support-connectivity.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index e351c06c07..ad40962466 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -54,7 +54,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: From c9224a5d5eea3fe40f5e41cda71e3bd87b63f6a7 Mon Sep 17 00:00:00 2001 From: Tudor Dobrila Date: Thu, 9 Apr 2020 10:59:34 -0700 Subject: [PATCH 5/5] Last update --- .../microsoft-defender-atp/linux-support-connectivity.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-linux.md | 2 +- .../microsoft-defender-atp/microsoft-defender-atp-mac.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md index ad40962466..308e1695b1 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md +++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md @@ -54,7 +54,7 @@ OK https://cdn.x.cp.wd.microsoft.com/ping > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. If a static proxy is required, add a proxy parameter to the above command, where `proxy_address:port` correspond to the proxy address and port: diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md index 1e1e74bd48..03f09902ea 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-linux.md @@ -122,7 +122,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t > [!WARNING] > PAC, WPAD, and authenticated proxies are not supported. Ensure that only a static proxy or transparent proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Linux to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. For troubleshooting steps, see the [Troubleshoot cloud connectivity issues for Microsoft Defender ATP for Linux](linux-support-connectivity.md) page. diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md index faef121306..a22b112426 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md +++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac.md @@ -88,7 +88,7 @@ If a proxy or firewall is blocking anonymous traffic, make sure that anonymous t > [!WARNING] > Authenticated proxies are not supported. Ensure that only PAC, WPAD, or a static proxy is being used. > -> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your proxy certificate to the global store will not allow for interception. +> SSL inspection and intercepting proxies are also not supported for security reasons. Configure an exception for SSL inspection and your proxy server to directly pass through data from Microsoft Defender ATP for Mac to the relevant URLs without interception. Adding your interception certificate to the global store will not allow for interception. To test that a connection is not blocked, open [https://x.cp.wd.microsoft.com/api/report](https://x.cp.wd.microsoft.com/api/report) and [https://cdn.x.cp.wd.microsoft.com/ping](https://cdn.x.cp.wd.microsoft.com/ping) in a browser.