This section describes the configuration of firewalls associated with hybrid systems built according to guidance in ASD's Blueprint for Secure Cloud.
Estimated reading time: 1 minute
The settings described on these pages should be used to provide reference to a baseline implementation for a system configured using the Blueprint. Any implementation implied by these pages should not be considered as prescriptive as to how an organisation must scope, build, document, or assess a system.
Implementation of the guidance provided by the Blueprint will differ depending on an organisation’s operating context and organisational culture. Organisations should implement the Blueprint in alignment with their existing change management, business processes and frameworks.
Placeholders such as
<TENANT-NAME> should be replaced with the relevant details as required.
The following Microsoft documentation should be referenced for products requiring allowlisting and firewall configuration:
- Set up Microsoft Defender for Endpoint deployment
- Microsoft Defender for Endpoint: Configure your devices to connect to the Defender for Endpoint service using a proxy
- Migrate from the MDE SIEM API to the Microsoft Defender XDR alerts API
- Microsoft Defender for Cloud Apps: Network requirements
- Microsoft 365: Office 365 URLs and IP address ranges
- Microsoft 365: Other endpoints not included in the Office 365 IP Address and URL Web service
- Microsoft Defender for Identity prerequisites
- Microsoft Entra ID: Hybrid Identity Required Ports and Protocols