Skip to Content

MC1194061: IP address changes in Defender for Identity v2.x sensor communication

By: Author Alex Lim

Posted on

Categories Update

Home » Update » MC1194061: IP address changes in Defender for Identity v2.x sensor communication

Summary

  • MDI v2.x sensors will use new IP addresses from the AzureAdvancedThreatProtection service tag.
  • Organizations restricting outbound traffic by IP address may lose connectivity if policies aren’t updated.
  • No disruption for those already allowing the full published IP range.
  • Review and update firewall policies to accommodate the new IP range.
  • This change impacts administrators and users, requiring attention to network configurations.

Admin Impact: High
User Impact: Low
Release Start: 15 Dec 2025
Release End: 15 Dec 2025
Services: Defender XDR
Category: Stay informed
Tags: Feature Update, User Adoption, Admin Action

History

12/10/2025 Item Added to Message Center

Microsoft Message

Introduction

As part of ongoing infrastructure and security improvements, Microsoft Defender for Identity (MDI) v2.x sensors will begin using new IP addresses to communicate with the MDI cloud. These IPs will come exclusively from the published range associated with the service tag AzureAdvancedThreatProtection. This change improves reliability and aligns with Azure networking standards.

When this will happen

General Availability (Worldwide, GCC, GCCH, DoD): Gradual rollout begins mid-December 2025.

How this affects your organization

Who is affected: Organizations using Microsoft Defender for Identity v2.x sensors and restricting outbound traffic by IP address.

What will happen:

  • MDI sensors will start using new IP addresses from the published AzureAdvancedThreatProtection range.
  • No addresses outside the published range will be used.
  • Organizations that already allow the full published range will not experience any disruption.
  • If IP restrictions exist and are not updated, sensors may lose connectivity to the MDI cloud.

What you can do to prepare

If your organization already allows the full published range, no action is needed.

Otherwise:

  • Review any firewall or network policies that restrict traffic to MDI by IP address.
  • Update policies to allow the full published IP range for the service tag AzureAdvancedThreatProtection. Learn more: Azure IP Ranges and Service Tags.

Compliance considerations

No compliance considerations identified, review as appropriate for your organization.