This article provides detailed information in regards to inbound/outbound port requirements for a Defender installation. This may be required for an advanced firewall setup and to achieve the most secure port blocking possible without affecting the Defender application.
Client web browser to Management Portal
The default port the Management Portal listens on is TCP/8080 (HTTP), this can be altered during installation or via the IIS port bindings after install.
Management Portal to Active Directory
Local ephemeral port on the Management Portal to TCP/389 (LDAP) or TCP/636 (SSL LDAP) on the Domain Controller, and TCP/3268 to Global Catalog.
Management Portal to Defender Security Server
Local ephemeral port on the Management Portal -> File sharing ports TCP 139/445 & UDP 137/138 on the DSS (to retrieve the logs). Further information can be found from Microsoft regarding file sharing ports, e.g.:
Defender Security Server to Management Portal
Local ephemeral port on the DSS, to TCP/13131 on the Management Portal, for the Defender Log Receiver service.
Defender Security Server to Active Directory
Local ephemeral port on the Management Portal to TCP/389 (LDAP) and/or TCP/636 (SSL LDAP) to the Domain Controller and TCP/3268 to Global Catalog.
RADIUS Client to Defender Security Server
The DSS accepts incoming requests on UDP 1812. This port is configured in the Access Node assigned to the DSS.