Skip to content

Enterprise Mobility + Security


Background

Windows Defender, System Center Endpoint Protection and our other realtime protection products can offer better user protection by enabling the Microsoft Active Protection Service (MAPS) service. In order to successfully connect, enterprise or advanced users with managed networks may need to allow specific domain names so that connectivity to MAPS functions properly.

Who does this affect?

Typically, these changes affect our enterprise customers and advanced users.

Why are you blogging?

We are slowly rolling out a service endpoint name change for the MAPS service over the next two months, with a complete switch planned by July 30 2016.

The change is automatically configured by the product via normal definition updates, there is no need for the user or administrator to take any direct action in the product.

The new endpoint URI domains begin with “https://wdcp.microsoft.com” and “https://wdcpalt.microsoft.com“, so any filtering by domain name that omits these from an allow list will break connectivity to MAPS.

Breaking connectivity to MAPS can result in loss of protection delivered by our real-time signature delivery service that uses this channel.

Recommendation

Allow https://wdcp.microsoft.com/* and https://wdcpalt.microsoft.com/* if there are any firewall or network filtering rules in place that would otherwise deny connectivity to MAPS.

–Microsoft Malware Protection Center


Additional resources: