This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VikingsFan
Collaborator
‎2024-01-31 01:24 PM
Jump to solution

Best practice for Entra/Azure Services?

We currently have a few servers that are being used for Azure/Entra/Intune connector use: Entra Connect, Entra AD Connect, Intune Certificate Connector, etc.  While building them out there were so many URLs the server was trying to access we ended up allowing most traffic out without filtering it.

We noticed there are updatable objects for Azure/Entra and would like to use those but there are a ton.  Do most people go through each category and only select the US options (assuming you're in the US) and even then I'm not familiar with what categories would be needed for basic Entra/Intune connectivity.

For example... I was going to go through each category and pick out each one of these but then it got to be a bit cumbersome:

Public - Central US
Public - East US
Public - North Central US
Public - South Central US
Public - West Central US
Public - West US

Just looking to see what other places are doing to tackle this issue.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
‎2024-01-31 03:27 PM
In response to VikingsFan
Jump to solution

I know, I know, lots of clicking in IT world generally haha. Anywho, you are right, you add them, click any, ctrl+a to select all, right click and then select to group them.

I agree with your point. I also wish there were objects that represent say specific region, rather than 10 or 15 of them, but hey, it is what it is...there are way worse things in life : - )

Best,

Andy

View solution in original post

0 Kudos
6 Replies
the_rock
Legend
Legend
‎2024-01-31 02:47 PM
Jump to solution

Thats exactly what I did for one customer, based on location. Another client simply wanted cloud services allowed in general.

Best,

Andy

0 Kudos
VikingsFan
Collaborator
‎2024-01-31 03:21 PM
In response to the_rock
Jump to solution

Appreciate the response!  I was hoping there was an easier/better way than going through the 93 Azure Public Services and then checking off potentially 6 geo locations inside each one... that's a lot of clicking. 😄  It would be nice if CheckPoint had a higher level category like they have for Germany (Azure Germany Services).

Since this will most likely be many, many objects.. I'm guessing these can all go into a network group and then the group applied to the security rule?

the_rock
Legend
Legend
‎2024-01-31 03:27 PM
In response to VikingsFan
Jump to solution

I know, I know, lots of clicking in IT world generally haha. Anywho, you are right, you add them, click any, ctrl+a to select all, right click and then select to group them.

I agree with your point. I also wish there were objects that represent say specific region, rather than 10 or 15 of them, but hey, it is what it is...there are way worse things in life : - )

Best,

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2024-02-01 06:36 PM
In response to VikingsFan
Jump to solution

Updatable Objects use vendor-provided information to populate.
If the vendor doesn’t provide it at the desired level of granularity (I.e. Microsoft), we can’t.

0 Kudos
VikingsFan
Collaborator
‎2024-02-02 12:42 PM
In response to PhoneBoy
Jump to solution

Think I understand.  What I was referring to is using exactly what is in the tree list but haven't them pre-grouped by the geolocation.  Similar to how China and Germany already have their own top level folder.  As it is now, if I wanted only US services, I'll have to go through 93 subfolders and choose up to 6 or 7 US locations under each one.  Not sure if you meant the tree structure is exactly how Microsoft sends it and it can't be adjusted.

Not a huge deal and was mainly looking for ideas if there was a better way.  Thanks!

2024-02-02_15-37-39.png

0 Kudos
the_rock
Legend
Legend
‎2024-02-02 12:56 PM
In response to VikingsFan
Jump to solution

I dont believe there is better way sadly, but I could be mistaken : - )

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events