Forum Discussion
Blocking TCP 3389 - issues?
There is a strong push here to block RDP over part of our network. MSDI uses 3389 for name resolution. What order does MSDI use the three available methods for name resolution - TCP 135 (NTLM), UDP 137 (NetBIOS) and TCP 3389 (RDP)? We are currently seeing a lot of 3389 network traffic from the MSDI sensors to clients.
TIA.
Blocking 3389 reduce the visibility to rdp based attacks, however you can exclude https://learn.microsoft.com/en-us/defender-for-identity/exclusions
- EliOfek
Microsoft
All three are invoked in parallel.
IF you know port 3389 will be blocked for sure, or if it causes issues in your scenario, you can open a support ticket and ask to disable it for your workspace.
