ネットワーク要件Network requirements

適用対象: Microsoft Cloud App SecurityApplies to: Microsoft Cloud App Security

この記事では、許可する必要があるポートと IP アドレスの一覧を示し、リストを Microsoft Cloud App Security で使用できるようにします。This article provides a list of ports and IP addresses you need to allow and allow list to work with Microsoft Cloud App Security.

データ センターを表示するView your data center

以下の要件の一部は、接続しているデータ センターによって異なります。Some of the requirements below depend on which data center you're connected to.

接続しているデータ センターを表示するには、次の手順を行います。To see which data center you're connecting to, do the following steps:

  1. Cloud App Security ポータルで、メニュー バーの疑問符のアイコンをクリックします。In the Cloud App Security portal, click the question mark icon in the menu bar. 次に、 [バージョン情報] を選択します。Then, select About.

    [バージョン情報] をクリックします。

  2. Cloud App Security のバージョン画面で、リージョンとデータ センターを確認できます。In the Cloud App Security version screen, you can see the region and the data center.

    データ センターを表示する

ポータル アクセスPortal access

Cloud App Security ポータルにアクセスするには、次の IP アドレスと DNS 名の送信ポート 443をファイアウォールの許可一覧に追加します。For access to the Cloud App Security portal, add outbound port 443 for the following IP addresses and DNS names to your firewall's allow list:

portal.cloudappsecurity.com
*.portal.cloudappsecurity.com
cdn.cloudappsecurity.com
https://adaproddiscovery.azureedge.net
*.s-microsoft.com
*.msecnd.net
dev.virtualearth.net
*.cloudappsecurity.com
flow.microsoft.com
static2.sharepointonline.com
dc.services.visualstudio.com
*.blob.core.windows.net

米国政府の GCC High のお客様については、次の DNS 名をファイアウォールの許可一覧に追加して、Cloud App Security GCC High ポータルにアクセスできるようにする必要もあります。For US Government GCC High customers, it's also necessary to add the following DNS names to your firewall's allow list to provide access for the Cloud App Security GCC High portal:

portal.cloudappsecurity.us
*.portal.cloudappsecurity.us
cdn.cloudappsecurity.com

さらに、使用するデータ センターに応じて、次の項目をホワイトリストに追加する必要があります。Additionally, the following items should be whitelisted, depending on which data center you use:

データ センターData center IP アドレスIP addresses DNS 名DNS name
US1US1 13.64.26.8813.64.26.88
13.64.29.3213.64.29.32
13.80.125.2213.80.125.22
13.91.91.24313.91.91.243
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
*.us.portal.cloudappsecurity.com*.us.portal.cloudappsecurity.com
US2US2 13.80.125.2213.80.125.22
20.36.222.5920.36.222.59
20.36.222.6020.36.222.60
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
52.184.165.8252.184.165.82
*.us2.portal.cloudappsecurity.com*.us2.portal.cloudappsecurity.com
US3US3 13.80.125.2213.80.125.22
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
40.90.218.19640.90.218.196
40.90.218.19840.90.218.198
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
*.us3.portal.cloudappsecurity.com*.us3.portal.cloudappsecurity.com
EU1EU1 13.80.125.2213.80.125.22
40.119.154.7240.119.154.72
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.157.238.5852.157.238.58
52.174.56.18052.174.56.180
52.183.75.6252.183.75.62
*.eu.portal.cloudappsecurity.com<*.eu.portal.cloudappsecurity.com<
EU2EU2 13.80.125.2213.80.125.22
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
40.81.156.15440.81.156.154
40.81.156.15640.81.156.156
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
*.eu2.portal.cloudappsecurity.com*.eu2.portal.cloudappsecurity.com
政府 US1Gov US1 13.72.19.413.72.19.4
52.227.143.22352.227.143.223
*. us1.portal.cloudappsecurity.us*.us1.portal.cloudappsecurity.us

注意

ワイルドカード (*) の代わりに、特定のテナント URL のみを開くことができます。たとえば、上記のスクリーンショットでは、mod244533.us.portal.cloudappsecurity.com を開くことができます。Instead of a wildcard (*) you can open only your specific tenant URL, for example, based on the screenshot above you can open: mod244533.us.portal.cloudappsecurity.com

アクセスとセッションの制御Access and session controls

リバースプロキシ Cloud App Security 有効にするには、次の IP アドレスと DNS 名の送信ポート 443をファイアウォールの許可一覧に追加します。To enable Cloud App Security reverse proxy, add outbound port 443 for the following IP addresses and DNS names to your firewall's allow list:

*.cas.ms

さらに、使用するデータ センターに応じて、次の項目をホワイトリストに追加する必要があります。Additionally, the following items should be whitelisted, depending on which data center you use:

データ センターData center IP アドレスIP addresses DNS 名DNS name
US1US1 40.81.63.140.81.63.1
40.81.63.440.81.63.4
52.142.112.14552.142.112.145
52.142.116.13552.142.116.135
51.105.163.851.105.163.8
51.105.163.4351.105.163.43
40.66.60.11840.66.60.118
40.66.60.20040.66.60.200
40.65.169.9740.65.169.97
40.65.169.23640.65.169.236
40.81.121.11140.81.121.111
40.81.120.18740.81.120.187
40.91.114.4640.91.114.46
40.91.114.4740.91.114.47
40.81.63.540.81.63.5
40.81.63.240.81.63.2
20.40.163.13320.40.163.133
20.40.163.9720.40.163.97
52.142.116.17452.142.116.174
52.142.117.18352.142.117.183
52.142.121.7552.142.121.75
52.142.121.652.142.121.6
51.105.166.10251.105.166.102
51.105.165.11651.105.165.116
51.105.165.3751.105.165.37
51.105.165.3151.105.165.31
40.66.60.20740.66.60.207
40.66.60.20840.66.60.208
40.66.62.7840.66.62.78
20.40.134.9420.40.134.94
40.65.169.4640.65.169.46
40.65.169.19640.65.169.196
52.148.116.3752.148.116.37
52.148.115.23852.148.115.238
40.81.127.14040.81.127.140
40.81.121.10740.81.121.107
51.137.136.1451.137.136.14
51.137.136.1351.137.136.13
40.91.114.4940.91.114.49
40.91.114.4440.91.114.44
51.143.111.5851.143.111.58
40.91.127.4440.91.127.44
40.81.63.840.81.63.8
40.81.62.25540.81.62.255
52.142.112.14652.142.112.146
52.142.116.25052.142.116.250
51.105.166.10351.105.166.103
51.105.164.851.105.164.8
40.66.60.18040.66.60.180
40.66.60.20640.66.60.206
40.119.215.16740.119.215.167
40.65.170.1740.65.170.17
40.81.121.12740.81.121.127
40.81.121.10840.81.121.108
40.91.114.4840.91.114.48
40.91.114.4540.91.114.45
20.40.161.11920.40.161.119
20.40.161.13520.40.161.135
52.156.197.25452.156.197.254
52.156.198.19652.156.198.196
51.105.166.10651.105.166.106
51.105.165.6351.105.165.63
40.66.60.18540.66.60.185
40.66.59.4140.66.59.41
20.184.63.21620.184.63.216
20.184.63.23220.184.63.232
40.81.122.7640.81.122.76
40.81.123.12440.81.123.124
40.90.220.3740.90.220.37
40.91.126.15740.91.126.157
*。 us1.cas.ms*.us1.cas.ms
*。 us1.access-control.cas.ms*.us1.access-control.cas.ms
*。 us1.saml.cas.ms*.us1.saml.cas.ms
US2US2 40.81.63.740.81.63.7
40.81.59.9040.81.59.90
40.67.251.040.67.251.0
52.156.206.4752.156.206.47
40.66.60.20940.66.60.209
40.66.60.21640.66.60.216
40.65.170.13740.65.170.137
40.65.170.2640.65.170.26
40.81.127.13940.81.127.139
40.81.127.2540.81.127.25
104.45.170.184104.45.170.184
104.45.170.185104.45.170.185
40.81.58.18440.81.58.184
40.81.58.18040.81.58.180
20.40.163.9620.40.163.96
20.40.163.8820.40.163.88
52.156.205.22252.156.205.222
52.156.204.9952.156.204.99
52.155.166.5052.155.166.50
52.142.127.12752.142.127.127
40.66.60.21940.66.60.219
40.66.60.21540.66.60.215
40.66.63.14840.66.63.148
20.40.132.19520.40.132.195
40.65.170.12540.65.170.125
40.65.170.12340.65.170.123
52.139.245.4052.139.245.40
52.139.245.4852.139.245.48
40.81.121.14040.81.121.140
40.81.121.13540.81.121.135
51.137.137.12151.137.137.121
51.137.137.11851.137.137.118
104.45.170.196104.45.170.196
104.45.170.182104.45.170.182
52.151.238.552.151.238.5
52.151.237.24352.151.237.243
40.81.58.19340.81.58.193
40.81.59.9340.81.59.93
52.156.197.20852.156.197.208
52.156.206.4652.156.206.46
40.66.60.21040.66.60.210
40.66.60.21740.66.60.217
40.65.170.12840.65.170.128
40.65.170.13340.65.170.133
40.81.127.23040.81.127.230
40.81.127.14140.81.127.141
104.45.170.188104.45.170.188
104.45.170.194104.45.170.194
20.40.161.14120.40.161.141
20.40.161.14020.40.161.140
52.156.205.22652.156.205.226
52.156.206.4552.156.206.45
40.66.62.13040.66.62.130
40.66.56.15840.66.56.158
40.119.207.13140.119.207.131
40.119.207.14440.119.207.144
40.81.124.18540.81.124.185
40.81.122.6240.81.122.62
52.191.238.6552.191.238.65
52.191.237.18852.191.237.188
*。 us2.cas.ms*.us2.cas.ms
*。 us2.access-control.cas.ms*.us2.access-control.cas.ms
*。 us2.saml.cas.ms*.us2.saml.cas.ms
US3US3 40.81.62.22440.81.62.224
40.81.62.22040.81.62.220
40.82.186.16840.82.186.168
40.82.186.16940.82.186.169
52.155.180.21052.155.180.210
52.155.179.8452.155.179.84
40.66.59.19640.66.59.196
40.66.60.22440.66.60.224
40.65.170.8040.65.170.80
40.65.170.8340.65.170.83
40.81.127.22940.81.127.229
40.81.121.6640.81.121.66
104.45.170.191104.45.170.191
104.45.170.183104.45.170.183
40.91.114.4040.91.114.40
40.91.114.4240.91.114.42
40.81.62.17940.81.62.179
40.81.62.22340.81.62.223
20.40.162.8620.40.162.86
20.40.162.20020.40.162.200
40.82.186.18240.82.186.182
40.82.186.17740.82.186.177
52.139.21.7052.139.21.70
52.139.16.10552.139.16.105
52.155.177.1352.155.177.13
52.155.180.20852.155.180.208
52.155.164.13152.155.164.131
52.155.167.23152.155.167.231
40.66.60.22640.66.60.226
40.66.59.19340.66.59.193
40.66.61.19340.66.61.193
40.66.61.15840.66.61.158
40.65.170.11340.65.170.113
40.65.170.8240.65.170.82
52.139.245.152.139.245.1
52.139.245.2152.139.245.21
40.81.120.19240.81.120.192
40.81.127.23940.81.127.239
51.137.136.3451.137.136.34
51.137.137.6951.137.137.69
104.45.170.70104.45.170.70
104.45.170.180104.45.170.180
52.224.190.22552.224.190.225
52.224.191.6252.224.191.62
40.91.114.4140.91.114.41
40.91.78.10540.91.78.105
52.148.161.4552.148.161.45
52.148.161.5352.148.161.53
40.81.62.19340.81.62.193
40.81.62.16240.81.62.162
40.82.186.16640.82.186.166
40.82.186.17640.82.186.176
52.155.180.20952.155.180.209
52.155.178.24752.155.178.247
40.66.59.24640.66.59.246
40.66.59.19540.66.59.195
40.65.170.8140.65.170.81
40.65.170.11240.65.170.112
40.81.120.19140.81.120.191
40.81.123.15740.81.123.157
104.45.170.186104.45.170.186
104.45.170.178104.45.170.178
40.91.114.4340.91.114.43
40.91.74.3740.91.74.37
20.40.161.16020.40.161.160
20.40.161.16120.40.161.161
52.139.2.052.139.2.0
52.139.1.15652.139.1.156
52.155.180.21152.155.180.211
52.155.182.13852.155.182.138
40.66.62.740.66.62.7
40.66.62.940.66.62.9
20.184.63.15820.184.63.158
20.184.61.25320.184.61.253
20.40.106.5120.40.106.51
20.40.107.8420.40.107.84
52.224.202.8652.224.202.86
52.224.202.9152.224.202.91
51.143.122.5951.143.122.59
51.143.122.6051.143.122.60
*。 us3.cas.ms*.us3.cas.ms
*。 us3.access-control.cas.ms*.us3.access-control.cas.ms
*。 us3.saml.cas.ms*.us3.saml.cas.ms
EU1EU1 40.81.57.13840.81.57.138
40.81.57.15740.81.57.157
52.156.204.13952.156.204.139
52.156.205.18252.156.205.182
52.157.232.14752.157.232.147
52.157.235.14452.157.235.144
40.119.207.20040.119.207.200
40.119.207.17440.119.207.174
40.81.120.1340.81.120.13
40.81.120.2540.81.120.25
104.45.168.114104.45.168.114
104.45.168.103104.45.168.103
40.80.222.19740.80.222.197
40.80.220.21540.80.220.215
40.81.57.16940.81.57.169
40.81.57.14440.81.57.144
20.40.163.17820.40.163.178
20.40.163.17920.40.163.179
52.156.204.2452.156.204.24
52.156.204.5152.156.204.51
52.155.161.8852.155.161.88
52.155.161.9152.155.161.91
52.157.233.20552.157.233.205
52.157.234.16052.157.234.160
51.145.181.21451.145.181.214
51.145.181.19551.145.181.195
40.119.207.19340.119.207.193
40.119.207.16440.119.207.164
52.148.115.18852.148.115.188
52.148.115.19452.148.115.194
40.81.121.7840.81.121.78
40.81.122.20340.81.122.203
51.137.137.23751.137.137.237
51.137.137.20051.137.137.200
104.45.168.106104.45.168.106
104.45.168.104104.45.168.104
52.151.247.2752.151.247.27
52.151.244.6552.151.244.65
40.80.219.4940.80.219.49
40.80.222.9140.80.222.91
52.153.240.10752.153.240.107
20.188.72.24820.188.72.248
40.81.57.16440.81.57.164
40.81.57.14140.81.57.141
52.156.203.2252.156.203.22
52.156.205.13752.156.205.137
52.157.237.21352.157.237.213
52.157.237.10752.157.237.107
40.119.207.18240.119.207.182
40.119.207.16640.119.207.166
40.81.121.7640.81.121.76
40.81.120.2440.81.120.24
104.45.168.111104.45.168.111
104.45.168.108104.45.168.108
40.80.220.24640.80.220.246
40.80.221.7740.80.221.77
20.40.161.13220.40.161.132
20.40.161.13120.40.161.131
52.156.203.19952.156.203.199
40.67.254.23340.67.254.233
52.157.218.23252.157.218.232
52.157.218.21952.157.218.219
52.139.251.21952.139.251.219
52.139.252.10552.139.252.105
40.81.122.6340.81.122.63
20.40.106.5020.40.106.50
52.224.201.21652.224.201.216
52.224.201.22352.224.201.223
52.249.25.16552.249.25.165
52.249.25.16052.249.25.160
*。 eu1.cas.ms*.eu1.cas.ms
*。 eu1.access-control.cas.ms*.eu1.access-control.cas.ms
*。 eu1.saml.cas.ms*.eu1.saml.cas.ms
EU2EU2 40.81.62.22240.81.62.222
40.81.62.21240.81.62.212
52.155.182.4952.155.182.49
52.155.181.18152.155.181.181
52.157.234.22252.157.234.222
52.157.236.19552.157.236.195
40.66.60.22140.66.60.221
40.66.60.10140.66.60.101
40.119.203.9840.119.203.98
40.119.203.20840.119.203.208
104.45.170.174104.45.170.174
104.45.170.127104.45.170.127
40.81.62.22140.81.62.221
40.81.62.20640.81.62.206
20.40.160.18420.40.160.184
20.40.163.13020.40.163.130
52.155.181.18352.155.181.183
52.155.168.4552.155.168.45
52.156.202.752.156.202.7
52.142.124.2352.142.124.23
52.157.233.4952.157.233.49
52.157.235.2752.157.235.27
51.105.164.23451.105.164.234
51.105.164.24151.105.164.241
40.66.60.23240.66.60.232
40.66.60.22240.66.60.222
20.40.134.7920.40.134.79
40.66.57.20340.66.57.203
40.119.203.15840.119.203.158
40.119.203.20940.119.203.209
20.184.61.6720.184.61.67
20.184.60.7720.184.60.77
104.45.170.173104.45.170.173
104.45.170.176104.45.170.176
52.224.188.15752.224.188.157
52.224.188.16852.224.188.168
40.81.62.20940.81.62.209
40.81.62.19940.81.62.199
52.155.181.18052.155.181.180
52.155.182.5052.155.182.50
52.157.237.25552.157.237.255
52.157.239.13252.157.239.132
40.66.60.22540.66.60.225
40.66.60.22040.66.60.220
40.119.203.15940.119.203.159
40.119.203.9940.119.203.99
104.45.170.161104.45.170.161
104.45.170.175104.45.170.175
20.40.161.14220.40.161.142
20.40.161.14320.40.161.143
52.155.181.18252.155.181.182
52.155.182.4852.155.182.48
40.119.145.13040.119.145.130
40.119.147.10240.119.147.102
40.66.62.15440.66.62.154
40.66.62.22540.66.62.225
20.184.58.4620.184.58.46
40.90.191.15340.90.191.153
52.190.31.6252.190.31.62
52.190.26.22052.190.26.220
*。 eu2.cas.ms*.eu2.cas.ms
*。 eu2.access-control.cas.ms*.eu2.access-control.cas.ms
*。 eu2.saml.cas.ms*.eu2.saml.cas.ms

SIEM エージェントの接続SIEM agent connection

Cloud App Security が SIEM に接続できるようにするには、次の IP アドレスの送信ポート 443をファイアウォールの許可一覧に追加します。To enable Cloud App Security to connect to your SIEM, add outbound port 443 for the following IP addresses to your firewall's allow list:

データ センターData center IP アドレスIP addresses
US1US1 13.64.26.8813.64.26.88
13.64.29.3213.64.29.32
13.80.125.2213.80.125.22
13.91.91.24313.91.91.243
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
US2US2 13.80.125.2213.80.125.22
20.36.222.5920.36.222.59
20.36.222.6020.36.222.60
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
52.184.165.8252.184.165.82
US3US3 13.80.125.2213.80.125.22
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
40.90.218.19640.90.218.196
40.90.218.19840.90.218.198
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
EU1EU1 13.80.125.2213.80.125.22
40.119.154.7240.119.154.72
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.157.238.5852.157.238.58
52.174.56.18052.174.56.180
52.183.75.6252.183.75.62
EU2EU2 13.80.125.2213.80.125.22
40.74.1.23540.74.1.235
40.74.6.20440.74.6.204
40.81.156.15440.81.156.154
40.81.156.15640.81.156.156
51.143.58.20751.143.58.207
52.137.89.14752.137.89.147
52.183.75.6252.183.75.62
政府 US1Gov US1 13.72.19.413.72.19.4
52.227.143.22352.227.143.223

注意

Cloud App Security SIEM エージェントを設定するときにプロキシを指定しなかった場合は、ポート80で http://ocsp.msocsp.com/ と ocsp.digicert.com への http 接続を許可する必要があります。If you didn't specify a proxy when you set up the Cloud App Security SIEM agent, you need to allow http connections to http://ocsp.msocsp.com/ and ocsp.digicert.com on port 80. これは、Cloud App Security ポータルに接続するときに証明書失効ステータスを確認するために使用されます。This is used for checking certificate revocation status when you connect to the Cloud App Security portal.

アプリ コネクタApp connector

一部のサードパーティ製のアプリに Cloud App Security からアクセスする場合、これらの IP アドレスが使用される可能性があります。For some third-party apps to be accessed by Cloud App Security, these IP addresses may be used. これらの IP アドレスによって、Cloud App Security によるログ収集や、Cloud App Security コンソールへのアクセスが可能になります。The IP addresses enable Cloud App Security to collect logs and provide access for the Cloud App Security console.

注意

Cloud App Security は上記の IP アドレスからガバナンス アクションとスキャンを実行するため、ベンダーからのアクティビティ ログにこの IP アドレスが表示される場合があります。You may see these IP addresses in activity logs from the vendor because Cloud App Security performs governance actions and scans from these IP addresses.

サードパーティ製のアプリに接続するには、Cloud App Security を有効にして次の IP アドレスから接続します。To connect to third-party apps, enable Cloud App Security to connect from these IP addresses:

データ センターData center IP アドレスIP addresses
US1US1 13.64.196.2713.64.196.27
13.64.198.1913.64.198.19
13.64.198.9713.64.198.97
13.64.199.4113.64.199.41
13.64.26.8813.64.26.88
13.64.29.3213.64.29.32
13.64.30.11713.64.30.117
13.64.30.11813.64.30.118
13.64.30.7613.64.30.76
13.64.31.11613.64.31.116
13.68.76.4713.68.76.47
13.86.176.18913.86.176.189
13.86.176.21113.86.176.211
13.91.61.24913.91.61.249
13.91.91.24313.91.91.243
13.91.98.18513.91.98.185
13.93.216.6813.93.216.68
13.93.233.4213.93.233.42
40.118.211.17240.118.211.172
104.42.54.148104.42.54.148
104.209.35.177104.209.35.177

US2US2 13.68.76.4713.68.76.47
20.36.222.5920.36.222.59
20.36.222.6020.36.222.60
40.67.152.9140.67.152.91
40.67.154.16040.67.154.160
40.67.155.14640.67.155.146
40.67.159.5540.67.159.55
40.84.2.8340.84.2.83
40.84.4.11940.84.4.119
40.84.4.9340.84.4.93
52.184.165.8252.184.165.82
52.232.224.22752.232.224.227
52.232.225.8452.232.225.84
104.46.116.211104.46.116.211
104.46.116.211104.46.116.211
104.46.121.72104.46.121.72
104.46.121.72104.46.121.72
104.46.122.189104.46.122.189
104.42.54.148104.42.54.148
104.46.122.189104.46.122.189
US3US3 13.68.76.4713.68.76.47
40.90.218.19640.90.218.196
40.90.218.19740.90.218.197
40.90.218.19840.90.218.198
40.90.218.20340.90.218.203
40.90.220.19040.90.220.190
40.90.220.19640.90.220.196
51.143.120.23651.143.120.236
51.143.120.24251.143.120.242
104.42.54.148104.42.54.148
EU1EU1 13.80.22.7113.80.22.71
13.95.29.17713.95.29.177
13.95.30.4613.95.30.46
40.114.217.840.114.217.8
40.114.217.840.114.217.8
40.115.24.6540.115.24.65
40.115.24.6540.115.24.65
40.115.25.5040.115.25.50
40.115.25.5040.115.25.50
40.119.154.7240.119.154.72
40.67.219.13340.67.219.133
51.105.55.6251.105.55.62
51.105.179.15751.105.179.157
51.137.200.3251.137.200.32
52.157.232.11052.157.232.110
52.157.233.13352.157.233.133
52.157.233.9252.157.233.92
52.157.238.5852.157.238.58
52.157.239.11052.157.239.110
52.174.56.18052.174.56.180
EU2EU2 40.81.152.17140.81.152.171
40.81.152.17240.81.152.172
40.81.156.15340.81.156.153
40.81.156.15440.81.156.154
40.81.156.15540.81.156.155
40.81.156.15640.81.156.156
51.105.55.6251.105.55.62
51.137.200.3251.137.200.32
51.145.108.22751.145.108.227
51.145.108.25051.145.108.250
政府 US1Gov US1 52.227.138.24852.227.138.248
52.227.142.19252.227.142.192
52.227.143.22352.227.143.223

サード パーティ DLP との統合Third-party DLP integration

Cloud App Security で stunnel 経由でデータを ICAP サーバーに送信できるようにするには、動的ソース ポート番号を使用して、これらの IP アドレスに DMZ ファイアウォールを開きます。To enable Cloud App Security to send data through your stunnel to your ICAP server, open your DMZ firewall to these IP addresses with a dynamic source port number.

  1. ソースのアドレス: 上記で API コネクタのサードパーティ製アプリについて記載したように、これらのアドレスはホワイトリストに追加する必要がありますSource addresses - These addresses should be whitelisted as listed above for API connector third-party apps
  2. ソース TCP ポート: 動的Source TCP port - Dynamic
  3. 宛先アドレス: 外部 ICAP サーバーに接続されている stunnel の 1 つまたは 2 つの IP アドレスDestination address(es) - One or two IP address of the stunnel connected to the external ICAP server
  4. 宛先 TCP ポート: ご利用のネットワークに定義されているものDestination TCP port - As defined in your network

注意

  • 既定では、stunnel ポート番号は 11344 に設定されます。By default the stunnel port number is set to 11344. これは必要に応じて別のポートに変更できますが、新しいポート番号を必ず書き留めてください。You can change it to another port if necessary, but be sure to make note of the new port number.
  • Cloud App Security は上記の IP アドレスからガバナンス アクションとスキャンを実行するため、ベンダーからのアクティビティ ログにこの IP アドレスが表示される場合があります。You may see these IP addresses in activity logs from the vendor because Cloud App Security performs governance actions and scans from these IP addresses.

サードパーティ製のアプリに接続し、外部 DLP ソリューションと統合するには、Cloud App Security を有効にして次の IP アドレスから接続します。To connect to third-party apps and integrate with external DLP solutions, enable Cloud App Security to connect from these IP addresses:

データ センターData center IP アドレスIP addresses
US1US1 13.64.196.2713.64.196.27
13.64.198.1913.64.198.19
13.64.198.9713.64.198.97
13.64.199.4113.64.199.41
13.64.26.8813.64.26.88
13.64.29.3213.64.29.32
13.64.30.11713.64.30.117
13.64.30.11813.64.30.118
13.64.30.7613.64.30.76
13.64.31.11613.64.31.116
13.86.176.18913.86.176.189
13.86.176.21113.86.176.211
13.91.61.24913.91.61.249
13.91.91.24313.91.91.243
13.91.98.18513.91.98.185
13.93.216.6813.93.216.68
13.93.233.4213.93.233.42
40.118.211.17240.118.211.172
104.209.35.177104.209.35.177

US2US2 20.36.222.5920.36.222.59
20.36.222.6020.36.222.60
40.67.152.9140.67.152.91
40.67.154.16040.67.154.160
40.67.155.14640.67.155.146
40.67.159.5540.67.159.55
40.84.2.8340.84.2.83
40.84.4.11940.84.4.119
40.84.4.9340.84.4.93
52.184.165.8252.184.165.82
52.232.224.22752.232.224.227
52.232.225.8452.232.225.84
104.46.116.211104.46.116.211
104.46.116.211104.46.116.211
104.46.121.72104.46.121.72
104.46.121.72104.46.121.72
104.46.122.189104.46.122.189
104.46.122.189104.46.122.189
US3US3 40.90.218.19640.90.218.196
40.90.218.19740.90.218.197
40.90.218.19840.90.218.198
40.90.218.20340.90.218.203
40.90.220.19040.90.220.190
40.90.220.19640.90.220.196
51.143.120.23651.143.120.236
51.143.120.24251.143.120.242
EU1EU1 13.80.22.7113.80.22.71
13.95.29.17713.95.29.177
13.95.30.4613.95.30.46
40.67.219.13340.67.219.133
40.114.217.840.114.217.8
40.114.217.840.114.217.8
40.115.24.6540.115.24.65
40.115.24.6540.115.24.65
40.115.25.5040.115.25.50
40.119.154.7240.119.154.72
51.105.179.15751.105.179.157
52.157.232.11052.157.232.110
52.157.233.13352.157.233.133
52.157.233.9252.157.233.92
52.157.238.5852.157.238.58
52.157.239.11052.157.239.110
52.174.56.18052.174.56.180

EU2EU2 40.81.152.17140.81.152.171
40.81.152.17240.81.152.172
40.81.156.15340.81.156.153
40.81.156.15440.81.156.154
40.81.156.15540.81.156.155
40.81.156.15640.81.156.156
51.145.108.22751.145.108.227
51.145.108.25051.145.108.250

メール サーバーMail server

既定のテンプレートと設定から通知を送信できるようにするには、これらの IP アドレスをスパム対策の許可一覧に追加します。To enable notifications to be sent from the default template and settings, add these IP addresses to your anti-spam allow list. Cloud App Security 専用の電子メールの IP アドレスは次のとおりです。The Cloud App Security dedicated email IP addresses are:

  • 65.55.234.192/2665.55.234.192/26
  • 207.46.200.0/27207.46.200.0/27
  • 65.55.52.224/2765.55.52.224/27
  • 94.245.112.0/2794.245.112.0/27
  • 111.221.26.0/27111.221.26.0/27
  • 207.46.50.192/26207.46.50.192/26

メール送信者の ID をカスタマイズする場合、Microsoft Cloud App Security では、サード パーティ製の電子メール サービス MailChimp® を使用してカスタマイズすることができます。If you want to customize the email sender identity, Microsoft Cloud App Security enables customization by using MailChimp®, a third-party email service. この操作を行うには、Microsoft Cloud App Security ポータルの [設定] に移動します。To make it work, in the Microsoft Cloud App Security portal, go to Settings. [メールの設定] を選択して、MailChimp のサービス使用条件とプライバシー ポリシーを確認します。Select Mail settings and review MailChimp’s Terms of Service and Privacy Statement. 次に、あなたの代理として MailChimp を使用する権限を Microsoft に与えます。Then, give Microsoft permission to use MailChimp on your behalf.

送信者の ID をカスタマイズしない場合、電子メールの通知はすべての既定の設定を使用して送信されます。If you don’t customize the sender identity, your email notifications will be sent using all the default settings.

MailChimp を使用するには、この IP アドレスをスパム対策の許可一覧に追加して、通知の送信を有効にします。 198.2.134.139 (mail1.cloudappsecurity.com)To work with MailChimp, add this IP address to your anti-spam allow list to enable notifications to be sent: 198.2.134.139 (mail1.cloudappsecurity.com)

ログ コレクターLog collector

Cloud Discovery 機能がログ コレクターを使って組織内のシャドウ IT を検出できるようにするには、以下の項目を開きます。To enable Cloud Discovery features using a log collector and detect Shadow IT in your organization, open the following items:

  • ログ コレクターが着信 FTP および Syslog トラフィックを受信できる。Allow the log collector to receive inbound FTP and Syslog traffic.

  • ログ コレクターがポート 443 でポータル (contoso.cloudappsecurity.com など) への発信トラフィックを開始できる。Allow the log collector to initiate outbound traffic to the portal (for example contoso.cloudappsecurity.com) on port 443.

  • ログ コレクターがポート 443 で Azure Blob Storage への送信トラフィックを開始できる。Allow the log collector to initiate outbound traffic to the Azure blob storage on port 443:

    データ センターData center [URL]URL
    US1US1 https://adaprodconsole.blob.core.windows.net/https://adaprodconsole.blob.core.windows.net/
    US2US2 https://prod03use2console1.blob.core.windows.net/https://prod03use2console1.blob.core.windows.net/
    US3US3 https://prod5usw2console1.blob.core.windows.net/https://prod5usw2console1.blob.core.windows.net/
    EU1EU1 https://prod02euwconsole1.blob.core.windows.net/https://prod02euwconsole1.blob.core.windows.net/
    EU2EU2 https://prod4uksconsole1.blob.core.windows.net/https://prod4uksconsole1.blob.core.windows.net/
    政府 US1Gov US1 https://gprd1usgvconsole1.blob.core.usgovcloudapi.net/https://gprd1usgvconsole1.blob.core.usgovcloudapi.net/

注意

  • ファイアウォールが静的 IP アドレスのアクセス リストを必要としていて、URL に基づくホワイト リストをサポートしていない場合は、ログ コレクターで Microsoft Azure データセンターのポート 443 上の IP 範囲への送信トラフィックを開始できるようにします。If your firewall requires a static IP address access list and does not support whitelisting based on URL, allow the log collector to initiate outbound traffic to the Microsoft Azure datacenter IP ranges on port 443.
  • ログ コレクターが Cloud App Security ポータルへの送信トラフィックを開始できるようにします。Allow the log collector to initiate outbound traffic to the Cloud App Security portal.
  • Log collector を設定するときにプロキシを指定しなかった場合は、ポート80で http://ocsp.msocsp.com/ および ocsp.digicert.com への http 接続を許可する必要があります。If you didn't specify a proxy when you set up the log collector, you need to allow http connections to http://ocsp.msocsp.com/ and ocsp.digicert.com on port 80. これは、Cloud App Security ポータルに接続するときに証明書失効ステータスを確認するために使用されます。This is used for checking certificate revocation status when you connect to the Cloud App Security portal.

次のステップNext steps

問題が発生した場合は、こちらを参照してください。If you run into any problems, we're here to help. 製品の問題について支援やサポートやを受けるには、サポート チケットを作成してください。To get assistance or support for your product issue, please open a support ticket.