Windows System Proxy
Configure device proxy and Internet connection settings
Configure device proxy and Internet connection settings | Microsoft Docs
Skip to main content
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Feedback
Edit
10/6/2021
9 minutes to read
In this article
Applies to:
Microsoft Defender for Endpoint
Microsoft 365 Defender
Want to experience Defender for Endpoint? Sign up for a free trial.
The Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
The embedded Defender for Endpoint sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Defender for Endpoint cloud service.
The WinHTTP configuration setting is independent of the Windows Internet (WinINet) browsing proxy settings and can only discover a proxy server by using the following discovery methods:
Auto-discovery methods:
Transparent proxy
Web Proxy Auto-discovery Protocol (WPAD)
Note
If you’re using Transparent proxy or WPAD in your network topology, you don’t need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see Enable access to Defender for Endpoint service URLs in the proxy server.
Manual static proxy configuration:
Registry-based configuration
WinHTTP configured using netsh command: Suitable only for desktops in a stable topology (for example: a desktop in a corporate network behind the same proxy)
Configure the proxy server manually using a registry-based static proxy
Configure a registry-based static proxy for Defender for Endpoint detection and response (EDR) sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not permitted to connect to the Internet.
The static proxy is also configurable through Group Policy (GP). The group policy can be found under:
Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure Authenticated Proxy usage for the Connected User Experience and Telemetry Service.
Set it to Enabled and select Disable Authenticated Proxy usage.
Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry:
Configure the proxy
Group Policy
Registry key
Registry entry
Value
Configure authenticated proxy usage for the connected user experience and the telemetry service
HKLM\Software\Policies\Microsoft\Windows\DataCollection
DisableEnterpriseAuthProxy
1 (REG_DWORD)
Configure connected user experiences and telemetry
TelemetryProxyServer
servername or ip:port For example: (REG_SZ)
Configure a static proxy for Microsoft Defender Antivirus
Microsoft Defender Antivirus cloud-delivered protection provides near-instant, automated protection against new and emerging threats. Note that connectivity is required for custom indicators when Defender Antivirus is your active antimalware solution; and for EDR in block mode even when using a non-Microsoft solution as the primary antimalware solution.
Configure the static proxy using the Group Policy found here:
Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy server for connecting to the network.
Set it to Enabled and define the proxy server. Note that the URL must have either or. For supported versions for, see Manage Microsoft Defender Antivirus updates.
Under the registry key HKLM\Software\Policies\Microsoft\Windows Defender, the policy sets the registry value ProxyServer as REG_SZ.
The registry value ProxyServer takes the following string format:
For resiliency purposes and the real-time nature of cloud-delivered protection, Microsoft Defender Antivirus will cache the last known working proxy. Ensure your proxy solution does not perform SSL inspection as this will break the secure cloud connection.
Microsoft Defender Antivirus will not use the static proxy to connect to Windows Update or Microsoft Update for downloading updates. Instead, it will use a system-wide proxy if configured to use Windows Update, or the configured internal update source according to the configured fallback order.
If required, you can use Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define proxy auto-config () for connecting to the network if you need to set up advanced configurations with multiple proxies, Use Administrative Templates > Windows Components > Microsoft Defender Antivirus > Define addresses to bypass proxy server to prevent Microsoft Defender Antivirus from using a proxy server for those destinations.
You can also use PowerShell with the Set-MpPreference cmdlet to configure these options:
ProxyBypass
ProxyPacUrl
ProxyServer
Configure the proxy server manually using netsh command
Use netsh to configure a system-wide static proxy.
This will affect all applications including Windows services which use WinHTTP with default proxy.
Laptops that are changing topology (for example: from office to home) will malfunction with netsh. Use the registry-based static proxy configuration.
Open an elevated command line:
Go to Start and type cmd.
Right-click Command prompt and select Run as administrator.
Enter the following command and press Enter:
netsh win set proxy
To reset the win proxy, enter the following command and press Enter:
netsh win reset proxy
See Netsh Command Syntax, Contexts, and Formatting to learn more.
Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
The following downloadable spreadsheet lists the services and their associated URLs that your network must be able to connect to. Ensure that there are no firewall or network filtering rules that would deny access to these URLs, or you may need to create an allow rule specifically for them.
Spreadsheet of domains list
Description
Spreadsheet of specific DNS records for service locations, geographic locations, and OS. Download the spreadsheet here.
If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.
In your firewall, open all the URLs where the geography column is WW. For rows where the geography column is not WW, open the URLs to your specific data location. To verify your data location setting, see Verify data storage location and update data retention settings for Microsoft Defender for Endpoint.
is only needed if you have Windows devices running version 1803 or earlier.
URLs that include v20 in them are only needed if you have Windows devices running version 1803 or later. For example, is needed for a Windows device running version 1803 or later and onboarded to US Data Storage region.
If you are using Microsoft Defender Antivirus in your environment, see Configure network connections to the Microsoft Defender Antivirus cloud service.
If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
Microsoft Monitoring Agent (MMA) – proxy and firewall requirements for older versions of Windows client or Windows Server
The information below list the proxy and firewall configuration information required to communicate with Log Analytics agent (often referred to as Microsoft Monitoring Agent) for the previous versions of Windows such as Windows 7 SP1, Windows 8. 1, Windows Server 2008 R2, Windows Server 2012 R2, and Windows Server 2016.
Agent Resource
Ports
Direction
Bypass HTTPS inspection
*
Port 443
Outbound
Yes
As a cloud-based solution, the IP range can change. It’s recommended you move to DNS resolving setting.
Confirm Microsoft Monitoring Agent (MMA) Service URL Requirements
See the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows.
Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see Onboard previous versions of Windows on Defender for Endpoint and Onboard Windows servers.
Ensure the machine is successfully reporting into the Microsoft 365 Defender portal.
Run the tool from “C:\Program Files\Microsoft Monitoring Agent\Agent” to validate the connectivity and to see the required URLs for your specific workspace.
Check the Microsoft Defender for Endpoint URLs list for the complete list of requirements for your region (refer to the Service URLs Spreadsheet).
The wildcards (*) used in *, *, and * URL endpoints can be replaced with your specific Workspace ID. The Workspace ID is specific to your environment and workspace and can be found in the Onboarding section of your tenant within the Microsoft 365 Defender portal.
The * URL endpoint can be replaced with the URLs shown in the “Firewall Rule: *” section of the test results.
In the case of onboarding via Azure Defender, multiple workspaces maybe used. You will need to perform the procedure above on an onboarded machine from each workspace (to determine if there are any changes to the * URLs between the workspaces).
Verify client connectivity to Microsoft Defender for Endpoint service URLs
Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
Download the Microsoft Defender for Endpoint Client Analyzer tool to the PC where Defender for Endpoint sensor is running on.
Extract the contents of on the device.
Open an elevated command-line:
HardDrivePath\
Replace HardDrivePath with the path where the MDEClientAnalyzer tool was downloaded to, for example:
C:\Work\tools\MDEClientAnalyzer\
Extract the file created by tool in the folder used in the HardDrivePath.
Open and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.
The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example:
Testing URL: 1 – Default proxy: Succeeded (200)
2 – Proxy auto discovery (WPAD): Succeeded (200)
3 – Proxy disabled: Succeeded (200)
4 – Named proxy: Doesn’t exist
5 – Command line proxy: Doesn’t exist
If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method.
However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in Enable access to Defender for Endpoint service URLs in the proxy server. The URLs you’ll use will depend on the region selected during the onboarding procedure.
The Connectivity Analyzer tool cloud connectivity checks are not compatible with Attack Surface Reduction rule Block process creations originating from PSExec and WMI commands. You will need to temporarily disable this rule to run the connectivity tool. Alternatively, you can temporarily add ASR exclusions when running the analyzer.
When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can’t access the defined proxy.
Configure and validate Microsoft Defender Antivirus network connections
Use Group Policy settings to configure and manage Microsoft Defender Antivirus
Onboard Windows devices
Troubleshoot Microsoft Defender for Endpoint onboarding issues
Submit and view feedback for
What Is A Proxy Server? | PCMag
A proxy server is a computer system or router that functions as a relay between client and server. It helps prevent an attacker from invading a private network and is one of several tools used to build a firewall.
The word proxy means “to act on behalf of another, ” and a proxy server acts on behalf of the user. All requests to the Internet go to the proxy server first, which evaluates the request and forwards it to the Internet. Likewise, responses come back to the proxy server and then to the user.
Proxy Servers Provide Anonymity
Like a virtual private network (VPN), a proxy server hides the user’s IP address when accessing the Internet. See VPN and TLS.
Address Translation and Caching
The proxy server is a dual-homed host with two network IP addresses. The address on the outbound side is the one the Internet sees. Proxies are often used in conjunction with network address translation (NAT), which hides the users’ IP addresses on the internal network. Proxy servers may also cache Web pages so that the next request for that page can be retrieved much faster. See NAT and proxy cache.
Other Proxies
Anonymous proxy servers let users surf the Web and keep their IP address private (see anonymous proxy). Although not specifically called proxies, Internet email (SMTP) and the Usenet new system (NNTP) are somewhat similar because messages are relayed from sender to recipient. See firewall.
Application Level and Circuit Level
“Application-level” proxies or “application-level gateways” are dedicated to specific content such as HTTP (Web) and FTP (file transfer). In contrast, a “circuit-level” proxy supports every application (see SOCKS).
Forward and Reverse Proxies
In this definition, the proxy servers are “forward proxies” that hide the details of the clients from the servers. However, proxies can also reside at the website to hide details from the clients (see reverse proxy).
A Proxy Server in a LAN
In this example, the proxy server functions as a firewall in the public side of a company network, which is called the “demilitarized zone” (see DMZ).
Find Proxy Settings on Your Computer (for Local Testing …
We use cookies to enhance user experience, analyze site usage, and assist in our marketing efforts. By continuing to browse
or closing this banner, you acknowledge that you have read and agree to our Cookie Policy,
Privacy Policy and Terms of Service.
You can find the proxy settings applicable to your machine and use them to set up Local Testing connections.
Introduction
A proxy server sits between your machine and your ISP. In most organizations, proxies are configured
by network admins to filter and/or monitor inbound and outbound web traffic from employee computers.
In this article, we’ll show you how to view proxy settings (if your computer is behind a proxy server).
You can then use the information to set up Local Testing connections with BrowserStack..
Find Proxy Settings in Windows
In most cases, browsers will use proxy settings that are set on the computer. However, each browser has a
settings page to configure proxy settings as well.
There are two ways to find proxy settings in Windows: via the Settings app (Windows 10 only) or via the
Control Panel.
Using the Settings App (Windows 10) to find proxy settings
Click on Start, then click on the gear icon (Settings) at the far left.
In the Windows Settings menu, click on Network & Internet.
In the left pane, click on Proxy.
Here you have all the settings that are related to setting up a proxy in Windows. It’s split into
two configurations: Automatic or Manual proxy setup.
Using the configuration details to set up Local Testing connection:
If “Use setup script“ is enabled, it means that you have configured PAC proxy on your system. You
can obtain the path to PAC file from the “Script Address“ section.
Note: To set up a Local Testing connection using the PAC file, you need to ensure that the PAC file is stored on your computer and path needs to an absolute path to that file.
If “Manual proxy setup” is enabled, you can simply obtain Proxy Host and Port from the “Address“
and “Port“ section.
For Local Testing to work correctly, you need to bypass the traffic for – – from your
proxy. You can do this by adding an entry in the Proxy Exception> text field in the
“Manual proxy setup” section.
Using Control Panel (all Windows versions) to find proxy settings
In any Windows version, you can find the proxy settings via the Control Panel on your computer.
Click on Start and open the Control Panel. Then click on
Internet Options.
In the Internet Options, go to Connections > LAN settings.
Here you have all the settings that are related to setting up a proxy in Windows. It’s basically
split into two configurations: either Automatic configuration or
Proxy Server setup.
If “Use automatic configuration script“ iis checked, it means that you have configured PAC proxy
in your system. You can obtain the path to PAC file from the “Script Address“ section.
If “Use a proxy server for your LAN” is checked, you can obtain Proxy Host and Port from the
“Address“ and “Port“ section.
proxy. You can do this by clicking the “Advanced“ button and adding an entry in the
“Do not use proxy server for addresses beginning with:“ text field.
Find Proxy Settings in OS X
On OS X, you have to view the proxy settings in System Preferences. This is where most browsers check automatically. However, each browser has a settings page to configure proxy settings as well.
Open System Preferences and click on Network.
On the left-hand side, click on an active network connection. Note that you can have different proxy settings for different network connections. Click on the Advanced button on the bottom right.
Click on the Proxies tab and you’ll see a list of proxy protocols you can configure.
If “Automatic Proxy Configuration“ is checked, it means that you have configured PAC proxy in your system. You can obtain the path to PAC file from the “Script Address“ section.
If “Web Proxy (HTTP)” or “Secure Web Proxy (HTTPS)“ is checked, you can simply obtain Proxy Host, Port, Username, and Password.
For Local Testing to work correctly, you need to bypass the traffic for – – from your proxy. You can do this by adding an entry in the ”Bypass proxy settings for these Hosts & Domains” text field.
Connection duration and disconnection
In Linux, finding your proxy settings will depend on what distribution you are running. Mostly, the procedure would be similar for the various distributions.
On Ubuntu, open on System Settings from the launcher and scroll down to Hardware. Click on Network.
Click on Network Proxy, you can choose from Automatic or Manual.
If the “Automatic“ option is selected, it means that you have configured PAC proxy in your system. You can obtain the path to PAC file from the “Configuration URL“ section.
If the “Manual“ option is selected, you can simply obtain Proxy Host and Port from the appropriate section.
For Local Testing to work correctly, you need to bypass the traffic for – – from your proxy. You can do this by using the command-line interface as follows:
To change proxy exceptions, use ‘set’ option with ‘gsettings’ command as follows.
$ gsettings set ignore-hosts “[‘localhost’, ”, ‘::1’]”
If access to the above sections is restricted on your computer, you can seek help from your IT/Network Team to gather this information.
Frequently Asked Questions about windows system proxy
What is system proxy?
A proxy server is a computer system or router that functions as a relay between client and server. It helps prevent an attacker from invading a private network and is one of several tools used to build a firewall. The word proxy means “to act on behalf of another,” and a proxy server acts on behalf of the user.
How do I enable system proxy?
Using the Settings App (Windows 10) to find proxy settings Click on Start, then click on the gear icon (Settings) at the far left. In the Windows Settings menu, click on Network & Internet. In the left pane, click on Proxy. Here you have all the settings that are related to setting up a proxy in Windows.
Where are Windows proxy settings?
Temporarily Disable Proxy Service or Web AcceleratorsGo to Start > Control Panel > Internet Options > Connections tab.Select the appropriate Internet Service as follows:Clear/Un-check all boxes under Automatic Configuration.Clear/Un-check the box under Proxy Server.Click OK.
