Microsoft’s Internet-Wide Scanning

Understand Your Choices and Privacy Rights

Internet wide scanning is a comprehensive process that involves systematically scanning large volumes of internet-connected devices and services to gather data. This data helps us identify publicly facing assets, potential vulnerabilities and conduct security assessments. Our goal is to be non-invasive while gathering information about open ports and the services running on them. We aim to ensure that our scanning activities do not disrupt or interfere with your systems.

Why Does Microsoft Conduct Internet Wide Scanning?

Microsoft conducts internet wide scanning for several crucial reasons:

• Security: Information gathered about open ports and services is combined with information to identify vulnerabilities and potential security threats and provide information to customers to mitigate risks in a timely manner before they can be exploited. Your participation helps Microsoft identify security threats, protecting everyone online from threat actors looking to exploit vulnerabilities. This helps you by reducing the vectors of attack and reducing the capability of threat actors to exploit you or others.
• Research and Development: Microsoft scans the entire internet to identify active devices and associated vulnerabilities. We make these findings available to our customers through various products including Microsoft Defender, Microsoft Defender External Attack Surface Management, Microsoft Defender Threat Intelligence, and Microsoft Defender for Endpoint. The data collected aids Microsoft products to better protect and serve you.

Several products at Microsoft leverage the data collected from internet wide scanning:

1. Microsoft Defender External Attack Surface Management (Defender EASM) continuously discovers and maps your digital attack surface to provide an external view of your online infrastructure. This visibility enables security and IT teams to identify unknowns, prioritize risk, eliminate threats, and extend vulnerability and exposure control beyond the firewall.
2. Microsoft Defender Threat Intelligence is a dynamic threat intelligence solution that helps protect your organization from modern cyberthreats and exposure. MDTI allows you to understand your adversaries and their online infrastructures to identify your potential cyberthreat exposures using a complete map of the internet. You can discover the full scope of a cyberattack. Understand an online adversary’s entire toolkit, prevent access by all their machines and known entities, and continuously block IP addresses or domains.
3. Microsoft Defender for Endpoint This product uses scanning data to identify internet-facing devices, which helps in enhancing security measures and providing better protection to customers.

Choosing to Opt-Out

If you prefer to exclude your IP or IP range from our scanning activities, please email internetscan-optout@microsoft.com with the following information to help us verify your ownership of these CIDRs:

Email Subject should include: [Internet scans opt-out]

Email Body should include:

CIDR Block: 10.0.0.1/24
Additional Information: We are opting out...

Frequently Asked Questions (FAQ)

1. What happens if I opt-out?

   By opting out, your IP or IP range will be excluded from our scanning activities, and no information about open ports or services on those IPs will be gathered by Microsoft.

2. Is opting out permanent?

   Yes, once you opt-out, your IP or IP range will remain excluded. However, you can choose to opt back in at any time by reaching out to internetscan-optout@microsoft.com and requesting for the IP or IP range to be opt-in.

3. How does Microsoft use the collected data?

   The data is used to helps us understand the internet's infrastructure and identify trends and patterns. This helps us then improve security measures, conduct research, and enable teams to disrupt threat actors around the world.

4. Will my personal information be shared?

   No, your personal information will not be shared.

5. Do Microsoft Scans try to log on to my systems?

   No, Microsoft only scans to obtain information: Microsoft never tries to log into any service, read any database, or otherwise gain authenticated access to any system.