Abdullah Ollivierre

Since 443 is being used as failover for the ESET Push Notification Service as mentioned here https://help.eset.com/protect_install/10.0/en-US/upgrade_procedures.html?ports_used.html I changed the port being used by Apache Tomcat https://support.eset.com/en/kb7772-change-the-port-used-by-the-eset-protect-web-console to a different port and targeted that specific port with Azure NSG inbound policies to only allow certain IP addresses. I left 443 open in the NSG Inbound policies to allow other ESET Services communicate via 443. Can you please advise if 443 is indeed needed per the docs or should it be blocked if we are not serving the Tomcat web console ?

We have ESET Protect v10 self-hosted in our Azure environment. We're working on reducing attack surface by implementing stronger security around our tools like RMM, MDM, Management Portals. Moving from AV to EDR and from VPN to SDP/ZTNA 1- Can we have whitelisting on the Web Console ? 2- Can we disable public access to the web console without blocking other critical ESET services 3- Does ESET Protect support SSO with Azure AD ? 4- Can we use a third-party MFA app (Google Auth, Authy, etc..) for the TOTP or we limited to using the ESET Authenticator mobile app ?