Microsoft has released a spreadsheet containing the full list of URLs that Microsoft Defender ATP must reach to function correctly. The list includes 84 URLs that must not be blocked to send data to Microsoft’s cloud-based services. The data is then aggregated in the Microsoft Defender Security Center portal, which provides enterprise admins an overview of malicious activity detected on their network. If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
Source: https://www.bleepingcomputer.com/news/security/microsoft-shares-list-of-urls-required-by-microsoft-defender-atp/