question

GuidoJeuken-6512 avatar image
GuidoJeuken-6512 asked ·

NSG DenyInternetOutBound on VM with azure-ad MFA login

Hello, everyone,

we have three SQl servers in Azure and a VM to be used for SQL management.
The SQL servers are set up with Azure AD authentication, the SQL admins are forced to use MFA.
![7334-2020-04-15-2.png][1]
In the VM the SQL Server Management Studio is installed and the access works well.
Now I want to protect the VM with a NSG that prevents access to the internet.
I have created an NSG which is bound to the subnet
If I now make a DenyInternetOutBound rule, I can no longer access the SQL servers.The login does not work anymore, the login page does not appear.
AzureADAllow, AzureCloudAllow and SqlWestEuropeAllow roules are configured
![7335-2020-04-15.png][2]

Does anyone know how I can use denyinternet rule with ad login with MFA?

thanks
Guido
[1]: /answers/storage/attachments/7334-2020-04-15-2.png
[2]: /answers/storage/attachments/7335-2020-04-15.png

azure-active-directoryazure-virtual-machines
2020-04-15-2.png (58.4 KiB)
2020-04-15.png (342.4 KiB)
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers