question

johnwilliams-4177 avatar image
0 Votes"
johnwilliams-4177 asked bharathn-msft commented

Network Security Groups and Update Management

We are attempting to implement Azure Automation for Update Management of a subset of servers that have outbound internet access blocked. We want to open port 443 only for required Azure Public traffic listed in the doc below as:
https://docs.microsoft.com/en-us/azure/automation/automation-network-configuration
.ods.opinsights.azure.com
.oms.opinsights.azure.com
.blob.core.windows.net
.azure-automation.net

It is not apparent how one would do this using Outbound Network Security Group rules. Any suggestions?

azure-virtual-networkazure-automation
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

johnwilliams-4177 avatar image
0 Votes"
johnwilliams-4177 answered bharathn-msft commented

I believe I found my solution buried in the article I attached. Can anyone confirm this process?
When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. This simplifies the ongoing management of your network security rules. To connect to the Automation service from your Azure VMs securely and privately, review Use Azure Private Link. To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

bharathn-msft avatar image bharathn-msft ·

@johnwilliams-4177 Thank you for resurfacing the information from the document for broader community usage.

service tags GuestAndHybridManagement and AzureMonitor , should help in the scenario. Please feel free to circle back if you are seeing any issue or have any further queries around this. Thank you

79390-image.png


0 Votes 0 ·
image.png (41.4 KiB)