I believe I found my solution buried in the article I attached. Can anyone confirm this process?
When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. This simplifies the ongoing management of your network security rules. To connect to the Automation service from your Azure VMs securely and privately, review Use Azure Private Link. To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.
Network Security Groups and Update Management
jpcapone
1,301
Reputation points
We are attempting to implement Azure Automation for Update Management of a subset of servers that have outbound internet access blocked. We want to open port 443 only for required Azure Public traffic listed in the doc below as:
https://learn.microsoft.com/en-us/azure/automation/automation-network-configuration
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
*.blob.core.windows.net
*.azure-automation.net
It is not apparent how one would do this using Outbound Network Security Group rules. Any suggestions?
Accepted answer
-
jpcapone 1,301 Reputation points
2021-03-18T02:27:11.113+00:00