Network Security Groups and Update Management

jpcapone 1,301 Reputation points
2021-03-17T20:15:03.487+00:00

We are attempting to implement Azure Automation for Update Management of a subset of servers that have outbound internet access blocked. We want to open port 443 only for required Azure Public traffic listed in the doc below as:
https://learn.microsoft.com/en-us/azure/automation/automation-network-configuration
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
*.blob.core.windows.net
*.azure-automation.net

It is not apparent how one would do this using Outbound Network Security Group rules. Any suggestions?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,140 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,114 questions
0 comments
Accepted answer
  1. jpcapone 1,301 Reputation points
    2021-03-18T02:27:11.113+00:00

    I believe I found my solution buried in the article I attached. Can anyone confirm this process?
    When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. This simplifies the ongoing management of your network security rules. To connect to the Automation service from your Azure VMs securely and privately, review Use Azure Private Link. To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest