question

PrajeeshPrathap-3605 avatar image
0 Votes"
PrajeeshPrathap-3605 asked PrajeeshPrathap-3605 commented

Windows update on VM's stopped working after blocking outgoing connections to internet

We have blocked outgoing traffic from our VMs using NSGs. This also prevents us from updating our VMs with cumulative updates and important patches. Is there any way I can allow windows updates still by whitelisting or adding a service tag to the NSG?
I've tried the list of IP address mentioned in Microsoft Azure Datacenter IP list (West Europe). That still blocks the updates. Any help would be really appreciated. I think this is a basic requirement for every datacenter to block outgoing traffic to internet from the VMs

azure-virtual-machinesazure-virtual-machines-networking
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

msrini-MSFT avatar image
1 Vote"
msrini-MSFT answered PrajeeshPrathap-3605 commented

@PrajeeshPrathap-3605 ,

We do have a Service Tag for Licensing activation where you VM will contact the KMS server. But as of today service tags for Windows Update is not there. Please provide your feedback below.

Link: https://feedback.azure.com/forums/217313-networking/suggestions/32260814-add-a-network-security-group-tag-for-windows-updat#{toggle_previous_statuses}

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PrajeeshPrathap-3605 avatar image PrajeeshPrathap-3605 ·

Thanks for the update. Could you also let me know how can i update my VM now without opening every port for internet access. Without updates its not possible to make our IAAS solution work. This is a very important factor for us to decide to move our datacenter to Azure. We cannot have our VMs communicate to internet due to security risks.

1 Vote 1 ·