This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(172.8, 44%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
We have blocked outgoing traffic from our VMs using NSGs. This also prevents us from updating our VMs with cumulative updates and important patches. Is there any way I can allow windows updates still by whitelisting or adding a service tag to the NSG?
I've tried the list of IP address mentioned in Microsoft Azure Datacenter IP list (West Europe). That still blocks the updates. Any help would be really appreciated. I think this is a basic requirement for every datacenter to block outgoing traffic to internet from the VMs
We do have a Service Tag for Licensing activation where you VM will contact the KMS server. But as of today service tags for Windows Update is not there. Please provide your feedback below.
Thanks for the update. Could you also let me know how can i update my VM now without opening every port for internet access. Without updates its not possible to make our IAAS solution work. This is a very important factor for us to decide to move our datacenter to Azure. We cannot have our VMs communicate to internet due to security risks.