Admin Rules - Create Or Update
Creates or updates an admin rule.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkManagers/{networkManagerName}/securityAdminConfigurations/{configurationName}/ruleCollections/{ruleCollectionName}/rules/{ruleName}?api-version=2024-03-01
URI Parameters
Name | In | Required | Type | Description |
---|---|---|---|---|
configuration
|
path | True |
string |
The name of the network manager Security Configuration. |
network
|
path | True |
string |
The name of the network manager. |
resource
|
path | True |
string |
The name of the resource group. |
rule
|
path | True |
string |
The name of the network manager security Configuration rule collection. |
rule
|
path | True |
string |
The name of the rule. |
subscription
|
path | True |
string |
The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call. |
api-version
|
query | True |
string |
Client API version. |
Request Body
The request body can be one of the following:
Name | Description |
---|---|
Admin |
Network admin rule. |
Default |
Network default admin rule. |
AdminRule
Network admin rule.
Name | Required | Type | Description |
---|---|---|---|
kind | True |
string:
Custom |
Whether the rule is custom or default. |
properties.access | True |
Indicates the access allowed for this particular rule |
|
properties.direction | True |
Indicates if the traffic matched against the rule in inbound or outbound. |
|
properties.priority | True |
integer |
The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. |
properties.protocol | True |
Network protocol this rule applies to. |
|
properties.description |
string |
A description for this rule. Restricted to 140 chars. |
|
properties.destinationPortRanges |
string[] |
The destination port ranges. |
|
properties.destinations |
The destination address prefixes. CIDR or destination IP ranges. |
||
properties.sourcePortRanges |
string[] |
The source port ranges. |
|
properties.sources |
The CIDR or source IP ranges. |
DefaultAdminRule
Network default admin rule.
Name | Required | Type | Description |
---|---|---|---|
kind | True |
string:
Default |
Whether the rule is custom or default. |
properties.flag |
string |
Default rule flag. |
Responses
Name | Type | Description |
---|---|---|
200 OK | BaseAdminRule: |
Updated rule |
201 Created | BaseAdminRule: |
Created rule |
Other Status Codes |
Error response describing why the operation failed. |
Security
azure_auth
Azure Active Directory OAuth2 Flow.
Type:
oauth2
Flow:
implicit
Authorization URL:
https://login.microsoftonline.com/common/oauth2/authorize
Scopes
Name | Description |
---|---|
user_impersonation | impersonate your user account |
Examples
Create a default admin rule |
Create an admin rule |
Create a default admin rule
Sample request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule?api-version=2024-03-01
{
"kind": "Default",
"properties": {
"flag": "AllowVnetInbound"
}
}
Sample response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleDefaultAdminRule",
"kind": "Default",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"flag": "AllowVnetInbound",
"description": "This is Sample Default Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleDefaultAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleDefaultAdminRule",
"kind": "Default",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"flag": "AllowVnetInbound",
"description": "This is Sample Default Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
Create an admin rule
Sample request
PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2024-03-01
{
"kind": "Custom",
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound"
}
}
Sample response
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleAdminRule",
"kind": "Custom",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
{
"id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleAdminRule",
"type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
"name": "SampleAdminRule",
"kind": "Custom",
"systemData": {
"createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"createdByType": "User",
"createdAt": "2021-01-11T18:52:27Z",
"lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
"lastModifiedByType": "User",
"lastModifiedAt": "2021-01-11T18:52:27Z"
},
"properties": {
"description": "This is Sample Admin Rule",
"protocol": "Tcp",
"sources": [
{
"addressPrefixType": "ServiceTag",
"addressPrefix": "Internet"
}
],
"destinations": [
{
"addressPrefixType": "IPPrefix",
"addressPrefix": "*"
}
],
"sourcePortRanges": [
"0-65535"
],
"destinationPortRanges": [
"22"
],
"access": "Deny",
"priority": 1,
"direction": "Inbound",
"provisioningState": "Succeeded",
"resourceGuid": "00000000-0000-0000-0000-000000000000"
}
}
Definitions
Name | Description |
---|---|
Address |
Address prefix item. |
Address |
Address prefix type. |
Admin |
Network admin rule. |
Cloud |
An error response from the service. |
Cloud |
An error response from the service. |
created |
The type of identity that created the resource. |
Default |
Network default admin rule. |
Provisioning |
The current provisioning state. |
Security |
Whether network traffic is allowed or denied. |
Security |
The direction of the rule. The direction specifies if the rule will be evaluated on incoming or outgoing traffic. |
Security |
Network protocol this rule applies to. |
System |
Metadata pertaining to creation and last modification of the resource. |
AddressPrefixItem
Address prefix item.
Name | Type | Description |
---|---|---|
addressPrefix |
string |
Address prefix. |
addressPrefixType |
Address prefix type. |
AddressPrefixType
Address prefix type.
Name | Type | Description |
---|---|---|
IPPrefix |
string |
|
ServiceTag |
string |
AdminRule
Network admin rule.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
kind |
string:
Custom |
Whether the rule is custom or default. |
name |
string |
Resource name. |
properties.access |
Indicates the access allowed for this particular rule |
|
properties.description |
string |
A description for this rule. Restricted to 140 chars. |
properties.destinationPortRanges |
string[] |
The destination port ranges. |
properties.destinations |
The destination address prefixes. CIDR or destination IP ranges. |
|
properties.direction |
Indicates if the traffic matched against the rule in inbound or outbound. |
|
properties.priority |
integer |
The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. |
properties.protocol |
Network protocol this rule applies to. |
|
properties.provisioningState |
The provisioning state of the resource. |
|
properties.resourceGuid |
string |
Unique identifier for this resource. |
properties.sourcePortRanges |
string[] |
The source port ranges. |
properties.sources |
The CIDR or source IP ranges. |
|
systemData |
The system metadata related to this resource. |
|
type |
string |
Resource type. |
CloudError
An error response from the service.
Name | Type | Description |
---|---|---|
error |
Cloud error body. |
CloudErrorBody
An error response from the service.
Name | Type | Description |
---|---|---|
code |
string |
An identifier for the error. Codes are invariant and are intended to be consumed programmatically. |
details |
A list of additional details about the error. |
|
message |
string |
A message describing the error, intended to be suitable for display in a user interface. |
target |
string |
The target of the particular error. For example, the name of the property in error. |
createdByType
The type of identity that created the resource.
Name | Type | Description |
---|---|---|
Application |
string |
|
Key |
string |
|
ManagedIdentity |
string |
|
User |
string |
DefaultAdminRule
Network default admin rule.
Name | Type | Description |
---|---|---|
etag |
string |
A unique read-only string that changes whenever the resource is updated. |
id |
string |
Resource ID. |
kind |
string:
Default |
Whether the rule is custom or default. |
name |
string |
Resource name. |
properties.access |
Indicates the access allowed for this particular rule |
|
properties.description |
string |
A description for this rule. Restricted to 140 chars. |
properties.destinationPortRanges |
string[] |
The destination port ranges. |
properties.destinations |
The destination address prefixes. CIDR or destination IP ranges. |
|
properties.direction |
Indicates if the traffic matched against the rule in inbound or outbound. |
|
properties.flag |
string |
Default rule flag. |
properties.priority |
integer |
The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule. |
properties.protocol |
Network protocol this rule applies to. |
|
properties.provisioningState |
The provisioning state of the resource. |
|
properties.resourceGuid |
string |
Unique identifier for this resource. |
properties.sourcePortRanges |
string[] |
The source port ranges. |
properties.sources |
The CIDR or source IP ranges. |
|
systemData |
The system metadata related to this resource. |
|
type |
string |
Resource type. |
ProvisioningState
The current provisioning state.
Name | Type | Description |
---|---|---|
Deleting |
string |
|
Failed |
string |
|
Succeeded |
string |
|
Updating |
string |
SecurityConfigurationRuleAccess
Whether network traffic is allowed or denied.
Name | Type | Description |
---|---|---|
Allow |
string |
|
AlwaysAllow |
string |
|
Deny |
string |
SecurityConfigurationRuleDirection
The direction of the rule. The direction specifies if the rule will be evaluated on incoming or outgoing traffic.
Name | Type | Description |
---|---|---|
Inbound |
string |
|
Outbound |
string |
SecurityConfigurationRuleProtocol
Network protocol this rule applies to.
Name | Type | Description |
---|---|---|
Ah |
string |
|
Any |
string |
|
Esp |
string |
|
Icmp |
string |
|
Tcp |
string |
|
Udp |
string |
SystemData
Metadata pertaining to creation and last modification of the resource.
Name | Type | Description |
---|---|---|
createdAt |
string |
The timestamp of resource creation (UTC). |
createdBy |
string |
The identity that created the resource. |
createdByType |
The type of identity that created the resource. |
|
lastModifiedAt |
string |
The type of identity that last modified the resource. |
lastModifiedBy |
string |
The identity that last modified the resource. |
lastModifiedByType |
The type of identity that last modified the resource. |