Sdílet prostřednictvím


Admin Rules - Create Or Update

Creates or updates an admin rule.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkManagers/{networkManagerName}/securityAdminConfigurations/{configurationName}/ruleCollections/{ruleCollectionName}/rules/{ruleName}?api-version=2024-01-01

URI Parameters

Name In Required Type Description
configurationName
path True

string

The name of the network manager Security Configuration.

networkManagerName
path True

string

The name of the network manager.

resourceGroupName
path True

string

The name of the resource group.

ruleCollectionName
path True

string

The name of the network manager security Configuration rule collection.

ruleName
path True

string

The name of the rule.

subscriptionId
path True

string

The subscription credentials which uniquely identify the Microsoft Azure subscription. The subscription ID forms part of the URI for every service call.

api-version
query True

string

Client API version.

Request Body

The request body can be one of the following:

Name Description
AdminRule

Network admin rule.

DefaultAdminRule

Network default admin rule.

AdminRule

Network admin rule.

Name Required Type Description
kind True string:

Custom

Whether the rule is custom or default.

properties.access True

SecurityConfigurationRuleAccess

Indicates the access allowed for this particular rule

properties.direction True

SecurityConfigurationRuleDirection

Indicates if the traffic matched against the rule in inbound or outbound.

properties.priority True

integer

The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

properties.protocol True

SecurityConfigurationRuleProtocol

Network protocol this rule applies to.

properties.description

string

A description for this rule. Restricted to 140 chars.

properties.destinationPortRanges

string[]

The destination port ranges.

properties.destinations

AddressPrefixItem[]

The destination address prefixes. CIDR or destination IP ranges.

properties.sourcePortRanges

string[]

The source port ranges.

properties.sources

AddressPrefixItem[]

The CIDR or source IP ranges.

DefaultAdminRule

Network default admin rule.

Name Required Type Description
kind True string:

Default

Whether the rule is custom or default.

properties.flag

string

Default rule flag.

Responses

Name Type Description
200 OK BaseAdminRule:

Updated rule

201 Created BaseAdminRule:

Created rule

Other Status Codes

CloudError

Error response describing why the operation failed.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name Description
user_impersonation impersonate your user account

Examples

Create a default admin rule
Create an admin rule

Create a default admin rule

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule?api-version=2024-01-01

{
  "kind": "Default",
  "properties": {
    "flag": "AllowVnetInbound"
  }
}

Sample response

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleDefaultAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleDefaultAdminRule",
  "kind": "Default",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "flag": "AllowVnetInbound",
    "description": "This is Sample Default Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}
{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleDefaultAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleDefaultAdminRule",
  "kind": "Default",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "flag": "AllowVnetInbound",
    "description": "This is Sample Default Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Create an admin rule

Sample request

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule?api-version=2024-01-01

{
  "kind": "Custom",
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound"
  }
}

Sample response

{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/testRuleCollection/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}
{
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkManagers/testNetworkManager/securityAdminConfigurations/myTestSecurityConfig/ruleCollections/rules/SampleAdminRule",
  "type": "Microsoft.Network/networkManagers/securityAdminConfigurations/ruleCollections/rules",
  "name": "SampleAdminRule",
  "kind": "Custom",
  "systemData": {
    "createdBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "createdByType": "User",
    "createdAt": "2021-01-11T18:52:27Z",
    "lastModifiedBy": "b69a9388-9488-4534-b470-7ec6d41beef5",
    "lastModifiedByType": "User",
    "lastModifiedAt": "2021-01-11T18:52:27Z"
  },
  "properties": {
    "description": "This is Sample Admin Rule",
    "protocol": "Tcp",
    "sources": [
      {
        "addressPrefixType": "ServiceTag",
        "addressPrefix": "Internet"
      }
    ],
    "destinations": [
      {
        "addressPrefixType": "IPPrefix",
        "addressPrefix": "*"
      }
    ],
    "sourcePortRanges": [
      "0-65535"
    ],
    "destinationPortRanges": [
      "22"
    ],
    "access": "Deny",
    "priority": 1,
    "direction": "Inbound",
    "provisioningState": "Succeeded",
    "resourceGuid": "00000000-0000-0000-0000-000000000000"
  }
}

Definitions

Name Description
AddressPrefixItem

Address prefix item.

AddressPrefixType

Address prefix type.

AdminRule

Network admin rule.

CloudError

An error response from the service.

CloudErrorBody

An error response from the service.

createdByType

The type of identity that created the resource.

DefaultAdminRule

Network default admin rule.

ProvisioningState

The current provisioning state.

SecurityConfigurationRuleAccess

Whether network traffic is allowed or denied.

SecurityConfigurationRuleDirection

The direction of the rule. The direction specifies if the rule will be evaluated on incoming or outgoing traffic.

SecurityConfigurationRuleProtocol

Network protocol this rule applies to.

SystemData

Metadata pertaining to creation and last modification of the resource.

AddressPrefixItem

Address prefix item.

Name Type Description
addressPrefix

string

Address prefix.

addressPrefixType

AddressPrefixType

Address prefix type.

AddressPrefixType

Address prefix type.

Name Type Description
IPPrefix

string

ServiceTag

string

AdminRule

Network admin rule.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

kind string:

Custom

Whether the rule is custom or default.

name

string

Resource name.

properties.access

SecurityConfigurationRuleAccess

Indicates the access allowed for this particular rule

properties.description

string

A description for this rule. Restricted to 140 chars.

properties.destinationPortRanges

string[]

The destination port ranges.

properties.destinations

AddressPrefixItem[]

The destination address prefixes. CIDR or destination IP ranges.

properties.direction

SecurityConfigurationRuleDirection

Indicates if the traffic matched against the rule in inbound or outbound.

properties.priority

integer

The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

properties.protocol

SecurityConfigurationRuleProtocol

Network protocol this rule applies to.

properties.provisioningState

ProvisioningState

The provisioning state of the resource.

properties.resourceGuid

string

Unique identifier for this resource.

properties.sourcePortRanges

string[]

The source port ranges.

properties.sources

AddressPrefixItem[]

The CIDR or source IP ranges.

systemData

SystemData

The system metadata related to this resource.

type

string

Resource type.

CloudError

An error response from the service.

Name Type Description
error

CloudErrorBody

Cloud error body.

CloudErrorBody

An error response from the service.

Name Type Description
code

string

An identifier for the error. Codes are invariant and are intended to be consumed programmatically.

details

CloudErrorBody[]

A list of additional details about the error.

message

string

A message describing the error, intended to be suitable for display in a user interface.

target

string

The target of the particular error. For example, the name of the property in error.

createdByType

The type of identity that created the resource.

Name Type Description
Application

string

Key

string

ManagedIdentity

string

User

string

DefaultAdminRule

Network default admin rule.

Name Type Description
etag

string

A unique read-only string that changes whenever the resource is updated.

id

string

Resource ID.

kind string:

Default

Whether the rule is custom or default.

name

string

Resource name.

properties.access

SecurityConfigurationRuleAccess

Indicates the access allowed for this particular rule

properties.description

string

A description for this rule. Restricted to 140 chars.

properties.destinationPortRanges

string[]

The destination port ranges.

properties.destinations

AddressPrefixItem[]

The destination address prefixes. CIDR or destination IP ranges.

properties.direction

SecurityConfigurationRuleDirection

Indicates if the traffic matched against the rule in inbound or outbound.

properties.flag

string

Default rule flag.

properties.priority

integer

The priority of the rule. The value can be between 1 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.

properties.protocol

SecurityConfigurationRuleProtocol

Network protocol this rule applies to.

properties.provisioningState

ProvisioningState

The provisioning state of the resource.

properties.resourceGuid

string

Unique identifier for this resource.

properties.sourcePortRanges

string[]

The source port ranges.

properties.sources

AddressPrefixItem[]

The CIDR or source IP ranges.

systemData

SystemData

The system metadata related to this resource.

type

string

Resource type.

ProvisioningState

The current provisioning state.

Name Type Description
Deleting

string

Failed

string

Succeeded

string

Updating

string

SecurityConfigurationRuleAccess

Whether network traffic is allowed or denied.

Name Type Description
Allow

string

AlwaysAllow

string

Deny

string

SecurityConfigurationRuleDirection

The direction of the rule. The direction specifies if the rule will be evaluated on incoming or outgoing traffic.

Name Type Description
Inbound

string

Outbound

string

SecurityConfigurationRuleProtocol

Network protocol this rule applies to.

Name Type Description
Ah

string

Any

string

Esp

string

Icmp

string

Tcp

string

Udp

string

SystemData

Metadata pertaining to creation and last modification of the resource.

Name Type Description
createdAt

string

The timestamp of resource creation (UTC).

createdBy

string

The identity that created the resource.

createdByType

createdByType

The type of identity that created the resource.

lastModifiedAt

string

The type of identity that last modified the resource.

lastModifiedBy

string

The identity that last modified the resource.

lastModifiedByType

createdByType

The type of identity that last modified the resource.