Inbound port rules removed automatically

Question

Inbound port rules removed automatically

Doubts Clear 20

When adding the inbound port rules in NSG of Azure vm they disappear after a couple of minutes. It shows one username that is the automation app. I have deleted the enterprise app in my subscription but still it inteferes with my work and remove required inbound port rules. Because of that unable to login to vm as well.

What is the cause of the issue

Prrudram-MSFT 28,201 Reputation points Moderator

2023-05-03T13:27:29.53+00:00

Hello @Doubts Clear

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Accepted answer

0 additional answers

Your answer

Prrudram-MSFT 28,201 Reputation points Moderator

2023-05-03T13:27:29.53+00:00

Hello @Doubts Clear

If an answer has been helpful, please consider accepting the answer to help increase visibility of this question for other members of the Microsoft Q&A community. If not, please let us know what is still needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Answer 1

Hello @Doubts Clear

The NSG in azure VM is like a firewall that controls inbound and outbound traffic to and from your VM. Regarding the issue with the inbound port rules disappearing, it's possible that the NSG is being managed by an Azure Automation account or another Azure service that is automatically modifying the NSG rules. To confirm this, you can check the NSG logs to see if there are any entries related to the automation app or any other Azure service.

To check the NSG logs, you can use Azure Monitor. Here are the steps to do this:

Go to the Azure portal and navigate to your VM.
Click on "Diagnostic settings" under the "Monitoring" section**1**.
Click on "Add diagnostic setting" and configure the settings as follows:

Name: Enter a name for the diagnostic setting.
Destination: Select "Log Analytics".
Log Analytics workspace: Select an existing workspace or create a new one.
Logs: Select "Network security group rule counter".

Click on "Save" to save the diagnostic setting.

Once the diagnostic setting is saved, you can view the NSG logs in the Log Analytics workspace. To do this, go to the Log Analytics workspace and run the following query:

AzureDiagnostics
| where Category == "NetworkSecurityGroupRuleCounter"
| where ResourceId contains "<VM Resource ID>"

Replace <VM Resource ID> with the resource ID of your VM. This query will show you the NSG logs for your VM, including any modifications made to the NSG rules.

If you find that the NSG rules are being modified by an Azure service, you can try disabling the service or modifying its configuration to prevent it from modifying the NSG rules. Alternatively, you can create a custom NSG and associate it with your VM, and then configure the inbound port rules as required. This will prevent any other Azure service from modifying the NSG rules.

Reference: https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-nsg-manage-log

Please accept answer and upvote if the above information is helpful for the benefit of the community.

Doubts Clear 20 Reputation points

2023-05-04T11:55:58.5066667+00:00

@Prrudram-MSFT

Thankyou for the suggestion.

I already informed that I have deleted the enterprise app mentioned in the log but the changes still happen. Creating an alternative NSG is not an option as dozens of machines are deployed via script.

How can I disable the access of this account?

Please suggest any other workarounds for the issue
Doubts Clear 20 Reputation points

2023-05-04T13:14:47.2933333+00:00

Kindly give other workaround

Share via

Inbound port rules removed automatically

0 additional answers

Your answer