Firewall ports to be opened to onboard onprem windows and onprem Linux VM to Azure Arc

MS Techie 2,711 Reputation points
2023-10-24T00:47:59.2333333+00:00

The azure subscription hosting the vnet which will hold the private endpoint for Azure arc, is connected via express route to onprem network.Which firewall ports to be opened to onboard onprem windows and onprem Linux VM to Azure Arc ?

Azure Arc
Azure Arc
A Microsoft cloud service that enables deployment of Azure services across hybrid and multicloud environments.
452 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Monalla-MSFT 13,036 Reputation points
    2023-10-25T16:56:04.99+00:00

    @MS Techie - Thanks for reaching out to us.

    If your network is configured to route all internet-bound traffic through the Azure VPN or ExpressRoute circuit, you can configure the network security group (NSG) associated with your subnet in Azure to allow outbound TCP 443 (HTTPS) access to Microsoft Entra ID and Azure using service tags.

    Configure the firewall on your local network to allow outbound TCP 443 (HTTPS) access to Microsoft Entra ID and Azure using the downloadable service tag files. The JSON file contains all the public IP address ranges used by Microsoft Entra ID and Azure and is updated monthly to reflect any changes. Azure ADs service tag is AzureActiveDirectory and Azure's service tag is AzureResourceManager.

    Please take a look at this document for more reference : https://learn.microsoft.com/en-us/azure/azure-arc/servers/private-link-security#network-configuration

    Hope this helps. and please feel free to reach out if you have any further questions.


    If the above response was helpful, please feel free to "Accept as Answer" and click "Yes" so it can be beneficial to the community.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.