NSG DenyInternetOutBound on VM with azure-ad MFA login

Guido Jeuken 56 Reputation points
2020-04-15T20:41:17.693+00:00

Hello, everyone,

we have three SQl servers in Azure and a VM to be used for SQL management.
The SQL servers are set up with Azure AD authentication, the SQL admins are forced to use MFA.
7334-2020-04-15-2.png
In the VM the SQL Server Management Studio is installed and the access works well.
Now I want to protect the VM with a NSG that prevents access to the internet.
I have created an NSG which is bound to the subnet
If I now make a DenyInternetOutBound rule, I can no longer access the SQL servers.The login does not work anymore, the login page does not appear.
AzureADAllow, AzureCloudAllow and SqlWestEuropeAllow roules are configured
7335-2020-04-15.png

Does anyone know how I can use denyinternet rule with ad login with MFA?

thanks
Guido

Azure Active Directory
Azure Active Directory
An Azure enterprise identity service that provides single sign-on and multi-factor authentication.
13,556 questions
Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
4,898 questions