GuidoJeuken-6512 avatar image
1 Vote"
GuidoJeuken-6512 asked GuidoJeuken-6512 edited

NSG DenyInternetOutBound on VM with azure-ad MFA login

Hello, everyone,

we have three SQl servers in Azure and a VM to be used for SQL management.
The SQL servers are set up with Azure AD authentication, the SQL admins are forced to use MFA.
In the VM the SQL Server Management Studio is installed and the access works well.
Now I want to protect the VM with a NSG that prevents access to the internet.
I have created an NSG which is bound to the subnet
If I now make a DenyInternetOutBound rule, I can no longer access the SQL servers.The login does not work anymore, the login page does not appear.
AzureADAllow, AzureCloudAllow and SqlWestEuropeAllow roules are configured

Does anyone know how I can use denyinternet rule with ad login with MFA?

[1]: /answers/storage/attachments/7334-2020-04-15-2.png
[2]: /answers/storage/attachments/7335-2020-04-15.png

2020-04-15-2.png (58.4 KiB)
2020-04-15.png (342.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

0 Answers