NSG not applying properly

Question

Hi,

I have created a NSG which blocks all inbound and outbound traffic, and have attached the only network interface of an Azure Virtual Machine (Windows 10) to it. The rules are effective, according to the Azure Portal.

The two rules of the NSG are :

$rule1 = New-AzNetworkSecurityRuleConfig -Name InboundDisallow -Access Deny -DestinationAddressPrefix * -DestinationPortRange * -Direction Inbound -Priority 100 -Protocol * -SourceAddressPrefix * -SourcePortRange *  
$rule2 = New-AzNetworkSecurityRuleConfig -Name OutboundDisallow -Access Deny -DestinationAddressPrefix * -DestinationPortRange * -Direction Outbound -Priority 100 -Protocol * -SourceAddressPrefix * -SourcePortRange *  

RDP is blocked, and I can not ping the machine, which is excepted.

However, I can still run PowerShell scripts on the machine, using Run Command (from the Portal or Powershell), which should not be possible (https://learn.microsoft.com/en-us/azure/virtual-machines/windows/run-command#restrictions) as it requires to authorize AzureCloud Outbound on port 443.

I have also tried to detach the network interface and attach the subnet to the NSG, and I can still use this command. I have also tried rebooting the virtual machine, deleting and creating again the VM and the NSG, same results.

Would you have any idea why it does not work ?

Thanks in advance,
Regards

Answer 1

Create a rule to allow vNET traffic or specify in\out rules with others ips

(Please don't forget to Accept as answer if the reply is helpful)
http://www.moamenhany.com

Answer 2

Hi @Emilien Court ,

Disable WINRM ports 5985 and 5986 also and see if it helps. One is for HTTP and other for HTTPS

Please mark as "Accept the answer" if the above steps helps you. Others with similar issues can also follow the solution as per your suggestion

Regards,

Manu