Share via

Network Security Groups and Update Management

jpcapone 1,786 Reputation points
2021-03-17T20:15:03.487+00:00

We are attempting to implement Azure Automation for Update Management of a subset of servers that have outbound internet access blocked. We want to open port 443 only for required Azure Public traffic listed in the doc below as:
https://learn.microsoft.com/en-us/azure/automation/automation-network-configuration
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
*.blob.core.windows.net
*.azure-automation.net

It is not apparent how one would do this using Outbound Network Security Group rules. Any suggestions?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
0 comments
Answer accepted by question author
  1. jpcapone 1,786 Reputation points
    2021-03-18T02:27:11.113+00:00

    I believe I found my solution buried in the article I attached. Can anyone confirm this process?
    When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. This simplifies the ongoing management of your network security rules. To connect to the Automation service from your Azure VMs securely and privately, review Use Azure Private Link. To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.