Network Security Groups and Update Management

jpcapone 1,376 Reputation points
2021-03-17T20:15:03.487+00:00

We are attempting to implement Azure Automation for Update Management of a subset of servers that have outbound internet access blocked. We want to open port 443 only for required Azure Public traffic listed in the doc below as:
https://learn.microsoft.com/en-us/azure/automation/automation-network-configuration
*.ods.opinsights.azure.com
*.oms.opinsights.azure.com
*.blob.core.windows.net
*.azure-automation.net

It is not apparent how one would do this using Outbound Network Security Group rules. Any suggestions?

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,279 questions
Azure Automation
Azure Automation
An Azure service that is used to automate, configure, and install updates across hybrid environments.
1,184 questions
0 comments No comments
{count} vote

Accepted answer
  1. jpcapone 1,376 Reputation points
    2021-03-18T02:27:11.113+00:00

    I believe I found my solution buried in the article I attached. Can anyone confirm this process?
    When you create network group security rules or configure Azure Firewall to allow traffic to the Automation service and the Log Analytics workspace, use the service tags GuestAndHybridManagement and AzureMonitor. This simplifies the ongoing management of your network security rules. To connect to the Automation service from your Azure VMs securely and privately, review Use Azure Private Link. To obtain the current service tag and range information to include as part of your on-premises firewall configurations, see downloadable JSON files.


0 additional answers

Sort by: Most helpful