PCI scanner is being blocked to Azure VM

Alan Hammond 1 Reputation point
2021-09-07T16:25:36.03+00:00

We have an Azure VM with IIS hosting a website on port 443, on the Network Security Group we have an inbound rule allowing any source into 443. Customers can reach the site from public internet. But our 3rd party PCI compliance scanner cannot reach the site and say they are being blocked to port 443. What could be blocking them? Is there some place to white list their IPs?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,414 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. SaiKishor-MSFT 17,216 Reputation points
    2021-09-13T08:03:57.86+00:00

    @Alan Hammond Thank you for reaching out to Microsoft Q&A.

    I understand that the PCI Compliance scanner cannot reach the VM even though there is an Allow ANY rule to the VM on port 443. Can you add another rule allowing this PCI scanner IP with lowest priority and see if that helps?

    Please also check the effective security group rules to check the rules that are actually being applied to determine that nothing is blocking this traffic. Hope this helps.

    0 comments No comments