![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 76%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETF%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,585 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(208, 35%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello @Tsoi, Frank ,
Thanks for posting your query on Microsoft QnA.
You are unable to add port 22 in the inbound security rule on NSG, because that will be open to internet, which is disallowed by your company policy that is applied on your subscription (as I can see from the error screenshot that you have shared). Policies are assigned to enforce compliance with your corporate standards.
You can create an exclusion to the Azure Policy to exclude a resource (in your case the NSG) to allow to creation of inbound security rule allowing inbound connections from Internet to SSH port 22, thereby exposing port 22 to Internet. But, this will result in the NSG getting excluded and the same NSG might be applied to other VMs also, hence, it might be a point of concern. You can find more details about exclusion in this document. I have also attached a screenshot below on how it looks like.
You can also create an exemption to perform the same task. Refer to this article. Like I mentioned above, this also will exempt the NSG from the Policy and the same NSG can be attached to other VMs.
In your case, I would suggest you to once check with the Policy owner as adding exclusions might create an issue since the same NSG might be attached to multiple virtual machines.
A workaround would be to connect to your VM via SSH using Azure Bastion. Using Azure Bastion protects your virtual machines from exposing RDP/SSH ports to the outside world, while still providing secure access using RDP/SSH. For more details, refer.
Hope this helps.
--------------------
Please don't forget to 
and 
if you think the information provided was useful so that it can help others in the community looking for help on similar issues.