Use service tags for Azure Web PubSub Service
You can use Service Tags for Azure Web PubSub service when configuring Network Security Group. It allows you to define inbound/outbound network security rule for Azure Web PubSub Service endpoints without need to hardcode IP addresses.
Azure Web PubSub service manages these service tags. You can't create your own service tag or modify an existing tag. Microsoft manages the address prefixes that match to the service tag and automatically updates the service tag as addresses change.
Starting from 15 August 2021, Azure Web PubSub service supports bidirectional Service Tag for both inbound and outbound traffic.
Use service tag via Azure CLI
Configure outbound traffic
You can allow outbound traffic to Azure Web PubSub service by adding a new outbound network security rule:
az network nsg rule create -n <rule-name> --nsg-name <nsg-name> -g <resource-group> --priority 100 --direction Outbound --destination-address-prefixes AzureWebPubSub
Configure inbound traffic
If you're using event handler, you can also allow inbound traffic from Azure Web PubSub service by adding a new inbound network security rule:
az network nsg rule create -n <rule-name> --nsg-name <nsg-name> -g <resource-group> --priority 100 --direction Inbound --source-address-prefixes AzureWebPubSub