How can we improve Azure Virtual Machines?

Azure VM Agent proxy support/config

The Azure VM agent currently uses the system account proxy settings for communication to Azure infrastructure services.

I prefer not to give servers internet access so am requesting the ability to configure the Azure VM agent to use a specified proxy, rather than giving the system account internet access.

Also the ability to use a pac file would be advantageous.

More and more useful services use the VM agent for communication so is getting more of an issues, to name a few:
- Azure Security Center
- Azure Recovery Services
- VM Diagnostics

38 votes
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)

We’ll send you updates on this idea

Basty_ss shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

4 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Adrian Walker commented  ·   ·  Flag as inappropriate

    This still isn't even under review????

    I found a great article on the VM agent (http://www.deployazure.com/compute/virtual-machines/azure-vm-agent-extensions-deep-dive-part-3/), even listing the special IP address you use (168.63.129.16), however when I go to add it as a user defined route (168.63.129.16/32), I get the error:

    "Failed to add route 'DirectRouteToVMAgent' to route table 'XYZ'. Error: AddressPrefix 168.63.129.16/32 for route DirectRouteToVMAgent is not allowed because its in restricted address space."

    Aaaaahhhhhhhhhhhhhhhhhhhh!!!!!! Why Microsoft, why. Every which way I turn, you throw a spanner in the works. You really do want use to move to AWS don't you?

  • Adrian Walker commented  ·   ·  Flag as inappropriate

    Come on MS. This is CRITICAL. A MASSIVE failing that there is no way to configure proxies in the agent BEFORE the VM is stood up. It is a legal requirement for organisation in the UK to monitor internet traffic. I expect this extends to the US too. Therefore companies are obligated to direct all internet traffic.
    If the Azure VM agent must go out to the internet to do it's job and as it is so important to automation, you need to get this sorted ASAP. It should be at the very top of your list. In fact it should have been done from the outset. It;s such a massive failing, I can't understand why it hasn't been done.

Feedback and Knowledge Base