How can we improve Azure Networking?

Add Custom Tags to NSG Rules

It would be great if we can define our own on-premise network ranges (using 'Named networks' in AAD?) and add these as Custom Tags to our NSG rules. Now we have our on-premise ip-adresses/subnets as a seperate item in every NSG. When these ip-adresses/subnets change for whatever reason, we have to check every NSG and change this item. If we could use these 'centrally managed' ip-adresses/subnets as 'Custom Tags' in our NSG's rules we don't have to check and change every NSG rule with every ip-address change.

246 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Rody shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    12 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Benedikt Kittinger commented  ·   ·  Flag as inappropriate

        @MSFT: Are there any updates on this feature request?

        This would be a really useful feature in Hybrid and Multi-Cloud environments where you would want multiple (several hundred in our case) rules that share the same source or destination subnets that cannot be grouped into Application Security Groups.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I saw a couple of more tags added for Storage/SQL, but nothing for custom tags... any update on that?

      • Anonymous commented  ·   ·  Flag as inappropriate

        An update would be much appreciated. Suffering with multiple identical source/destination networks in NSG rules that we would like to manage as a set. Current process is dangerously unwieldy

      • Anonymous commented  ·   ·  Flag as inappropriate

        Is there any update on this? We are having this exact issue, and being able to define source / destination networks via subnet name or tag would really be nice. Entering the CIDR notation for each subnet in every rule is a serious pain to manage...

      • Vincent.su commented  ·   ·  Flag as inappropriate

        Hey Team, it's almost mind of year but we still didn't have no updates yet regaridng to this new feature, is there any latest news or timeline wanna share with us

      • Sean McNellis commented  ·   ·  Flag as inappropriate

        Yes please! Not sure, but it would make sense to include FQDN based sources so those of us using any type of dynamic DNS for server RDP, VPN access, etc. This could make life a lot easier for me :)

      • Mario Lopez [MSFT] commented  ·   ·  Flag as inappropriate

        Hi Rody

        We are currently working to enable users to defined their own Custom Tags, expect more information by mid this year about this feature

      Feedback and Knowledge Base