Add Custom Tags to NSG Rules
It would be great if we can define our own on-premise network ranges (using 'Named networks' in AAD?) and add these as Custom Tags to our NSG rules. Now we have our on-premise ip-adresses/subnets as a seperate item in every NSG. When these ip-adresses/subnets change for whatever reason, we have to check every NSG and change this item. If we could use these 'centrally managed' ip-adresses/subnets as 'Custom Tags' in our NSG's rules we don't have to check and change every NSG rule with every ip-address change.

This remains on our long-term backlog as something we want to offer
-Mario [MSFT]
19 comments
-
Rory commented
Hmmm.. this one is planned.. same suggestion: https://feedback.azure.com/forums/217313-networking/suggestions/38009422-wants-to-make-my-custom-service-tags-for-network-s
-
Anonymous commented
Please consider moving this up in backlog. Not having it requires way too much automation and redundancy.
-
Vincent Baby commented
will this ever be considered.
-
Bruno Ávila commented
I would say that this should be pushed up in MS Azure backlog. We have many customers using hybrid environments (I think many other customers/partners have the same situation), and custom tags will definitely help reduce time in network security group rules creation, especially grouping some IP's to tags, and then using the tags within NSG rules.
-
Janke, Joel commented
Rody you said this was planned over 2 years ago. How is the progress coming?
-
Masato commented
I'ts very nice if you can add the NSG tag like "Backup[geo-name]".
Now, we can not control specific ip address by using NSG in case of restoring files from Azure Backup.
We tried to control from *.download.microsoft.com(443/TCP) and pod01-rec2.
[geo-name].backup.windowsazure.com(3260/TCP) , but does'nt work well.
So we tried to use Azure Firewall as FQDN Filtering , but Azure Firewall was only support for HTTP/HTTPS protocol.
Please add the NSG tag for restoring from Azure Backup. -
Anonymous commented
Hi, is there any update on this?
Using custom tags in NSG would be a life saver and would help a lot in getting rules auto implemented on VM provisioning as well. -
Anonymous commented
Update please?
-
Benedikt Kittinger commented
@MSFT: Are there any updates on this feature request?
This would be a really useful feature in Hybrid and Multi-Cloud environments where you would want multiple (several hundred in our case) rules that share the same source or destination subnets that cannot be grouped into Application Security Groups.
-
[Deleted User] commented
I saw a couple of more tags added for Storage/SQL, but nothing for custom tags... any update on that?
-
Anonymous commented
An update would be much appreciated. Suffering with multiple identical source/destination networks in NSG rules that we would like to manage as a set. Current process is dangerously unwieldy
-
Anonymous commented
Is there any update on this? We are having this exact issue, and being able to define source / destination networks via subnet name or tag would really be nice. Entering the CIDR notation for each subnet in every rule is a serious pain to manage...
-
Sujan Pilli commented
Mario Lopez [MSFT] can you share an update please ?
-
Anonymous commented
Hi,
any news about this features ?
thanks
-
Jerome Scholefield commented
This would be a great addition! Can you share your current progress?
-
Vincent.su commented
Hey Team, it's almost mind of year but we still didn't have no updates yet regaridng to this new feature, is there any latest news or timeline wanna share with us
-
Sean McNellis commented
Yes please! Not sure, but it would make sense to include FQDN based sources so those of us using any type of dynamic DNS for server RDP, VPN access, etc. This could make life a lot easier for me :)
-
Asa Bailey commented
This would make life so much easier, glad to hear you are working on this.
-
Mario Lopez [MSFT] commented
Hi Rody
We are currently working to enable users to defined their own Custom Tags, expect more information by mid this year about this feature