How can we improve Azure Networking?

Add Custom Tags to NSG Rules

It would be great if we can define our own on-premise network ranges (using 'Named networks' in AAD?) and add these as Custom Tags to our NSG rules. Now we have our on-premise ip-adresses/subnets as a seperate item in every NSG. When these ip-adresses/subnets change for whatever reason, we have to check every NSG and change this item. If we could use these 'centrally managed' ip-adresses/subnets as 'Custom Tags' in our NSG's rules we don't have to check and change every NSG rule with every ip-address change.

263 votes
Vote
Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
You have left! (?) (thinking…)
Rody shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

15 comments

Sign in
(thinking…)
Sign in with: oidc
Signed in as (Sign out)
Submitting...
  • Joel commented  ·   ·  Flag as inappropriate

    Rody you said this was planned over 2 years ago. How is the progress coming?

  • Masato commented  ·   ·  Flag as inappropriate

    I'ts very nice if you can add the NSG tag like "Backup[geo-name]".
    Now, we can not control specific ip address by using NSG in case of restoring files from Azure Backup.
    We tried to control from *.download.microsoft.com(443/TCP) and pod01-rec2.
    [geo-name].backup.windowsazure.com(3260/TCP) , but does'nt work well.
    So we tried to use Azure Firewall as FQDN Filtering , but Azure Firewall was only support for HTTP/HTTPS protocol.
    Please add the NSG tag for restoring from Azure Backup.

  • Anonymous commented  ·   ·  Flag as inappropriate

    Hi, is there any update on this?
    Using custom tags in NSG would be a life saver and would help a lot in getting rules auto implemented on VM provisioning as well.

  • Benedikt Kittinger commented  ·   ·  Flag as inappropriate

    @MSFT: Are there any updates on this feature request?

    This would be a really useful feature in Hybrid and Multi-Cloud environments where you would want multiple (several hundred in our case) rules that share the same source or destination subnets that cannot be grouped into Application Security Groups.

  • Anonymous commented  ·   ·  Flag as inappropriate

    I saw a couple of more tags added for Storage/SQL, but nothing for custom tags... any update on that?

  • Anonymous commented  ·   ·  Flag as inappropriate

    An update would be much appreciated. Suffering with multiple identical source/destination networks in NSG rules that we would like to manage as a set. Current process is dangerously unwieldy

  • Anonymous commented  ·   ·  Flag as inappropriate

    Is there any update on this? We are having this exact issue, and being able to define source / destination networks via subnet name or tag would really be nice. Entering the CIDR notation for each subnet in every rule is a serious pain to manage...

  • Vincent.su commented  ·   ·  Flag as inappropriate

    Hey Team, it's almost mind of year but we still didn't have no updates yet regaridng to this new feature, is there any latest news or timeline wanna share with us

  • Sean McNellis commented  ·   ·  Flag as inappropriate

    Yes please! Not sure, but it would make sense to include FQDN based sources so those of us using any type of dynamic DNS for server RDP, VPN access, etc. This could make life a lot easier for me :)

  • Mario Lopez [MSFT] commented  ·   ·  Flag as inappropriate

    Hi Rody

    We are currently working to enable users to defined their own Custom Tags, expect more information by mid this year about this feature

Feedback and Knowledge Base