How can we improve Azure Networking?

difrentiate IP ranges per service

At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which we are using (and since those are offered as SaaS (Sql Azure, Key Vault) attacher would not be able to use them for getting data out.

8 votes

Vote

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Jan Nitecki shared this idea · April 19, 2017 · Flag idea as inappropriate… · Admin →

triaged · July 10, 2019

2 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Joseph commented · July 03, 2019 00:00 · Flag as inappropriate

I believe MS have done this: https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20190701.json

Submitting...
Anonymous commented · December 06, 2017 01:39 · Flag as inappropriate

We are struggling due to this, if we have access to Service Specific Public IP Addresses per Azure DC, we can whitelist particular service within that DC.

Submitting...

Networking: IP addresses

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,889 ideas
- ACE Tools 40 ideas
- Additional Services 332 ideas
- Analytics Platform System 12 ideas
- API Apps 7 ideas
- API Management 477 ideas
- Automation 448 ideas
- Azure Active Directory 3,918 ideas
- Azure Active Directory Application Requests 223 ideas
- Azure Advisor 20 ideas
- Azure Analysis Services 151 ideas
- Azure API for FHIR 4 ideas
- Azure App Configuration 23 ideas
- Azure Arc 8 ideas
- Azure Backup 483 ideas
- Azure Blockchain Service 6 ideas
- Azure Bot Service 65 ideas
- Azure Cloud Shell 329 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 103 ideas
- Azure Container Registry 66 ideas
- Azure Cosmos DB 240 ideas
- Azure CycleCloud 2 ideas
- Azure Data Explorer 63 ideas
- Azure Data Share (Public Preview) 5 ideas
- Azure Database for MariaDB 11 ideas
- Azure Database for MySQL 58 ideas
- Azure Database for PostgreSQL 97 ideas
- Azure Database Migration Service 54 ideas
- Azure Databricks 76 ideas
- Azure Dev Spaces 8 ideas
- Azure Digital Twins 28 ideas
- Azure Event Grid 60 ideas
- Azure FarmBeats 5 ideas
- Azure Functions 173 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 121 ideas
- Azure Government 89 ideas
- Azure HPC Cache 0 ideas
- Azure IoT 267 ideas
- Azure IoT Central 115 ideas
- Azure IoT Device Catalog 10 ideas
- Azure IoT Edge 61 ideas
- Azure IoT Solution Accelerators 35 ideas
- Azure Key Vault 133 ideas
- Azure Kinect DK 37 ideas
- Azure Kubernetes Service (AKS) 175 ideas
- Azure Lighthouse 14 ideas
- Azure Management Groups 23 ideas
- Azure Maps 43 ideas
- Azure Marketplace 400 ideas
- Azure Media Services 211 ideas
- Azure Migrate 38 ideas
- Azure mobile app 221 ideas
- Azure Monitor 123 ideas
- Azure Monitor- Alert Management 110 ideas
- Azure Monitor-Application Insights 586 ideas
- Azure Monitor-Log Analytics 923 ideas
- Azure NetApp Files (ANF) 3 ideas
- Azure Pack 327 ideas
- Azure portal 1,927 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Reservations 184 ideas
- Azure Resource Manager 474 ideas
- Azure Search 249 ideas
- Azure Security Center 223 ideas
- Azure Sentinel 60 ideas
- Azure Service Health 25 ideas
- Azure SignalR Service 10 ideas
- Azure Spatial Anchors 19 ideas
- Azure Sphere 63 ideas
- Azure Spring Cloud 0 ideas
- Azure Stack 171 ideas
- Azure Synapse Analytics 265 ideas
- Azure TCO Calculator 29 ideas
- Azure Time Series Insights 11 ideas
- Batch 49 ideas
- Batch AI 9 ideas
- Biztalk Services 23 ideas
- Blockchain 45 ideas
- Cache 54 ideas
- Change Tracking 10 ideas
- Cloud Services (Web and Worker Role) 286 ideas
- Cost Management 196 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 137 ideas
- Data Factory 757 ideas
- Data Lake 342 ideas
- Data Science VM 21 ideas
- Diagnostics and Monitoring 195 ideas
- Event Hubs 28 ideas
- Global Infrastructure 45 ideas
- HDInsight 130 ideas
- Lab Services 277 ideas
- Logic Apps 1,464 ideas
- Machine Learning 119 ideas
- Mobile Engagement 19 ideas
- Networking 1,041 ideas
- Notification Hubs 34 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 109 ideas
- SDK and Tools 143 ideas
- Security and Compliance 91 ideas
- Service Bus 197 ideas
- Service Fabric 292 ideas
- Signup and Billing 1,550 ideas
- Site Recovery 256 ideas
- SQL Data Sync 70 ideas
- SQL Database 713 ideas
- SQL Managed Instance 108 ideas
- SQL Server 10,256 ideas
- Storage 836 ideas
- StorSimple 46 ideas
- Stream Analytics 243 ideas
- Support Feedback 271 ideas
- System Center Data Protection Manager 117 ideas
- Update Management 126 ideas
- Virtual Machines 1,482 ideas
- Web Apps 434 ideas
Microsoft Azure