How can we improve Azure Networking?

difrentiate IP ranges per service

At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which we are using (and since those are offered as SaaS (Sql Azure, Key Vault) attacher would not be able to use them for getting data out.

8 votes

Vote

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Jan Nitecki shared this idea · Apr 19, 2017 · Flag idea as inappropriate… · Admin →

need-feedback ·

AdminAzure Networking Team (Product Manager, Microsoft Azure) responded · Oct 1, 2020

We do have Service Tags, is this what you were looking for?

https://docs.microsoft.com/en-us/azure/virtual-network/service-tags-overview#available-service-tags

– Anavi N [MSFT]

Show previous admin responses (1)

2 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Joseph commented · July 3, 2019 12:00 AM · Flag as inappropriate

I believe MS have done this: https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20190701.json

Submitting...
Anonymous commented · December 6, 2017 1:39 AM · Flag as inappropriate

We are struggling due to this, if we have access to Service Specific Public IP Addresses per Azure DC, we can whitelist particular service within that DC.

Submitting...

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Sign in
Sign up

Networking: IP addresses

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 6,302 ideas
- Additional Services 324 ideas
- Analytics Platform System 20 ideas
- API Apps 0 ideas
- API Management 620 ideas
- Automation 524 ideas
- Azure Active Directory 4,850 ideas
- Azure Active Directory Application Requests 272 ideas
- Azure Advisor 32 ideas
- Azure Analysis Services 188 ideas
- Azure API for FHIR 12 ideas
- Azure App Configuration 38 ideas
- Azure Arc 25 ideas
- Azure Automanage 2 ideas
- Azure Backup 512 ideas
- Azure Blockchain Service 10 ideas
- Azure Bot Service 32 ideas
- Azure Certified Device 15 ideas
- Azure Cloud Shell 358 ideas
- Azure Cognitive Services 33 ideas
- Azure Confidential Compute 2 ideas
- Azure Container Instances 161 ideas
- Azure Container Registry 94 ideas
- Azure Cosmos DB 263 ideas
- Azure CycleCloud 4 ideas
- Azure Data Explorer 197 ideas
- Azure Data Share 10 ideas
- Azure Database for MariaDB 18 ideas
- Azure Database for MySQL 71 ideas
- Azure Database for PostgreSQL 148 ideas
- Azure Database Migration Service 76 ideas
- Azure Databricks 251 ideas
- Azure Dev Spaces 9 ideas
- Azure Digital Twins 19 ideas
- Azure Event Grid 63 ideas
- Azure FarmBeats 12 ideas
- Azure Functions 233 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 200 ideas
- Azure HPC Cache 0 ideas
- Azure IoT (Hub, DPS, SDKs) 319 ideas
- Azure IoT Central 152 ideas
- Azure IoT Edge 84 ideas
- Azure IoT Security 0 ideas
- Azure IoT Solution Accelerators 44 ideas
- Azure Key Vault 173 ideas
- Azure Kinect DK 64 ideas
- Azure Kubernetes Service (AKS) 287 ideas
- Azure Lighthouse 29 ideas
- Azure Management Groups 21 ideas
- Azure Maps 72 ideas
- Azure Marketplace 449 ideas
- Azure Media Services 251 ideas
- Azure Migrate 57 ideas
- Azure mobile app 356 ideas
- Azure Monitor 236 ideas
- Azure Monitor- Alert Management 154 ideas
- Azure Monitor-Application Insights 781 ideas
- Azure Monitor-Log Analytics 987 ideas
- Azure NetApp Files (ANF) 30 ideas
- Azure Pack 293 ideas
- Azure portal 2,178 ideas
- Azure Purview 123 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Remote Rendering 9 ideas
- Azure Reservations 182 ideas
- Azure Resource Manager 541 ideas
- Azure Search 286 ideas
- Azure Security Center 299 ideas
- Azure Sentinel 104 ideas
- Azure Service Health 40 ideas
- Azure SignalR Service 15 ideas
- Azure Spatial Anchors 29 ideas
- Azure Sphere 82 ideas
- Azure Spring Cloud 2 ideas
- Azure Stack HCI 3 ideas
- Azure Stack Hub 199 ideas
- Azure Synapse Analytics 431 ideas
- Azure TCO Calculator 30 ideas
- Azure Time Series Insights 28 ideas
- Batch 35 ideas
- Batch AI 10 ideas
- Biztalk Services 14 ideas
- Blockchain 55 ideas
- Cache 38 ideas
- Change Tracking 12 ideas
- Cloud Services (Web and Worker Role) 272 ideas
- Cost Management 326 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 178 ideas
- Data Factory 1,172 ideas
- Data Lake 354 ideas
- Data Science VM 24 ideas
- Diagnostics and Monitoring 200 ideas
- Event Hubs 41 ideas
- Global Infrastructure 44 ideas
- HDInsight 132 ideas
- Lab Services 362 ideas
- Logic Apps 1,781 ideas
- Machine Learning 237 ideas
- Mobile Engagement 19 ideas
- Networking 1,398 ideas
- Notification Hubs 36 ideas
- Project Bonsai 29 ideas
- Scheduler 43 ideas
- Scripting and Command Line Tools 102 ideas
- SDK and Tools 143 ideas
- Security and Compliance 102 ideas
- Service Bus 202 ideas
- Service Fabric 304 ideas
- Signup and Billing 1,760 ideas
- Site Recovery 296 ideas
- SQL Data Sync 68 ideas
- SQL Database 864 ideas
- SQL Managed Instance 151 ideas
- SQL Server 10,621 ideas
- SQL Server - Big Data Clusters 47 ideas
- Storage 1,023 ideas
- StorSimple 26 ideas
- Stream Analytics 266 ideas
- Support Feedback 273 ideas
- System Center Data Protection Manager 150 ideas
- Update Management 188 ideas
- Virtual Machines 1,682 ideas
- Web Apps 615 ideas
Microsoft Azure