How can we improve Azure Networking?

difrentiate IP ranges per service

At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which we are using (and since those are offered as SaaS (Sql Azure, Key Vault) attacher would not be able to use them for getting data out.

8 votes

Vote

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Jan Nitecki shared this idea · April 19, 2017 · Flag idea as inappropriate… · Admin →

triaged · July 10, 2019

2 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Joseph commented · July 03, 2019 00:00 · Flag as inappropriate

I believe MS have done this: https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20190701.json

Submitting...
Anonymous commented · December 06, 2017 01:39 · Flag as inappropriate

We are struggling due to this, if we have access to Service Specific Public IP Addresses per Azure DC, we can whitelist particular service within that DC.

Submitting...

Networking: IP addresses

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 4,254 ideas
- ACE Tools 42 ideas
- Additional Services 334 ideas
- Analytics Platform System 13 ideas
- API Apps 2 ideas
- API Management 518 ideas
- Automation 475 ideas
- Azure Active Directory 4,042 ideas
- Azure Active Directory Application Requests 238 ideas
- Azure Advisor 21 ideas
- Azure Analysis Services 161 ideas
- Azure API for FHIR 8 ideas
- Azure App Configuration 26 ideas
- Azure Arc 12 ideas
- Azure Backup 413 ideas
- Azure Blockchain Service 7 ideas
- Azure Bot Service 69 ideas
- Azure Cloud Shell 349 ideas
- Azure Confidential Compute 1 idea
- Azure Container Instances 116 ideas
- Azure Container Registry 72 ideas
- Azure Cosmos DB 213 ideas
- Azure CycleCloud 2 ideas
- Azure Data Explorer 82 ideas
- Azure Data Share 5 ideas
- Azure Database for MariaDB 11 ideas
- Azure Database for MySQL 39 ideas
- Azure Database for PostgreSQL 98 ideas
- Azure Database Migration Service 59 ideas
- Azure Databricks 98 ideas
- Azure Dev Spaces 8 ideas
- Azure Digital Twins 29 ideas
- Azure Event Grid 61 ideas
- Azure FarmBeats 6 ideas
- Azure Functions 170 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 149 ideas
- Azure Government 91 ideas
- Azure HPC Cache 0 ideas
- Azure IoT 277 ideas
- Azure IoT Central 127 ideas
- Azure IoT Device Catalog 12 ideas
- Azure IoT Edge 63 ideas
- Azure IoT Security 0 ideas
- Azure IoT Solution Accelerators 39 ideas
- Azure Key Vault 149 ideas
- Azure Kinect DK 43 ideas
- Azure Kubernetes Service (AKS) 202 ideas
- Azure Lighthouse 18 ideas
- Azure Management Groups 24 ideas
- Azure Maps 45 ideas
- Azure Marketplace 404 ideas
- Azure Media Services 214 ideas
- Azure Migrate 43 ideas
- Azure mobile app 217 ideas
- Azure Monitor 145 ideas
- Azure Monitor- Alert Management 127 ideas
- Azure Monitor-Application Insights 640 ideas
- Azure Monitor-Log Analytics 937 ideas
- Azure NetApp Files (ANF) 11 ideas
- Azure Pack 320 ideas
- Azure portal 1,981 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Remote Rendering 0 ideas
- Azure Reservations 186 ideas
- Azure Resource Manager 501 ideas
- Azure Search 254 ideas
- Azure Security Center 229 ideas
- Azure Sentinel 91 ideas
- Azure Service Health 27 ideas
- Azure SignalR Service 14 ideas
- Azure Spatial Anchors 21 ideas
- Azure Sphere 69 ideas
- Azure Spring Cloud 0 ideas
- Azure Stack 177 ideas
- Azure Synapse Analytics 287 ideas
- Azure TCO Calculator 29 ideas
- Azure Time Series Insights 15 ideas
- Batch 32 ideas
- Batch AI 10 ideas
- Biztalk Services 23 ideas
- Blockchain 48 ideas
- Cache 40 ideas
- Change Tracking 11 ideas
- Cloud Services (Web and Worker Role) 289 ideas
- Cost Management 230 ideas
- Cross region move for Azure resources 11 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 2 ideas
- Data Catalog 149 ideas
- Data Factory 826 ideas
- Data Lake 346 ideas
- Data Science VM 21 ideas
- Diagnostics and Monitoring 198 ideas
- Event Hubs 32 ideas
- Global Infrastructure 45 ideas
- HDInsight 136 ideas
- Lab Services 289 ideas
- Logic Apps 1,540 ideas
- Machine Learning 142 ideas
- Mobile Engagement 19 ideas
- Networking 1,189 ideas
- Notification Hubs 38 ideas
- Scheduler 42 ideas
- Scripting and Command Line Tools 107 ideas
- SDK and Tools 146 ideas
- Security and Compliance 93 ideas
- Service Bus 204 ideas
- Service Fabric 295 ideas
- Signup and Billing 1,640 ideas
- Site Recovery 265 ideas
- SQL Data Sync 63 ideas
- SQL Database 746 ideas
- SQL Managed Instance 120 ideas
- SQL Server 10,532 ideas
- SQL Server - Big Data Clusters 11 ideas
- Storage 885 ideas
- StorSimple 25 ideas
- Stream Analytics 249 ideas
- Support Feedback 271 ideas
- System Center Data Protection Manager 118 ideas
- Update Management 138 ideas
- Virtual Machines 1,559 ideas
- Web Apps 490 ideas
Microsoft Azure