How can we improve Azure Networking?

difrentiate IP ranges per service

At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which we are using (and since those are offered as SaaS (Sql Azure, Key Vault) attacher would not be able to use them for getting data out.

8 votes

Vote

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

You have left! (?) (thinking…)

Jan Nitecki shared this idea · April 19, 2017 · Flag idea as inappropriate… · Admin →

triaged · July 10, 2019

2 comments

Add a comment…

Sign in

(thinking…)

Sign in with:

Microsoft

Forgot password?

Create a password

Signed in as (Sign out)

Submitting...

An error occurred while saving the comment

Joseph commented · July 03, 2019 00:00 · Flag as inappropriate

I believe MS have done this: https://download.microsoft.com/download/7/1/D/71D86715-5596-4529-9B13-DA13A5DE5B63/ServiceTags_Public_20190701.json

Submitting...
Anonymous commented · December 06, 2017 01:39 · Flag as inappropriate

We are struggling due to this, if we have access to Service Specific Public IP Addresses per Azure DC, we can whitelist particular service within that DC.

Submitting...

Networking: IP addresses

Searching…

No results.
Clear search results

Give feedback
- (General Feedback) 3,451 ideas
- Additional Services 315 ideas
- Analytics Platform System 12 ideas
- API Apps 8 ideas
- API Management 451 ideas
- Automation 397 ideas
- Azure Active Directory 3,323 ideas
- Azure Active Directory Application Requests 218 ideas
- Azure Advisor 16 ideas
- Azure Analysis Services 142 ideas
- Azure API for FHIR 2 ideas
- Azure App Configuration 13 ideas
- Azure Backup 413 ideas
- Azure Blockchain Service 3 ideas
- Azure Bot Service 59 ideas
- Azure Cloud Shell 307 ideas
- Azure Confidential Compute 3 ideas
- Azure Container Instances 93 ideas
- Azure Container Registry 61 ideas
- Azure Cosmos DB 221 ideas
- Azure CycleCloud 1 idea
- Azure Data Explorer 52 ideas
- Azure Data Share (Public Preview) 2 ideas
- Azure Database for MariaDB 7 ideas
- Azure Database for MySQL 55 ideas
- Azure Database for PostgreSQL 86 ideas
- Azure Database Migration Service 43 ideas
- Azure Databricks 56 ideas
- Azure Dev Spaces 0 ideas
- Azure Digital Twins 23 ideas
- Azure Event Grid 52 ideas
- Azure Functions 139 ideas
- Azure FXT Edge Filer 0 ideas
- Azure Governance 89 ideas
- Azure Government 78 ideas
- Azure IoT 243 ideas
- Azure IoT Central 84 ideas
- Azure IoT Device Catalog 14 ideas
- Azure IoT Edge 61 ideas
- Azure IoT Solution Accelerators 27 ideas
- Azure Key Vault 114 ideas
- Azure Kinect DK 37 ideas
- Azure Kubernetes Service (AKS) 139 ideas
- Azure Lighthouse 9 ideas
- Azure Management Groups 22 ideas
- Azure Maps 39 ideas
- Azure Marketplace 384 ideas
- Azure Media Services 206 ideas
- Azure Migrate 32 ideas
- Azure mobile app 220 ideas
- Azure Monitor 90 ideas
- Azure Monitor- Alert Management 76 ideas
- Azure Monitor-Application Insights 553 ideas
- Azure Monitor-Log Analytics 885 ideas
- Azure Pack 324 ideas
- Azure portal 1,800 ideas
- Azure Red Hat OpenShift 12 ideas
- Azure Resource Manager 427 ideas
- Azure Search 230 ideas
- Azure Security Center 188 ideas
- Azure Sentinel 23 ideas
- Azure Service Health 19 ideas
- Azure SignalR Service 8 ideas
- Azure Spatial Anchors 16 ideas
- Azure Sphere 63 ideas
- Azure Stack 154 ideas
- Azure TCO Calculator 28 ideas
- Azure Time Series Insights 8 ideas
- Batch 44 ideas
- Batch AI 9 ideas
- Biztalk Services 23 ideas
- Blockchain 43 ideas
- Cache 51 ideas
- Change Tracking 8 ideas
- Cloud Services (Web and Worker Role) 284 ideas
- Cost Management 172 ideas
- Customer Insights 13 ideas
- Customer Lockbox for Microsoft Azure 1 idea
- Data Catalog 127 ideas
- Data Factory 706 ideas
- Data Lake 335 ideas
- Data Science VM 19 ideas
- Diagnostics and Monitoring 187 ideas
- Event Hubs 22 ideas
- Global Infrastructure 43 ideas
- HDInsight 124 ideas
- Lab Services 245 ideas
- Logic Apps 1,305 ideas
- Machine Learning 72 ideas
- Mobile Engagement 19 ideas
- Networking 888 ideas
- Notification Hubs 27 ideas
- Scheduler 47 ideas
- Scripting and Command Line Tools 108 ideas
- SDK and Tools 138 ideas
- Security and Compliance 85 ideas
- Service Bus 183 ideas
- Service Fabric 278 ideas
- Signup and Billing 1,426 ideas
- Site Recovery 242 ideas
- SQL Data Sync 69 ideas
- SQL Data Warehouse 253 ideas
- SQL Database 640 ideas
- SQL Managed Instance 95 ideas
- SQL Server 9,702 ideas
- Storage 743 ideas
- StorSimple 46 ideas
- Stream Analytics 230 ideas
- Support Feedback 267 ideas
- System Center Data Protection Manager 110 ideas
- Update Management 111 ideas
- Virtual Machines 1,420 ideas
- Web Apps 365 ideas
Microsoft Azure