add a source tag for Office 365 IPs to NSG Rules
Consider adding support for multiple address ranges in NSG rules or add a source tag for Office 365 IPs.
Currently it is a nightmare to add all addresses for Exchange Online. We need a NSG policy for each address range :)
We’re addressing this need with “Service Tags” which allow network security group rules to refer to Azure services such as “Storage” or “Sql” and the list of IP addresses is maintained transparently by the Azure platform. See here for more information: https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#service-tags
We’ll be adding tags for additional Azure services over time.
Added a vote to this specifically for the CRM Data Export service.
Is there any ETA on this? It's a pain having to setup and maintain the list of IPs manually!
I have a case where we want to enable a Dynamics365/CRM solution and in addition to a coded NSG rule to allow Dynamics365 IPs, we also have to allow ALL Azure IPs in. For environments that have sensitive data it's important to be able to disallow traffic from untrusted sources (eg. any ol' Azure subscription vs. O365, Exchange, etc.).
Microsoft Azure Datacenter IP Ranges are required for Dynamics 365 organizations on version 9, and higher. To view the required IP ranges for the Microsoft Azure Datacenter, please see the following link..."
Eric Yew commented
I've seen a lot of new service tags but non yet for Office 365. Any ETA on this?