How can we improve Azure Networking?

Add a Network Security Group tag for Windows Update

I'd like to be able to block all outbound traffic on my NSG but still allow windows update to work. This is difficult to do as the windows update depends on quite a few DNS names and the IP address of these apparently changes often.

If I could specify an "Allow" rule for a service tag called "WindowsUpdate" or similar with a higher priority than my "DenyAll" rule this would acheive this.

65 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    eamonhetherton shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    4 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        Please,
        Any news about this feature? I think that this service tag is very important for costumers that use Windows VM from azure.
        Thanks a lot

      • Dhirendra commented  ·   ·  Flag as inappropriate

        Last positive response from Azure Network Team was on December 08, 2017 . However still this is not available. Can anyone confirm on this if this is really now available?

      • Shawn commented  ·   ·  Flag as inappropriate

        Adding my name to the request for a Service Tag for the Windows Update service.

      Feedback and Knowledge Base