Add a Network Security Group tag for Windows Update
I'd like to be able to block all outbound traffic on my NSG but still allow windows update to work. This is difficult to do as the windows update depends on quite a few DNS names and the IP address of these apparently changes often.
If I could specify an "Allow" rule for a service tag called "WindowsUpdate" or similar with a higher priority than my "DenyAll" rule this would acheive this.
Thanks for the feedback, we’ll include it as part of our Service Tag program to allow customers to easily define traffic for Windows Updates.
This will never be implemented :))
Schubert Rodrigues commented
Has there been any update to this? It would be nice if we can just block all and add only the update services.
Jeff Miles commented
Prompting again because this is really holding us back from implementing simple IaaS within Azure - so many hurdles to go through to support this!
please add this service TAG to NSG's and Azure Firewall
Ruben Rico commented
This would be very useful
Stefan Spinu commented
Adding my name too.
I too would also like this feature. A *********** test of our Azure environment identified that we should lock down access to the internet for the VM and I would like to do this through an outbound NSG rule blocking everything and then add a rule above it to allow access to Windows Update services.
Any news about this feature? I think that this service tag is very important for costumers that use Windows VM from azure.
Thanks a lot
Last positive response from Azure Network Team was on December 08, 2017 . However still this is not available. Can anyone confirm on this if this is really now available?
Adding our name to this one too. Would be very very useful.
Adding my name to the request for a Service Tag for the Windows Update service.