allow domains and wildcards in Network Security Groups
Network Security Groups only allow us to use specific resources, tags, and IP ranges. Many APIs and other tools add/remove/change IP ranges regularly, given that clients are expected to point to the domain endpoint (e.g. smtp.gmail.com, Slack API webhooks, etc.).
If we have to get new IP ranges and add them to NSGs, it creates an extra task. We should be able to use domain names/FQDNs/etc. with wildcards (e.g. .gmail.com, .slack.com) for NSG allow or deny rules so we have one less administrative task.
Thanks for the feedback, we are currently supporting this capability with Azure Firewall to complete the scenario.