Service Tags for Windows Updates (WU) and RedHat Update Infrastructure (RHUI) suggestion
I have been using Azure Automation's Update Management for VMs that are internet facing without issue until I am required to use it on VMs that are non-internet facing (intranet) environment where I'm stumble into a lot of NSG configuration complexity.
Any chance of having these Service Tags?
For an example having this Service Tag created for NSG in order for consumer to configure Windows VM resources to utilise Azure Automation's Update Management feature, and allow Windows VMs to receive Windows Updates securely.
The current problem is that Windows Updates can be distributed through multiple Windows Update URL endpoints (https://docs.microsoft.com/en-us/windows/deployment/update/windows-update-troubleshooting#device-cannot-access-update-files) that is almost impossible to be mapped for consumer.
For an example having this Service Tag created for NSG in order for consumer to configure RedHat VM resources to utilise Azure Automation's Update Management feature, and allow RedHat VMs to receive packages securely.
The current problem is that RedHat packages can be distributed through multiple content delivery servers (https://docs.microsoft.com/en-us/azure/virtual-machines/workloads/redhat/redhat-rhui#the-ips-for-the-rhui-content-delivery-servers) that are managed and owned by Microsoft which may subject to changes in the future based on capacity requirement.
These suggested Service Tags will also enhance the cloud shared responsibility model and improve security posture for VMs connected to VNet Subnets.