Enable the application of Network Security Group rules to groups of IPs
Allow the creation of groups that contain multiple IP addresses. Then allow the application of Network Security Group rules to the group. As an example I could create a group, add the IP addresses of all my Domain Controllers to the group, then apply rules to the group, rather than duplicating rules for each Domain Controller where the only difference is the IP address.
Thanks for the feedback, we are looking into expose features for grouping and improve rule definitions, we’ll keep you posted
Jacques Bron commented
Agree with Daniel.
These items are important for us as an Enterprise customer with 20+ subscriptions. The current implicit rules is not supported by our Security and Risk teams. The Azure tag/object should also be per Azure region and we want to control the protocol and the port.
Shamir C commented
In addition to tags, I'd like to see that this work on pools much like how the load balancer works. IE: I should be able to create a "backend pool" then add any number of NICs to that pool. That way if the NIC changes address, the rule auto updates
Daniel Grenemark commented
Creating and populating custom Tags (out-of-the-box tag examples; INTERNET, VIRTUAL_NETWORK) is essential for efficiently manage a large amount of NSGs. Change of custom Tags should also propagate through all NSGs they're applied to - which would one require one point of change that applies to many NSGs.
There should also be an out-of-the-box Tag for Azure's Public IP ranges which are dynamically updated.