Define NSG Rules for Restricting Outbound Internet Access
The documentation states clearly that if you add an HDInsight cluster to a VNet, then you cannot apply outbound NSG rules. Having unrestricted outbound internet access is a significant risk. Are there any other mitigating controls in place to detect data leakage?
51
votes
Deane Hardwick
shared this idea
2 comments
-
Corey Callaway
commented
I agree, having to create multiple additional rules based on the azure datacenter IP addresses is cumbersome, and adds extra management overhead and monitoring if those IP addresses change.
Currently this is the only solution- https://blogs.technet.microsoft.com/keithmayer/2016/01/12/step-by-step-automate-building-outbound-network-security-groups-rules-via-azure-resource-manager-arm-and-powershell/
-
Courtney
commented
I agree