Define NSG Rules for Restricting Outbound Internet Access
The documentation states clearly that if you add an HDInsight cluster to a VNet, then you cannot apply outbound NSG rules. Having unrestricted outbound internet access is a significant risk. Are there any other mitigating controls in place to detect data leakage?

2 comments
-
Corey Callaway commented
I agree, having to create multiple additional rules based on the azure datacenter IP addresses is cumbersome, and adds extra management overhead and monitoring if those IP addresses change.
Currently this is the only solution- https://blogs.technet.microsoft.com/keithmayer/2016/01/12/step-by-step-automate-building-outbound-network-security-groups-rules-via-azure-resource-manager-arm-and-powershell/
-
Courtney commented
I agree