Allow VMs to communicate with DSC without public Internet connection
Can we allow Azure VMs to somehow communicate with Automation Accounts in the same subscription in order to implement DSC without requiring the VM to have an Internet connection? Since the IP address of the automation account changes so readily, I cannot create a specific NSG rule for automation accounts, though I would love to be able to use Azure DSC for our VMs. Today, I cannot due to the inabaility for me to lock down generic Internet traffic on internal-only VMs.
Just a follow up that we are still tracking this as a priority. We have published guidance based on restricting traffic to specific IP ranges but we are also considering how service tags can address this need.
Any progress on this?
This is not just a problem with NSGs.
Any server behind a Standard Internal Load Balancer cannot communicate with Automation without assigning it an unneeded public IP address.