Network Security Group Source Azure Services option
My scenario include two Virtual Machines acting as Web Servers and a Traffic Manager in-place if the primary node fails I can switch to the other VM that is in a different datacenter. However they are accessible only by specific public IPs and to get Traffic Manager working, I had to create a rule in a different port for ANY.
Wouldn't be easier to have an option on Source Azure Services, like there is in Azure SQL Server firewall?
Juha Palomäki commented
In addition it would be great if you could just select the VM instances and App services that should be allowed.
Especially with app services this is kind of a problem. First of all there are 4 outgoing IP addresses for the app services. Since they are not from same subnet, they need to be listed one by one in the network security group. Also these 4 IP addresses may not remain the same if the app services are scaled.
One way would be allow defining custom tags which could be used in network security groups. I could define tag that covers all my internal services and then use that tag in many security groups.