Thank you for your feedback. Today publishing NSG Flow Logs to an Event Hub is not currently supported natively. We will continue to evaluate this suggestion and update the status accordingly.
Today, if you are interested in transforming and streaming NSG Flow Logs to a 3rd party endpoint, we have published a sample here that leverages an Azure function: https://github.com/Microsoft/AzureNetworkWatcherNSGFlowLogsConnector
Splunk has also published a blog with guidance on integrating NSG Flow Logging data here: https://www.splunk.com/blog/2017/02/20/splunking-microsoft-azure-network-watcher-data.html
Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature backlog and also gives us insight into the potential impact of implementing the suggested feature.
An error occurred while saving the commentDroessler, Michael J. commented
Agreed. We have medium security use cases where we don't require an Azure Firewall, but a NAT Gateway would allow for known egress IPs. However, without NSG Flow Logging this remains a non-starter.
This work is something we are planning on.
Thanks for this suggestion. Apologies for the inconvenience this inconsistent behavior has caused, while we look into it, note a workaround that has worked for a few:
- Anavi N [MSFT]
This remains unplanned, but is still very much of interest. Please keep the votes coming.
This capability will soon be supported and will be announced.
Thank you for this suggestion! It has been escalated to the Windows Azure engineering team for further evaluation. We will post here to gather additional information as-appropriate.
We are very excited to announce the public preview of Azure Data Factory Managed Virtual Network.
With this new feature, you can provision the Azure Integration Runtime in Managed Virtual Network and leverage Private Endpoints to securely connect to supported data stores. Your data traffic between Azure Data Factory Managed Virtual Network and data stores goes through Azure Private Link which provides secured connectivity and eliminate your data exposure to the public internet. With the Managed Virtual Network along with Private Endpoints, you can also offload the burden of managing virtual network to Azure Data Factory and protect against the data exfiltration.
To learn more about Azure Data Factory Managed Virtual Network, see https://azure.microsoft.com/blog/azure-data-factory-managed-virtual-network/
6 votesDroessler, Michael J. shared this idea ·
209 votes17 comments · Azure Active Directory » Developer Experiences · Flag idea as inappropriate… · Admin →
Thank you for the feedback! This is in the backlog and we are looking into this. We don’t have an ETA yet, but we will share once we have one. Please keep voting if this feature matters to you.
Great news – static IP range for Azure Integration Runtime is now available in all ADF regions! You can whitelist specific IP ranges for ADF as part of firewall rules. The IPs are documented here: https://docs.microsoft.com/en-us/azure/data-factory/azure-integration-runtime-ip-addresses#azure-integration-runtime-ip-addresses-specific-regions. Static IP ranges for gov cloud and China cloud will be published soon!
Please refer to this blog post on how you can use various mechanisms including trusted Azure service and static IP to secure data access through ADF:
Service tag support will be made available in next few weeks. Please stay tuned!
If your network security requirement calls for ADF support for VNet and cannot be met using Trusted Azure service (released in Oct 2019), static IP range (released in Jan 2020), or service tag (upcoming), please vote for VNet feature here: https://feedback.azure.com/forums/270578-data-factory/suggestions/37105363-data-factory-should-be-able-to-use-vnet-without-re
We have started work to enable use of Service Identities to authenticate between App Service and ACR
We are working on this but we don’t have a public ETA to share at this time. We will keep you updated as we get closer.
36 votes5 comments · Azure Active Directory » Role-based Access Control · Flag idea as inappropriate… · Admin →
We are looking into it and will update you when we know more.
Arturo via Chen