I recently worked on a project to deploy several VM’s in Azure. One of the requirements for this was to block all internet access from the Azure VM’s. This is a prudent step in securing an environment; preventing malicious code from web based threats.
Update 1/2018 – Microsoft has implemented NSG Service Tags for storage and Azure SQL. Information on that is located here. Additional information and the opportunity to vote on adding other services can be found here.
To accommodate this, a Network Security Group (NSG) was created and applied to the VM Subnet. Several rules were applied, including one similar to the picture below. The rule simply blocked traffic from the VirtualNetwork out to the Internet on any source or destination port.
After the rule was put in place and tested I began to setup the rest of the environment. Right away I ran into trouble, the VM’s took up to 30 minutes to deploy and errored out with the message “New-AzureRmVm : Long Running Operation Failed with status ‘Failed’. Continue reading “Azure VM and Internet Access”