Leveraging Service Tags to define better rules in Network Security Groups

@20aman    Jan 12, 2020

Service Tags comes in very handy when you want to specify Sources for Inbound rules and Destination for Outbound rules. It makes your life a lot easier to define a complete service without specifying each and every IP address in that service.

E.g. you can specify a complete Virtual Network or Microsoft Azure Backup as a source for Inbound rules very easily by simply leveraging Service tags. Even if the address space of that virtual network changes in the future, you will not need to alter its related Network Security Group (NSG) rules.

Simply navigate to any NSG and then go to Inbound rules (or Outbound rules). Edit one of the existing rules or create a new one. For Souce in case of inbound rules (and destination in case of outbound rules), select "Service Tag" from the drop-down. From the drop-down for the "Source service tag" select the service tag for the service, for which you need the rule.

Service Tags

Note from the arrow in the above screenshot that the vertical scrollbar is huge. Since this feature was launched, so many services have been configured as Service Tags and have made administrators' life easier in terms of configurations required.

For more information please check this link: Virtual network service tags

Comments powered by Disqus