Cloud Shell Quick Tip: Service Tag Network Security Group Rule


 Need to ssh into an Azure Virtual Machine but don't have much more than a browser? Don't worry, Azure has already thought about that. With people working remotely or on the go, it's nice to know there are quick alternatives to getting into your resources without having to make major changes to your existing infrastructure and . I have certainly been on the road and have received alert notifications requiring some intervention on a server without having access to my laptop.


This video shows you configure an NSG rule to allow SSH from the Azure Cloud shell within the portal. This is great if you need to access resources and don't have a or Azure Bastion set up within the Virtual (VNET). I show you just three minutes modify your NSG to permit the AzureCloud service tag and ssh into my .



You can find more information on this subject by going to the Virtual network service tags documentation on Microsoft Docs.

Here are some additional docs you can access related to the subjects quickly covered in the video:

  • Network security groups – You can use an Azure security group to filter network traffic to and from Azure resources in an Azure virtual network.

  • Microsoft Learn NSG Module: Secure and isolate access to Azure resources by using network security groups and service endpoints.

  • Virtual network service tags – A service tag represents a group of IP address prefixes from a given Azure service. Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules.


This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.