You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/networking.md
+5-3Lines changed: 5 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -204,10 +204,11 @@ Application rules allow or deny traffic based on the application layer. The foll
204
204
| Scenarios | FQDNs | Description |
205
205
|--|--|--|
206
206
| All scenarios |`mcr.microsoft.com`, `*.data.mcr.microsoft.com`| These FQDNs for Microsoft Container Registry (MCR) are used by Azure Container Apps and either these application rules or the network rules for MCR must be added to the allowlist when using Azure Container Apps with Azure Firewall. |
207
-
| Azure Container Registry (ACR) |*Your-ACR-address*, `*.blob.windows.net`| These FQDNs are required when using Azure Container Apps with ACR and Azure Firewall. |
207
+
| Azure Container Registry (ACR) |*Your-ACR-address*, `*.blob.windows.net`, `login.microsoft.com`| These FQDNs are required when using Azure Container Apps with ACR and Azure Firewall. |
208
208
| Azure Key Vault |*Your-Azure-Key-Vault-address*, `login.microsoft.com`| These FQDNs are required in addition to the service tag required for the network rule for Azure Key Vault. |
209
-
| Managed Identities | `*.identity.azure.net`, `login.microsoftonline.com`, `*.login.microsoftonline.com`, `*.login.microsoft.com` | These FQDNs are required when using managed identities with Azure Firewall in Azure Container Apps.
209
+
| Managed Identity | `*.identity.azure.net`, `login.microsoftonline.com`, `*.login.microsoftonline.com`, `*.login.microsoft.com` | These FQDNs are required when using managed identities with Azure Firewall in Azure Container Apps.
210
210
| Docker Hub Registry |`hub.docker.com`, `registry-1.docker.io`, `production.cloudflare.docker.com`| If you're using [Docker Hub registry](https://docs.docker.com/desktop/allow-list/) and want to access it through the firewall, you need to add these FQDNs to the firewall. |
211
+
| Managed Identity |`login.microsoft.com`| These FQDNs are required when using Azure Container Apps with Managed Identity. |
211
212
212
213
##### Network rules
213
214
@@ -216,8 +217,9 @@ Network rules allow or deny traffic based on the network and transport layer. Th
216
217
| Scenarios | Service Tag | Description |
217
218
|--|--|--|
218
219
| All scenarios |`MicrosoftContainerRegistry`, `AzureFrontDoorFirstParty`| These Service Tags for Microsoft Container Registry (MCR) are used by Azure Container Apps and either these network rules or the application rules for MCR must be added to the allowlist when using Azure Container Apps with Azure Firewall. |
219
-
| Azure Container Registry (ACR) |`AzureContainerRegistry`| When using ACR with Azure Container Apps, you need to configure these application rules used by Azure Container Registry. |
220
+
| Azure Container Registry (ACR) |`AzureContainerRegistry`, `AzureActiveDirectory`| When using ACR with Azure Container Apps, you need to configure these application rules used by Azure Container Registry. |
220
221
| Azure Key Vault |`AzureKeyVault`, `AzureActiveDirectory`| These service tags are required in addition to the FQDN for the application rule for Azure Key Vault. |
222
+
| Managed Identity |`AzureActiveDirectory`| When using Managed Identity with Azure Container Apps, you'll need to configure these application rules used by Managed Identity. |
221
223
222
224
> [!NOTE]
223
225
> For Azure resources you are using with Azure Firewall not listed in this article, please refer to the [service tags documentation](../virtual-network/service-tags-overview.md#available-service-tags).
0 commit comments