Skip to content

Commit 59c11e6

Browse files
author
Michael Bender
committed
added new article for NIP
1 parent 0efa9c9 commit 59c11e6

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

articles/virtual-network-manager/concept-security-admins.md

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -112,14 +112,13 @@ When new security risks are identified, you can deploy them at scale by creating
112112

113113
## Azure services that do not apply security admin rules
114114

115-
By default, security admin rules are applied to all virtual networks and subnets within the scope of a network group. However, there are some services that do not apply security admin rules due to the network requirements of the service.
115+
By default, security admin rules are applied to all virtual networks and subnets within the scope of a network group. However, there are some services that do not apply security admin rules due to the network requirements of the service. These requirements are enforced by network intent policies.
116116

117117
### Network intent policies and security admin rules
118118

119119
Some services have network intent policies to ensure the network traffic is working as needed for their services. By default, when you deploy a security admin configuration, security admin rules are not applied on virtual networks with services that use network intent policies such as [SQL managed instance service](/azure/azure-sql/managed-instance/connectivity-architecture-overview.md#service-aided-subnet-configuration). If you create a service in a virtual network with existing security admin rules, those security admin rules will be removed from those virtual networks.
120120

121-
122-
When you do so, you could break the network intent policies created for those services. For example, creating a deny admin rule can block some traffic allowed by the SQL managed instance service, which is defined by their network intent policies. Make sure to review your environment before applying a security admin configuration.
121+
If you were to apply them, you could break the network intent policies created for those services. For example, creating a deny admin rule can block some traffic allowed by the SQL managed instance service, which is defined by their network intent policies. This can cause the service to stop working.
123122

124123
### Services in Virtual Networks
125124

0 commit comments

Comments
 (0)