You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#customer intent: As a network administrator, I want to deploy security admin rules in Azure Virtual Network Manager. When creating security admin rules, I want to define network groups as the source and destination of traffic.
11
11
---
12
12
13
13
# Using network groups with security admin rules
14
14
15
-
In this article, you learn how to use network groups with security admin rules in Azure Virtual Network Manager. Network groups allow you to create logical groups of virtual networks and subnets that have common attributes, such as environment, region, service type, and more. You can then specify your network groups as the source and/or destination of your security admin rules so that you can enforce the traffic among your grouped network resources. This feature streamlines the process of securing your traffic across workloads and environments, as it removes the manual step of specifying individual Classless Inter-Domain Routing (CIDR) ranges or resource IDs.
15
+
In this article, you learn how to use network groups with security admin rules in Azure Virtual Network Manager (AVNM). Network groups allow you to create logical groups of virtual networks and subnets that have common attributes, such as environment, region, service type, and more. You can then specify your network groups as the source and/or destination of your security admin rules so that you can enforce the traffic among your grouped network resources. This feature streamlines the process of securing your traffic across workloads and environments, as it removes the manual step of specifying individual Classless Inter-Domain Routing (CIDR) ranges or resource IDs.
## Why use network groups with security admin rules?
18
20
@@ -56,7 +58,7 @@ The following limitations apply when using network groups with security admin ru
56
58
57
59
- Only supports IPv4 address prefixes in the network group members.
58
60
59
-
- Role-based access control ownership is inferred from the Microsoft.Network/networkManagers/securityAdminConfigurations/rulecollections/rules/write permission only.
61
+
- Role-based access control ownership is inferred from the `Microsoft.Network/networkManagers/securityAdminConfigurations/rulecollections/rules/write` permission only.
60
62
61
63
- There's no scope enforcement on the network group members when using clients other than the Azure portal.
Copy file name to clipboardExpand all lines: articles/virtual-network-manager/how-to-create-security-admin-rule-network-groups.md
+37-74Lines changed: 37 additions & 74 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: mbender-ms
6
6
ms.author: mbender
7
7
ms.service: virtual-network-manager
8
8
ms.topic: how-to
9
-
ms.date: 03/16/2024
9
+
ms.date: 04/01/2024
10
10
ms.custom: template-how-to
11
11
#Customer intent: As a network administrator, I want to deploy security admin rules using network groups in Azure Virtual Network Manager so that I can define the source and destination of the traffic for the security admin rule.
12
12
---
@@ -16,45 +16,7 @@ In Azure Virtual Network Manager, you can deploy [security admin rules](./concep
16
16
17
17
In this article, you learn how to create a security admin rule using network groups in Azure Virtual Network Manager. You use the Azure portal to create a security admin configuration, add a security admin rule, and deploy the security admin configuration.
18
18
19
-
> [!IMPORTANT]
20
-
>
21
-
> Azure Virtual Network Manager is generally available for Virtual Network Manager and hub-and-spoke connectivity configurations. Both Mesh connectivity configurations and the creation of security admin rules with network groups in Azure Virtual Network Manager are in public preview remain in public preview.
22
-
>
23
-
> Security configurations with security admin rules is generally available in the following regions:
24
-
> - Australia East
25
-
> - Australia Southeast
26
-
> - Brazil South
27
-
> - Brazil Southeast
28
-
> - East Asia
29
-
> - Europe North
30
-
> - France South
31
-
> - Germany West Central
32
-
> - India Central
33
-
> - India South
34
-
> - India West
35
-
> - Israel Central
36
-
> - Italy North
37
-
> - Japan East
38
-
> - Jio India West
39
-
> - Korea Central
40
-
> - Norway East
41
-
> - Norway West
42
-
> - Poland Central
43
-
> - Qatar Central
44
-
> - South Africa North
45
-
> - South Africa West
46
-
> - Sweden Central
47
-
> - Sweden South
48
-
> - Switzerland North
49
-
> - UAE North
50
-
> - US East
51
-
> - US North
52
-
> - US West Central
53
-
>
54
-
> All other regions remain in public preview.
55
-
>
56
-
> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
57
-
> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/).
@@ -82,56 +44,57 @@ To create a security admin configuration, follow these steps:
82
44
83
45
:::image type="content" source="media/how-to-create-security-admin-rules-network-groups/create-security-admin-configuration.png" alt-text="Screenshot of creation of security admin configuration in Configurations of a network manager.":::
84
46
85
-
1. In **Create security admin configuration**, enter the following details:
47
+
1. In the **Basics** tab of the **Create security admin configuration** windows, enter the following settings:
86
48
87
49
|**Setting**|**Value**|
88
50
| --- | --- |
89
-
|**Name**| Enter a name for the security admin rule. |
90
-
|**Description**| Enter a description for the security admin rule. |
91
-
|**Deployment option for NIP virtual networks**||
92
-
|**Deployment option**| Select **None**. |
93
-
|**Address Space Aggregation Options**| Select **Manual**. |
94
-
95
-
-**Name**: Enter a name for the security admin rule.
96
-
97
-
-**Description**: Enter a description for the security admin rule.
98
-
99
-
1. Select **Review + create** and then select **Create**.
51
+
| Name | Enter a name for the security admin rule. |
52
+
| Description | Enter a description for the security admin rule. |
53
+
100
54
101
-
## Add a security admin rule
55
+
1. Select the **Deployment Options** tab or **Next: Deployment Options >** and enter the following settings:
102
56
103
-
To add a security admin rule, follow these steps:
57
+
|**Setting**|**Value**|
58
+
| --- | --- |
59
+
|**Deployment option for NIP virtual networks**||
60
+
| Deployment option | Select **None**. |
61
+
|**Option to use network group as source and destination**||
62
+
| Network group address space aggregation option | Select **Manual**. |
104
63
105
-
1. In the **Configurations** window, select the securityadminconfiguration you created. If you don't see the configuration, select **Refresh**.
64
+
:::image type="content" source="media/how-to-create-security-admin-rules-network-groups/create-configuration-with-aggregation-options.png" alt-text="Screenshot of create a security admin configuration deployment options selecting manual aggregation option.":::
106
65
107
-
1. Under **Settings**, select **Rule collections** and **+ Create**.
66
+
1. Select **Rule collections** or **Next: Rule collections >**.
67
+
2. In the Rule collections tab, select **Add**.
68
+
3. In the **Add a rule collection** window, enter the following settings:
108
69
109
-
1. In the **Add a rule collection** window, enter the following details:
110
-
111
70
|**Setting**|**Value**|
112
71
| --- | --- |
113
-
|**Name**| Enter a name for the rule collection. |
114
-
|**Target network groups**| Select the network group that contains the source and destination of the traffic for the security admin rule. |
|**Destination port**| Enter the destination port for the security admin rule. |
89
+
| Destination type | Select **Network Group**. |
90
+
| Network Group | Select the network group ID that you wish to use for dynamically establishing IP address ranges. |
91
+
| Destination port | Enter the destination port for the security admin rule. |
92
+
93
+
:::image type="content" source="media/how-to-create-security-admin-rules-network-groups/create-network-group-as-source-destination-rule.png" alt-text="Screenshot of add a rule window using network groups as source and destination in rule creation.":::
94
+
95
+
2. Select **Add** and **Add** again to add the security admin rule to the rule collection.
133
96
134
-
1. Select **Add** and **Add** again to add the security admin rule to the rule collection.
97
+
3. Select **Review + create** and then select **Create**.
> The creation of security admin rules with network groups as source and destination in Azure Virtual Network Manager is in public preview. Public previews are made available to you on the condition that you agree to the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/). Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.
0 commit comments