You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
#customer intent: As a network administrator, I want to deploy security admin rules in Azure Virtual Network Manager. When creating security admin rules, I want to define network groups as the source and destination of traffic.
11
11
---
@@ -24,7 +24,9 @@ For example, you need to ensure traffic is denied between your production and no
24
24
25
25
## How do I deploy a security admin rule using network groups?
26
26
27
-
Once you have access to the public preview, you can deploy a security admin rule using network groups in the Azure portal. To create a security admin role, create a security admin configuration and add a security admin rule. Finally, deploy the security admin configuration. For more information, see [Create a security admin rule using network groups](./how-to-create-security-admin-rule-network-groups.md).
27
+
From the Azure portal, you can [deploy a security admin rule using network groups](./how-to-create-security-admin-rule-network-groups.md) in the Azure portal. To create a security admin rule, create a security admin configuration and add a security admin rule that utilizes network groups as source and destination. Finally, deploy the security admin configuration and the rules apply to the network group resources.
28
+
29
+
If you change the resources in your network group or a network group's CIDR range changes, you need to redeploy the configuration after the changes are made. After deployment, the new CIDR ranges will be applied across your network to all new and existing network group resources.
28
30
29
31
## Supported regions
30
32
@@ -57,13 +59,13 @@ The following limitations apply when using network groups with security admin ru
57
59
- Supports 100 networking resources (virtual networks or subnets) in any one network group referenced in the security admin rule.
58
60
59
61
- Only supports IPv4 address prefixes in the network group members.
62
+
63
+
- Dual-stack network groups aren't supported. If both IPv4 and IPv6 ranges are present, Azure Virtual Network Manager (AVNM) only uses the IPv4 ranges.
60
64
61
65
- Role-based access control ownership is inferred from the `Microsoft.Network/networkManagers/securityAdminConfigurations/rulecollections/rules/write` permission only.
62
66
63
67
- Network groups must have the same member-types. Virtual networks and subnets are supported but must be in separate network groups.
64
68
65
-
- Only supports aggregating members in the same tenant as the network manager.
66
-
67
69
- Force-delete of any network group used as the source and/or destination in a security admin rule isn't currently supported. Usage causes an error.
Copy file name to clipboardExpand all lines: articles/virtual-network-manager/how-to-create-security-admin-rule-network-group.md
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: mbender-ms
6
6
ms.author: mbender
7
7
ms.service: virtual-network-manager
8
8
ms.topic: how-to
9
-
ms.date: 04/01/2024
9
+
ms.date: 04/15/2024
10
10
ms.custom: template-how-to
11
11
#Customer intent: As a network administrator, I want to deploy security admin rules using network groups in Azure Virtual Network Manager so that I can define the source and destination of the traffic for the security admin rule.
0 commit comments