Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this how-to article, you create a community endpoint and add a rule that defines an allowed destination for enclave connections.
Prerequisites
An Azure subscription. If you don't have one, create a free account before you begin.
An existing community.
Sign in to Azure
Sign in to the Azure portal.
Create a community endpoint
Go to an existing community in your Azure subscription.
In the left menu, select
Community Endpoints, and then selectCreate.
Enter a name for the community endpoint, and then select
Addto create a community endpoint rule.
Community endpoint rule types
Before you add the rule, choose the destination type that matches the endpoint you need to allow.
IPAddress: Enable traffic from an enclave to an IP address outside of the community Virtual WAN.FQDN: Enable traffic from an enclave to a trusted fully qualified domain name (FQDN), such as*.portal.azure.com. FQDN rules supportHTTP,HTTPS,TCP, orUDP; use only one protocol and one port per rule.FQDNTag: Enable traffic from enclaves to known Microsoft Azure services through FQDN tags, such asAzurePortal.ServiceTag: Enable traffic from enclaves to Azure services by using Azure service tags. Service tags represent groups of IP address prefixes for specific Azure services, such asStorage,AzureKeyVault, andSql. For a complete list of available service tags, see Virtual Network service tags.PrivateNetwork: Enable traffic from enclaves to an external private network through a transit hub connection.
Enter the rule name, destination type, destination, port, and protocol, and then select Add.
Configure service tag rules
When you create a ServiceTag rule:
Select
ServiceTagas the destination type.Choose the
Destinationservice tag from the list, such asStorage,AzureKeyVault, orAzureActiveDirectory.Select the protocol:
TCP,UDP,ICMP, orANY.Enter the destination ports required for your service.
Tip
Use service tags when you need to connect to Azure services that have dynamic IP address ranges. Service tags reduce the need to track and update IP addresses manually.
Select
Review + create, and then selectCreate.