We are excited to announce the Public Preview of IP Network Firewalls for Azure Key Vault Managed HSM in East US, West US, West US 2, West Central US, UK South, and West Europe.
The feature allows you to authorize a particular service to access your managed HSM through the Managed HSM Firewall by adding its IP address to the Key Vault Managed HSM firewall allowlist. This configuration is best for services that use static IP addresses or well-known ranges. There is a limit of 10 CIDR ranges for this case, and only IPv4 addresses are supported at this time.
Note that firewall rules only apply to data plane operations. Control plane operations are not subject to the restrictions specified in firewall rules. Additionally, to access data by using tools such as the Azure portal, you must be on a machine within the trusted boundary that you establish when configuring network security rules.
To learn more and try it out yourself, see the IP Network Firewall product documentation.
Microsoft