MicrosoftWell this is not very benificial for companies who have high security standards. Basically we have to open up the ENTIRE internet for all our virtual machines in our NSG's and filter it in the Azure Firewall for Windows Update. That is a huge setback as we want to control internet access from both the Azure Firewall and NSG's.
Then there are some of my customers who have Azure Virtual WAN without an Azure Firewall.
There might be third parties, but this is about Windows Update. At the end of the game, Microsoft is in control who and what can provide Windows Updates (even third parties) and should be able to adjust the service tags accordingly. My suspicion is that MS focused on SSL verification for Windows Updates, making a whitelist obsolete (in an ideal world).
