Forum Discussion
JVDenning
Jul 13, 2023Copper Contributor
Azure DevOps services - on premise agent lockdown
If using Azure DevOps Services but with on premise build agents, deployment targets and Environment resources, the outbound connection from these is to a range of generic IP addresses for endpoints t...
Fjorgego
Jul 13, 2023Copper Contributor
Hi,
Tou can also restricted outbound connections by configure your network security policies to allow outbound connections only to the specific IP addresses or IP ranges required for Azure DevOps Services.
Hope that tip may help 🙂
Tou can also restricted outbound connections by configure your network security policies to allow outbound connections only to the specific IP addresses or IP ranges required for Azure DevOps Services.
Hope that tip may help 🙂
- JVDenningJul 13, 2023Copper Contributor
Fjorgego Sorry but you misunderstood - that's already in play and easily understood - it's the fact that those IP addresses host endpoints for all organizations so it's additional measures to ensure that the machines only ever access your own organization - I don't think the endpoints they use have the organisation name in the hostname or url resource path (the path and any organisation specific hostnames used specifically by the agent software are not published).