Does Azure auto-monitor ports in ACI

I have just started working with ACI. I have a container running DNS/TLS on port 853.

I'm seeing connections from private/internal IP and wondering if ACI auto monitors as they aren't any IP addresses in subscription. 

I can't see anything in the docs that would suggest it is auto-monitored, but wondering how/why those IP are able to route to the container. 

notice: ssl handshake failed 10.92.0.10 port 64047