During VM creation, RDP open to Internet rule is bypassing NSG policy to deny inbound rule for 3389

Copper Contributor

3389 is successfully blocked by policy on an NSG when a user tries to create an inbound allow rule outside of our whitelist of sourceAddressPrefix for 3389, or any range that includes it (including '*'). The problem is when deploying a VM, if the RDP option is checked, Azure goes ahead and creates an any any inbound allow rule for 3389. How do I go about denying the VM creation when a user tries to apply this rule?


The current policy applies to:

"field": "type","in":


1 Reply