NSG between hostpool and Azure ADDS

%3CLINGO-SUB%20id%3D%22lingo-sub-719951%22%20slang%3D%22en-US%22%3ENSG%20between%20hostpool%20and%20Azure%20ADDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-719951%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20like%20to%20deploy%20an%20host%20pool%20and%20make%20sure%20my%20NSG%20are%20well%20configured%20for%20communicaiton%20with%20Azure%20ADDS.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20it%20exists%20any%20recommandations%20about%20the%20NSG%20I%20should%20define%20for%20the%20subnet%20where%20my%20host%20pool%20will%20be%20hosted%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20tried%20to%20figure%20out%20myself%20through%20the%20documentation%20I%20can%20find%20around%20Azure%20ADDS%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Falert-nsg%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Falert-nsg%3C%2FA%3E)%20but%20I%20was%20not%20able%20to%20understand%20the%20required%20NSG%20to%20apply%20on%20my%20subnet.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you%20for%20your%20help.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-722260%22%20slang%3D%22en-US%22%3ERe%3A%20NSG%20between%20hostpool%20and%20Azure%20ADDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-722260%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297703%22%20target%3D%22_blank%22%3E%40ghonyme%3C%2FA%3E%3A%20Recommend%20to%20verify%20with%20Azure%20AD%20DS.%26nbsp%3B%20From%20service%20set-up%20we%20have%20no%20recommendations%20in%20this%20regards.%3C%2FP%3E%0A%3CBLOCKQUOTE%3E%3CHR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F297703%22%20target%3D%22_blank%22%3E%40ghonyme%3C%2FA%3E%26nbsp%3Bwrote%3A%3CBR%20%2F%3E%3CP%3EHello%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20would%20like%20to%20deploy%20an%20host%20pool%20and%20make%20sure%20my%20NSG%20are%20well%20configured%20for%20communicaiton%20with%20Azure%20ADDS.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EDoes%20it%20exists%20any%20recommandations%20about%20the%20NSG%20I%20should%20define%20for%20the%20subnet%20where%20my%20host%20pool%20will%20be%20hosted%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EI%20tried%20to%20figure%20out%20myself%20through%20the%20documentation%20I%20can%20find%20around%20Azure%20ADDS%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Falert-nsg%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Falert-nsg%3C%2FA%3E)%20but%20I%20was%20not%20able%20to%20understand%20the%20required%20NSG%20to%20apply%20on%20my%20subnet.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20your%20help.%3C%2FP%3E%0A%3CHR%20%2F%3E%3C%2FBLOCKQUOTE%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-722579%22%20slang%3D%22en-US%22%3ERe%3A%20NSG%20between%20hostpool%20and%20Azure%20ADDS%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-722579%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F139744%22%20target%3D%22_blank%22%3E%40Eva%20Seydl%3C%2FA%3E%26nbsp%3BThank%20you%2C%20it's%20what%20I%20did.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20it%20can%20help%20someone%20else%2C%20the%20inbound%20rules%20are%20pretty%20clear%20here%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Fnetwork-considerations%23ports-required-for-azure-ad-domain-services%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory-domain-services%2Fnetwork-considerations%23ports-required-for-azure-ad-domain-services%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20still%20need%20to%20figure%20out%20the%20outbound%20rules.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThank%20you.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hello,

 

I would like to deploy an host pool and make sure my NSG are well configured for communicaiton with Azure ADDS.

 

Does it exists any recommandations about the NSG I should define for the subnet where my host pool will be hosted?

 

I tried to figure out myself through the documentation I can find around Azure ADDS (https://docs.microsoft.com/en-us/azure/active-directory-domain-services/alert-nsg) but I was not able to understand the required NSG to apply on my subnet.

 

Thank you for your help.

2 Replies
Highlighted

@ghonyme: Recommend to verify with Azure AD DS.  From service set-up we have no recommendations in this regards.


@ghonyme wrote:

Hello,

 

I would like to deploy an host pool and make sure my NSG are well configured for communicaiton with Azure ADDS.

 

Does it exists any recommandations about the NSG I should define for the subnet where my host pool will be hosted?

 

I tried to figure out myself through the documentation I can find around Azure ADDS (https://docs.microsoft.com/en-us/azure/active-directory-domain-services/alert-nsg) but I was not able to understand the required NSG to apply on my subnet.

 

Thank you for your help.


 

Highlighted

@Eva Seydl Thank you, it's what I did.

 

If it can help someone else, the inbound rules are pretty clear here: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/network-considerations#ports...

 

I still need to figure out the outbound rules.

 

Thank you.