I am creating some Network Security Groups to apply to various subnets, and am attempting to narrow outbound access as much as possible for the Suse VMs that I have created within the subnets.
1. The waagent appears to need outbound access to TCP/80 (inbound TCP/16001 is fine). Is there an external IP range that I can lock it down to, rather than opening that port up completely?
2. While I can find a massive list of MS datacenter IP addresses, I would like to be able to also identify the specific IP address ranges of the Azure Service Bus service, Azure Storage Service, and Azure SQL so that I can create rules around them as well since these are apparently public-facing IP addresses and can't be addressed internally. I am not using the management portal for provisioning, so retro-fitting by getting these manually from the management console is not an option.
Thank you in advance for any help.