Hi all,
I am beginner of Azure. I just tested about the endpoints security setting on instance with classic deployment.
I am not sure if there is any limitation on the endpoints setting and its ACL. According to my observation, no matter which specific ports I allow explicitly, other instances (i.e. also launched via classic deployment) could ignore the setting and communicate with each other on any ports via private IP address.
Another observation is that when a port (lets say port 1000) was set to deny all IP, other instances could still communicate via that port 1000 via private IP address.
Therefore, seems that it may hinder some security controls on network design if classic deployment is used. For example, it may not able to implement 3 tiers architecture (web, app, database) just via endpoints setting.
Please kindly correct me if I missed anything or my observation was wrong.
Many thanks.