Managing Disconnected Azure VMs for Azure Sentinel

For those that take the deeper security plunge for their Azure VMs and disconnect them from the Internet completely, did you know this will result in a bit of a challenge for being able to monitor security with Azure Sentinel?

The Log Analytics agent requires an Internet connection to function, but by enabling a specific Service Tag in an Outbound rule, you can still get this to work correctly.

I’ve put together the full instructions and configuration on how to make this work over at the TechCommunity blog site.

Check it out: Ensuring Internet-blocked Azure VMs Can Still Connect


Leave a Reply