Azure-devops-docs: Do we need to whitelist both inbound and outbound for the IP addresses?

Created on 27 Dec 2019  路  5Comments  路  Source: MicrosoftDocs/azure-devops-docs

Do we need to open both Inbound and outbound rules for the URLs listed in the doc below?

https://docs.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops#ip-addresses-and-range-restrictions

The doc mentions "The list doesn't include network connections from Microsoft into a customer network, sometimes called hybrid or inbound network connections.".

What are the inbound IP addresses that need to be whitelisted and in what situations do these need to be whitelisted?

Thank you.

Pri3 allow-list-ip-url.md doc-bug
Source
picture arkoppan

All 5 comments

Thanks for your question. You may find additional information here:

WilliamAntonRohm picture WilliamAntonRohm on 3 Jan 2020

Hi @arkoppan,
According to engineering, they believe this appears to be some kind of role issue with Postgres and may be specific to your setup. Since this isn't a documentation issue, please go here, and then select Report a problem. Our team will be in touch with you shortly after. Thank you.

chcomley picture chcomley on 14 Feb 2020

@chcomley

Reading only what is available here, it seems like it doesn't really address a generic information request. This seems to come up frequently and it would be nice if there was some guidance on how to accomplish the "inbound network connections." @WilliamAntonRohm linked to Stack Overflow, but seems like the community has been unable to really provide a great solution.

I do see a note on this one item, https://developercommunity.visualstudio.com/comments/819232/view.html, that makes it sound like the scale set agents might be the solution? Is it worth creating a blurb to replace this section linking to the scale set agents as the resolution if you need to make inbound network connections?

https://docs.microsoft.com/en-us/azure/devops/pipelines/agents/scale-set-agents?view=azure-devops

Some examples of users seeking guidance:
https://stackoverflow.com/questions/53422395/how-to-get-the-ip-address-for-azure-devops-hosted-agents-to-add-to-the-white-lis
https://stackoverflow.com/questions/64373423/how-to-run-powershell-command-from-azure-devops-pipeline-to-on-premises-remote-s
https://stackoverflow.com/questions/60624215/whitelisting-azure-devops-ips-for-service-hooks

MattDavisRM picture MattDavisRM on 15 Oct 2020

I have a ticket open with MS requesting their Azure DevOps IPs inbound to customer on-prem. I will share if they provide something useful.

captainhook picture captainhook on 18 Nov 2020
👍1

Looks like the documentation has already been updated with inbound IPs, scroll down to second table: https://docs.microsoft.com/en-us/azure/devops/organizations/security/allow-list-ip-url?view=azure-devops#ip-addresses-and-range-restrictions

captainhook picture captainhook on 23 Nov 2020
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

cijujoseph picture cijujoseph  路  3Comments
dannyvv picture dannyvv  路  3Comments
o-o00o-o picture o-o00o-o  路  3Comments
Naphier picture Naphier  路  3Comments
anlatsko picture anlatsko  路  3Comments