Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
8,141 questions
Configuring Outbound Access Restrictions for Azure AI Service
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 47%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EML%3C/text%3E%3C/svg%3E)
Mithila Lishan
111
Reputation points
I have created an Azure AI service and need to restrict its outbound access. According to the documentation, the following Azure CLI command must be executed
az rest -m patch -u /subscriptions/{subscription ID}/resourceGroups/{resource group}/providers/Microsoft.CognitiveServices/accounts/{account name}?api-version=2021-04-30 -b '{"properties": { "restrictOutboundNetworkAccess": true, "allowedFqdnList": [ "microsoft.com" ] }}'
Instead of using the CLI command, is it possible to configure the same settings through the Azure portal user interface?
Additionally, if I only want to restrict outbound traffic for app services, should I use "azurewebsites.net" instead of "microsoft.com" in the configuration?
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 61%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELR%3C/text%3E%3C/svg%3E)
Laxman Reddy Revuri 1,525 Reputation points Microsoft Vendor2025-01-09T17:18:29.11+00:00 Hi @Mithila Lishan
Thanks for the question and using MS Q&A platform.
To configure network rules for Azure AI services through the Azure portal.1.Use the search bar at the top to find your Azure AI service by typing "Azure AI services" and selecting the relevant resource from the results.2.Once you are on the resource page, look for Networking under the Resource Management section in the left-hand menu.
3.Under Firewalls and virtual networks, you will see options for network access.
4.To restrict access, set the default network rule to Deny (if not already set). This will block all traffic unless explicitly allowed.
5.Choose Selected networks and private endpoints to allow access only from specific virtual networks or IP addresses.
6.Click on Add existing virtual network to specify which virtual networks can access your Azure AI service.
7.If you want to allow access from specific public IP address ranges, you can do so by entering the ranges in CIDR format under the allowed IP address settings.
8.After configuring your settings, click on Save to apply the changes.
Network isolation - Azure AI services | Microsoft LearnIf your AI service only needs to communicate with App Services, then yes,
azurewebsites.netwould be appropriateHowever, the AI service might need to reach other Microsoft endpoints to function properly. For example:
· Model endpoints for inference
· Authentication services
· Telemetry services
Sign in to comment
Sign in to answer