Skip to main content

Remediation

From Azure Portal​

Create and associate PaaS resources with a new network security perimeter:

  1. Go to Network Security Perimeters.
  2. Click + Create.
  3. Select a Subscription and Resource group, provide a Name, select a Region, and provide a Profile name.
  4. Click Next.
  5. Click + Add.
  6. Check the box next to a PaaS resource to associate it with the network security perimeter.
  7. Click Select.
  8. Click Next.
  9. Configure appropriate Inbound access rules for your organization.
  10. Click Next.
  11. Configure appropriate Outbound access rules for your organization.
  12. Click Review + create.
  13. Click Create.

Associate PaaS resources with an existing network security perimeter:

  1. Go to Network Security Perimeters.

  2. Click the name of a network security perimeter.

  3. Under Settings, click Associated resources.

  4. Click + Add.

  5. Select Associate resources with a new profile or Associate resources with an existing profile.

  6. To associate resources with a new profile:

    1. Provide a Name.
    2. Click Next.
    3. Click + Add.
    4. Check the box next to a PaaS resource to associate it with the network security perimeter.
    5. Click Select.
    6. Click Next.
    7. Configure appropriate Inbound access rules for your organization.
    8. Click Next.
    9. Configure appropriate Outbound access rules for your organization.
    10. Click Review + create.
    11. Click Create.

  7. To associate resources with an existing profile:

    1. Next to Profile, click Select to display the drop-down menu.
    2. Select a profile.
    3. Click + Add.
    4. Check the box next to a PaaS resource to associate it with the network security perimeter.
    5. Click Select.
    6. Click Associate.

From Azure CLI​

Use az network perimeter profile list or az network perimeter profile create to list existing or create a new network security perimeter profile.

For each PaaS resource requiring association with a network security perimeter, run the following command:

az network perimeter association create --resource-group <resource-group> --perimeter-name <network-security-perimeter> --association-name <association> --private-link-resource "{id:<paas-resource-id>}" --profile "{<profile-id>}"