This is a useful file to obtain on a regular (e.g. weekly) basis. It is a Microsoft maintained JSON (JavaScript Object Notation) file that contains the IP Addresses of Azure services which can be used to create/update outbound firewall policies (rules) used for connectivity to Azure services.
https://www.microsoft.com/download/details.aspx?id=56519
Once downloaded, from PowerShell, the following can be used to create firewall rules to permit access through the Windows Firewall. Similar methods can be used for other firewalls via their REST API.
$AzureServiceTagsJson = Get-ChildItem -Path "C:\" -Filter *ServiceTags*.json | Select-Object -First 1 | Select-Object -ExpandProperty FullName $AzurePublicCloudServiceTags = Get-Content -Path $AzureServiceTagsJson | ConvertFrom-Json | Where-Object Cloud -eq "Public" | Select-Object -ExpandProperty values $AzureArcServiceTags = $AzurePublicCloudServiceTags | Where-Object {$_.name -eq "AzureActiveDirectory" -or $_.name -eq "AzureTrafficManager" -or $_.name -eq "AzureResourceManager" -or $_.name -eq "AzureArcInfrastructure" -or $_.name -eq "Storage"} foreach ($ServiceTag in $AzureArcServiceTags) { New-NetFirewallRule -DisplayName "Allow $($ServiceTag.name)" -Direction Outbound -Action Allow -RemoteAddress $ServiceTag.properties.addressPrefixes -Group "Azure Arc" }
