Azure DevOps Service Tag Released

Justin

Azure DevOps Services now supports Azure Service Tags!

What problems did customers face without Service Tags?

In the past, IP addresses changed when new Azure DevOps systems were added or migrated. Then, customers were unaware of the IP changes and were required to update their on-prem firewalls or Azure NSGs manually.

What are Service Tags?

Service Tags are a convenient way for customers to manage their networking configuration to allow traffic from specific Azure services. Now that a service tag has been set up for Azure DevOps Services, customers can easily allow access by adding the tag name AzureDevOps to their NSGs or firewalls programmatically using Powershell and CLI. The portal will be supported at a later date. Customers may also use the service tag for on-prem firewall via a JSON file download. Azure Service Tags are supported for inbound connection only from Azure DevOps to customers’ on-prem. Outbound connection from customers’ networks to Azure DevOps is not supported. Customers are still required to allow the Azure Front Door (AFD) IPs provided in the doc for outbound connections. The inbound connection applies to the following scenarios documented here.

The Service Tag does not apply to Microsoft Hosted Agents. Customers are still required to allow the entire geography for the Microsoft Hosted Agents. If allowing the entire geography is a concern, we recommend using the Azure Virtual Machine Scale Set Agents. The Scale Set Agents are a form of self-hosted agents that can be autoscaled to meet your demands.

4 comments

Comments are closed. Login to edit/delete your existing comments

  • Gregory Suvalian

    How one setup outbound NSGs to allow connect to azure devops services in case of selfhosted agents?

  • Daan Weda

    How about connecting library groups from Azure DevOps to a Keyvault? This was also included in the backlog item for this but nothing is mentioned.

  • Howard Jones

    AzureDevOps doesn’t appear in the list of available Service Tags for editing NSG inbound policy. Does something have to happen to enable it?

    • Ajith Ramanath

      There is no support from portal at this time as per the above. Are you trying CLI / PS?