{"id":60507,"date":"2020-12-14T12:46:18","date_gmt":"2020-12-14T20:46:18","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/devops\/?p=60507"},"modified":"2020-12-14T12:46:18","modified_gmt":"2020-12-14T20:46:18","slug":"azure-devops-service-tag-released","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/azure-devops-service-tag-released\/","title":{"rendered":"Azure DevOps Service Tag Released"},"content":{"rendered":"

Azure DevOps Services now supports Azure Service Tags<\/a>!<\/p>\n

What problems did customers face without Service Tags?<\/strong><\/p>\n

In the past, IP addresses changed when new Azure DevOps systems were added or migrated. Then, customers were unaware of the IP changes and were required to update their on-prem firewalls or Azure NSGs manually.<\/p>\n

What are Service Tags?<\/strong><\/p>\n

Service Tags are a convenient way for customers to manage their networking configuration to allow traffic from specific Azure services. Now that a service tag has been set up for Azure DevOps Services, customers can easily allow access by adding the tag name AzureDevOps<\/em><\/strong> to their NSGs or firewalls programmatically using Powershell and CLI. The portal will be supported at a later date. Customers may also use the service tag for on-prem firewall<\/a> via a JSON file download. Azure Service Tags are supported for inbound connection only from Azure DevOps to customers\u2019 on-prem. Outbound connection from customers\u2019 networks to Azure DevOps is not supported. Customers are still required to allow the Azure Front Door (AFD) IPs provided in the doc<\/a> for outbound connections. The inbound connection applies to the following scenarios documented here<\/a>.<\/p>\n