Prepare a Network Security Group (NSG) for Azure DevOps Pipeline Agent

See explanation below.

1. Open Microsoft Azure Portal and Log into your Azure account.

2. Select network security group (NSG) named az400-9940427-nsg1

3. Select Settings, Outbound security rules, and click Add

4. Click Advanced

5. Change the following settings:

-> Destination Port range: 8080

-> Protocol. TCP

-> Action: Allow

Note: By default, Azure DevOps Server uses TCP Port 8080.

https://robertsmit.wordpress.com/2017/09/11/step-by-step-azure-network-security-groups-nsg-security-center-azure-nsg-network/ https://docs.microsoft.com/en-us/azure/devops/server/architecture/required-ports?view=azure-devops

To prepare a network security group (NSG) named az400-9940427-nsg1 to host an Azure DevOps pipeline agent, you can follow these steps:

1. Log in to the Azure portal (https://portal.azure.com/).

2. Select "Resource groups" from the left-hand menu, and then select the appropriate resource group that contains the virtual network where you want to create the NSG.

3. In the "Resource groups" blade, select the virtual network that you want to associate the NSG with.

4. In the "Virtual network" blade, select "Subnets" from the left-hand menu, and then select the appropriate subnet that you want to associate the NSG with.

5. In the "Subnets" blade, select "Network security group" from the toolbar.

6. In the "Network security group" blade, select "Create" to create a new NSG.

7. In the "Create network security group" blade, enter a name for the NSG, such as az400-9940427-nsg1.

8. Choose the appropriate subscription, resource group, and location for the NSG.

9. Select "Review + create" to review the settings, and then select "Create" to create the NSG.

10. Once the NSG is created, select it from the "Subnets" blade, and then select "Inbound security rules" from the left-hand menu.

11. In the "Inbound security rules" blade, select "Add" to create a new inbound security rule.

12. In the "Add inbound security rule" blade, configure the following settings:

• Name: Enter a name for the rule, such as "Azure DevOps inbound".
• Priority: Enter a priority value (such as 100) that is lower than any other existing inbound rules, so that this rule is evaluated first.
• Source: Select "Any" as the source, since you want to allow inbound traffic from any source.
• Service: Select "Azure DevOps" from the dropdown list of services.
• Protocol: Select "Any" to allow any protocol.
• Action: Select "Allow" to allow the inbound traffic.
• Destination port ranges: Enter the required inbound port(s) for Azure DevOps, which will depend on your specific scenario. For example, if you are using the default agent pool, you might need to allow TCP port 5986 for WinRM communication.

13. Select "Add" to create the inbound security rule.

14. Next, select "Outbound security rules" from the left-hand menu.

15. In the "Outbound security rules" blade, select "Add" to create a new outbound security rule.

16. In the "Add outbound security rule" blade, configure the following settings:

• Name: Enter a name for the rule, such as "Azure DevOps outbound".
• Priority: Enter a priority value (such as 100) that is lower than any other existing outbound rules, so that this rule is evaluated first.
• Source: Select "Any" as the source, since you want to allow outbound traffic from any source.
• Service: Select "Any" from the dropdown list of services, since you want to allow any outbound traffic.
• Protocol: Select "Any" to allow any protocol.
• Action: Select "Allow" to allow the outbound traffic.
• Destination port ranges: Enter the required outbound port(s) for Azure DevOps, which will depend on your specific scenario. For example, you might need to allow TCP ports 80 and 443 for HTTP and HTTPS traffic.

17. Select "Add" to create the outbound security rule.

18. Finally, select "Overview" from the left-hand menu to verify that the