If I create a VM directly with azure portal and create new vnet,subnet and allow RDP from it. It is working.
But if I follow below process, I am getting issue.
I have created a vnet using below command.
az network vnet create -g TestingTFCLI -n myVNET --address-prefixes 10.0.0.0/8
Then created NSG using below command.
az network nsg create -g TestingTFCLI -n MyNsg --tags super_secure no_80 no_22
Then subnet using below command.
az network vnet subnet create -n mySubNet -g TestingTFCLI --vnet-name myVNET --address-prefixes 10.240.0.0/16 --network-security-group MyNsg
After that, when I try to add NSG rule with below command I am getting error as shown below.
az network nsg rule create -g TestingTFCLI --nsg-name MyNsg -n MyNsgRule --destination-port-ranges 3389 --access Allow --protocol Tcp --description "Allow RDP" --priority 500
Failed to create security rule 'Port_8080'. Error: Resource
'Port_8080' was disallowed by policy. Policy identifiers:
'[{"policyAssignment":{"name":"Deny-RDP-from-Internet","id":"/providers/Microsoft.Management/managementGroups/QSFT-landingzones/providers/Microsoft.Authorization/policyAssignments/Deny-RDP-from-internet"},"policyDefinition":{"name":"RDP
access from the Internet should be
blocked","id":"/providers/Microsoft.Management/managementGroups/QSFT/providers/Microsoft.Authorization/policyDefinitions/Deny-RDP-From-Internet"}}]'.
So, I did'nt add this rule and created VM directly from azure portal.
But this time, I didn't select this NSG for VM, instead created another at VM creation screen.
But still can't able to access it.
So, I tried to add ICMP rule to test there from the network section of VM. But getting below error again.
