When customers move into the cloud, they tend to mimic their setup on-prem. Not a bad thing, but when it comes to blocking internet access for servers this can create some unusual problems.
If you are using network security groups (NSGs), user defined routing (UDR), or forced-tunneling but sure to put in exceptions for these:
- VM Extensions see https://blogs.msdn.microsoft.com/mast/2016/04/27/vm-stuck-in-updating-when-nsg-rule-restricts-outbound-internet-connectivity/
- Azure Backup see https://azure.microsoft.com/en-us/documentation/articles/backup-azure-vms-prepare/#network-connectivity
I’ll update this page as needed.