/* * Denies access to the AVD client endpoint. * This is relevant if the AVD session hosts might be used as research VMs. * In that case, researchers should not be able to jump off the session host * to another AVD host pool. * 2023-12-29: This rule is less relevant now because we're no longer allowing access * to the AVD infrastructure thanks to using private endpoints. * * NOTE: If needed, these rules MUST NOT be split between AzureCloud and AzureUSGovernment. */ [ { "name": "Block_AVDWeb_App", "priority": 100, "ruleCollectionType": "FirewallPolicyFilterRuleCollection", "action": { "type": "Deny" }, "rules": [ { "ruleType": "ApplicationRule", "name": "AVD Client Endpoint", "protocols": [ { "protocolType": "Http", "port": 80 }, { "protocolType": "Https", "port": 443 } ], "targetFqdns": ["client.wvd.microsoft.com", "rdweb.wvd.azure.us"], "terminateTLS": false, "sourceIpGroups": ["{{ipAddressPool}}"], "destinationAddresses": [] } ] } ]