📳Virtual Network (Optional)

If you want to bring your own Virtual Network rather than creating the virtual network while deploying the solution, please follow the steps below.

This is an optional step. It is applied only if you want to bring your own virtual network. Skip to next section if you are okay to create the new virtual network while deploying the solution.

If a non-admin user is deploying the solution, the user needs to make sure that they have enough permissions to create private endpoints on the existing VNet that is going to be used and there's no policy in place to prevent this action.

Some organization would like to deploy the solution in a hub and spoke network architecture model. In this case, the spoke networks would be created already by the network administrator with the specific needs of the organization before deploying the solution. Please make sure that the subnets and virtual network created will satisfy the following needs.

  • The Virtual Network should have 3 subnets for this application. The virtual network could have user defined routes or NSG or firewall in the front to regulate the internet traffic.

  • Public Subnet: This is a 256 address space subnet which would be used by app service. This subnet should be delegated to the Microsoft.Web/serverfarms. This subnet should be allowed to communicate with O365 services, Inforiver services and SMTP services etc. Moreover this should allow an inbound connection to the 443 port.

  • Private subnet: This is a 256 address space subnet which would be used by private resources like database, cache and storage account. No inbound connections are required to allow. This won't communicate outside with this virtual network.

  • Background Subnet: This is a 256 address space subnet which would be used by Azure Container Instances. This subnet should be delegated to Microsoft.ContainerInstance/containerGroups. This subnet should be allowed to communicate with O365 services, Inforiver services and SMTP services etc. There is no requirement for any inbound connections to allow.

Make sure that you delegate Public subnet to Microsoft.Web/serverfarms and Background Subnet to Microsoft.ContainerInstance/containerGroups. If not, it would throw any error while deploying the solution.

You can read about the outbound internet connections allowed in the below page.

External Connections

Last updated