Automatically add trusted IPs to an Azure IP Group for Azure Firewall
For many reasons we choose to not use a VPN for traffic which is already encrypted and authenticated. Sometimes this is a challenge though, especially when the authentication opens us up for password guessing attacks. In this case, that vulnerability is our on-premises Exchange Server which is needed for Public Folder access amongst other things. We've tried different solutions to prevent this, including the Azure Web Application Firewall, but always end up needing to expose a portion of the Exchange Web Services to the internet. I'm sure some of you are wondering what we are doing wrong with Exchange to need this but I really can't recall each of the obstacles we ran into while trying to nail this down. Our latest attempt at mitigating this vulnerability collects the IP addresses of all of our trusted clients and automatically adds then to an Azure IP Group which is used in an Azure Firewall rule to allow HTTPS traffic to our on-premises Exchange Server. The solution ut