I have an Azure VM that has an NSG which needs to restrict outbound Internet access to only necessary services and applications (start with most restrictive then add rules). The Team Services agent extension also will get installed with an ARM template (which fails to download with the Deny all outbound Internet rule).
Does the weekly change of IP addresses used by VSTS apply for Deployment Groups? There is a similar question for IPs of Hosted Build.
I'm creating the VMs in a VSTS release definition. In the link above, I found an answer posted that you can call the REST API to get the IP address which would be easiest, but when I try this in a browser it looks like this is deprecated. ("Sorry! Our services aren't available right now.") Any other ideas on how I can apply the IPs for the NSG whenever I run the release to create the VMs?
"You can get the IP address of current build agent dynamically and create a security group dynamically (by using AWS SDK for .NET)
Open build definition > Select Options tab> Check Allow Scripts to Access OAuth Token Add PowerShell step/task (Arguments: -RestAddress https://starain.vsdtl.visualstudio.com/DefaultCollection/_apis/vslabs/ipaddress -Token $(System.AccessToken))."
