Thanks for your reply.
Agreed about protected by D365 Security, we see that in the statement from MS on page learn.microsoft.com/.../secure-developer-vm where we can read
"Although authorization is required for any sign-in to the site,"
I understand that the 'authorization' is from the Single Sign On (SSO) process.
But I am trying to follow the second part of the sentence: "as a best practice, you should still restrict port 443 access to clients that require it."
Can you expand on your suggestions 1 & 2?
Only authorized users in D365 can access 443 in a dev box, even it's a public endpoint.
It's protected by D365 security.
The most common restrictions that I have seen.
1. Block all traffic to VM's. Only allow access by using connecting to VM by Azure Firewall VPN.
2. Protected VM with Azure bastion and then users connect to VM locally
André Arnaud de Cal... 291,391 Super User 2024 Season 2
Martin Dráb 230,445 Most Valuable Professional
nmaenpaa 101,156