Harden App Service
Nerdio Manager consists of a number of PaaS services. The entry point into the Nerdio Manager application is the App Service. By default, the Nerdio Manager app service is protected with Azure AD authentication, including MFA and conditional access, and is accessible from any internet location. It is possible to further protect the Nerdio Manager app service by using Access Restrictions.
Configure Access restrictions on the Nerdio Manager App Service
In the Azure portal, locate the Nerdio Manager App Service resource.
Note: It typically has a name in the following format: web-admin-portal-xxxxxxxxx.
Within the menu on the left-hand side of the App Service blade, scroll down to the Settings section.
In the Inbound Traffic section, select Access restriction.
Select + Add.
Type the Name and Description of the new rule.
Ensure that Action is set to Allow.
Specify the source IP address block to allow access.
Note: By default, the configuration is to allow all access. This automatically adds a new "Deny All" rule to the list to prevent access from all other locations.
Select Add rule.
After a few minutes, only whitelisted IP ranges are able to connect to the Nerdio Manager application.