Network Security Perimeter Access Rules - Create Or Update

Service:: Network security perimeter

API Version:: 2025-05-01

Creates or updates a network access rule.

PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Network/networkSecurityPerimeters/{networkSecurityPerimeterName}/profiles/{profileName}/accessRules/{accessRuleName}?api-version=2025-05-01

URI Parameters

Name	In	Required	Type	Description
accessRuleName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	The name of the NSP access rule.
networkSecurityPerimeterName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	The name of the network security perimeter.
profileName	path	True	string maxLength: 80 pattern: (^[a-zA-Z0-9]+[a-zA-Z0-9_.-]*[a-zA-Z0-9_]+$)\|(^[a-zA-Z0-9]$)	The name of the NSP profile.
resourceGroupName	path	True	string minLength: 1 maxLength: 90	The name of the resource group. The name is case insensitive.
subscriptionId	path	True	string (uuid)	The ID of the target subscription. The value must be an UUID.
api-version	query	True	string minLength: 1	The API version to use for this operation.

Request Body

Name	Type	Description
properties.addressPrefixes	string[]	Inbound address prefixes (IPv4/IPv6)
properties.direction	AccessRuleDirection	Direction that specifies whether the access rules is inbound/outbound.
properties.emailAddresses	string[]	Outbound rules in email address format. This access rule type is currently unavailable for use.
properties.fullyQualifiedDomainNames	string[]	Outbound rules in fully qualified domain name format.
properties.phoneNumbers	string[]	Outbound rules in phone number format. This access rule type is currently unavailable for use.
properties.serviceTags	string[]	Inbound rules of type service tag. This access rule type is currently unavailable for use.
properties.subscriptions.id	string (arm-id)	Subscription id in the ARM id format.

Responses

Name	Type	Description
200 OK	NspAccessRule	Resource 'NspAccessRule' update operation succeeded
201 Created	NspAccessRule	Resource 'NspAccessRule' create operation succeeded
Other Status Codes	CloudError	An unexpected error response.

Security

azure_auth

Azure Active Directory OAuth2 Flow.

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Name	Description
user_impersonation	impersonate your user account

Examples

NspAccessRulePut

PUT https://management.azure.com/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1?api-version=2025-05-01

{
  "properties": {
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "direction": "Inbound"
  }
}

const { NetworkManagementClient } = require("@azure/arm-network");
const { DefaultAzureCredential } = require("@azure/identity");
require("dotenv/config");

/**
 * This sample demonstrates how to Creates or updates a network access rule.
 *
 * @summary Creates or updates a network access rule.
 * x-ms-original-file: specification/network/resource-manager/Microsoft.Network/Network/stable/2025-05-01/examples/NspAccessRulePut.json
 */
async function nspAccessRulePut() {
  const subscriptionId = process.env["NETWORK_SUBSCRIPTION_ID"] || "subId";
  const resourceGroupName = process.env["NETWORK_RESOURCE_GROUP"] || "rg1";
  const networkSecurityPerimeterName = "nsp1";
  const profileName = "profile1";
  const accessRuleName = "accessRule1";
  const parameters = {
    addressPrefixes: ["10.11.0.0/16", "10.10.1.0/24"],
    direction: "Inbound",
  };
  const credential = new DefaultAzureCredential();
  const client = new NetworkManagementClient(credential, subscriptionId);
  const result = await client.networkSecurityPerimeterAccessRules.createOrUpdate(
    resourceGroupName,
    networkSecurityPerimeterName,
    profileName,
    accessRuleName,
    parameters,
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample response

Status code:: 200

{
  "name": "accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "properties": {
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "direction": "Inbound",
    "emailAddresses": [],
    "fullyQualifiedDomainNames": [],
    "networkSecurityPerimeters": [],
    "phoneNumbers": [],
    "provisioningState": "Succeeded",
    "serviceTags": [],
    "subscriptions": []
  },
  "systemData": {
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "createdBy": "user",
    "createdByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User"
  }
}

Status code:: 201

{
  "name": "accessRule1",
  "type": "Microsoft.Network/networkSecurityPerimeters/profiles/accessRules",
  "id": "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/rg1/providers/Microsoft.Network/networkSecurityPerimeters/nsp1/profiles/profile1/accessRules/accessRule1",
  "properties": {
    "addressPrefixes": [
      "10.11.0.0/16",
      "10.10.1.0/24"
    ],
    "direction": "Inbound",
    "emailAddresses": [],
    "fullyQualifiedDomainNames": [],
    "networkSecurityPerimeters": [],
    "phoneNumbers": [],
    "provisioningState": "Succeeded",
    "serviceTags": [],
    "subscriptions": []
  },
  "systemData": {
    "createdAt": "2024-02-07T18:07:36.3446713Z",
    "createdBy": "user",
    "createdByType": "User",
    "lastModifiedAt": "2024-02-07T18:07:36.3446713Z",
    "lastModifiedBy": "user",
    "lastModifiedByType": "User"
  }
}

Definitions

Name	Description
AccessRuleDirection	Direction that specifies whether the access rules is inbound/outbound.
CloudError	An error response from the service.
CloudErrorBody	An error response from the service.
CreatedByType	The type of identity that created the resource.
NspAccessRule	The NSP access rule resource
NspProvisioningState	The current provisioning state.
SecurityPerimeterSystemData	Metadata pertaining to creation and last modification of the resource.

AccessRuleDirection

Enumeration

Direction that specifies whether the access rules is inbound/outbound.

Value	Description
Inbound	Inbound
Outbound	Outbound

CloudError

Object

An error response from the service.

Name	Type	Description
error	CloudErrorBody	Cloud error body.

CloudErrorBody

Object

An error response from the service.

Name	Type	Description
code	string	An identifier for the error. Codes are invariant and are intended to be consumed programmatically.
details	CloudErrorBody[]	A list of additional details about the error.
message	string	A message describing the error, intended to be suitable for display in a user interface.
target	string	The target of the particular error. For example, the name of the property in error.

CreatedByType

Enumeration

The type of identity that created the resource.

Value	Description
User	User
Application	Application
ManagedIdentity	ManagedIdentity
Key	Key

NspAccessRule

Object

The NSP access rule resource

Name	Type	Description
id	string (arm-id)	Fully qualified resource ID for the resource. E.g. "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name	string	The name of the resource
properties.addressPrefixes	string[]	Inbound address prefixes (IPv4/IPv6)
properties.direction	AccessRuleDirection	Direction that specifies whether the access rules is inbound/outbound.
properties.emailAddresses	string[]	Outbound rules in email address format. This access rule type is currently unavailable for use.
properties.fullyQualifiedDomainNames	string[]	Outbound rules in fully qualified domain name format.
properties.networkSecurityPerimeters.id	string (arm-id)	NSP id in the ARM id format.
properties.networkSecurityPerimeters.location	string	Location of the NSP supplied.
properties.networkSecurityPerimeters.perimeterGuid	string	Resource guid of the NSP supplied.
properties.phoneNumbers	string[]	Outbound rules in phone number format. This access rule type is currently unavailable for use.
properties.provisioningState	NspProvisioningState	The provisioning state of the scope assignment resource.
properties.serviceTags	string[]	Inbound rules of type service tag. This access rule type is currently unavailable for use.
properties.subscriptions.id	string (arm-id)	Subscription id in the ARM id format.
systemData	SecurityPerimeterSystemData	Azure Resource Manager metadata containing createdBy and modifiedBy information.
type	string	The type of the resource. E.g. "Microsoft.Compute/virtualMachines" or "Microsoft.Storage/storageAccounts"

NspProvisioningState

Enumeration

The current provisioning state.

Value	Description
Succeeded	Succeeded
Creating	Creating
Updating	Updating
Deleting	Deleting
Accepted	Accepted
Failed	Failed

SecurityPerimeterSystemData

Object

Metadata pertaining to creation and last modification of the resource.

Name	Type	Description
createdAt	string (date-time)	The timestamp of resource creation (UTC).
createdBy	string	The identity that created the resource.
createdByType	CreatedByType	The type of identity that created the resource.
lastModifiedAt	string (date-time)	The timestamp of resource last modification (UTC)
lastModifiedBy	string	The identity that last modified the resource.
lastModifiedByType	CreatedByType	The type of identity that last modified the resource.

Share via

Network Security Perimeter Access Rules - Create Or Update

URI Parameters

Request Body

Responses

Security

azure_auth

Scopes

Examples

NspAccessRulePut

Sample request

Sample response

Definitions

AccessRuleDirection

CloudError

CloudErrorBody

CreatedByType

NspAccessRule

NspProvisioningState

SecurityPerimeterSystemData