Subnet Exclusion from NSG control doesn't include AzureFirewallManagementSubnet

[chbragg]

The following control is missing an excluded item: https://github.com/azsk/AzTS-docs/blob/main/Control%20coverage/Feature/VirtualNetwork.md#azure_vnet_netsec_configure_nsg

According to the MS docs, the AzureFirewallManagementSubnet includes an intrinsic NSG that is not directly manageable or visible. Therefore, that subnet and can not be associated to an NSG. https://github.com/Azure/PSRule.Rules.Azure/blob/main/docs/en/rules/Azure.VNET.UseNSGs.md#description

The subnets to exclude should also include this NSG like this: "SubnetsToExcludeFromEvaluation": [ "azurefirewallsubnet", "azurefirewallmanagementsubnet", "gatewaysubnet", "routeserversubnet" ]

[Aboli-msft]

Hi @chbragg , thank you for reaching out to us, will check further on this.

[Aboli-msft]

Hi @chbragg, Thank you for sharing, Control logic has been updated in recent release.