09-20-2021 12:25 PM
Public IP addresses allow Internet resources to communicate inbound to Azure resources.
Security posture Management can help with custom rules to ensure that specifically tagged VM instances donot have a Network Interface with public IPs assigned. The custom rule would look like following:
VirtualMachine where Tags with [ Name eq "confidential" ] should not have NetworkInterfaces with [ IPConfigurations with [ PublicIP len () gt 0 ] ]