Merge pull request #313072 from MicrosoftDocs/repo_sync_working_branch

Taojunshen · web-flow · commit 14fddf9bc76e · 2026-03-13T05:32:39.000+08:00
Confirm merge from repo_sync_working_branch to main to sync with https://github.com/MicrosoftDocs/azure-docs (branch main)
diff --git a/articles/virtual-network/what-is-ip-address-168-63-129-16.md b/articles/virtual-network/what-is-ip-address-168-63-129-16.md
@@ -23,7 +23,7 @@ Azure IP address 168.63.129.16 is a virtual public IP address that facilitates c
 
 The public IP address 168.63.129.16 is used in all regions and all national clouds. Microsoft owns this special public IP address and it doesn't change. We recommend that you allow this IP address in any local (in the virtual machine) firewall policies (outbound direction). The communication between this special IP address and the resources is safe because only the internal Azure platform can source a message from this IP address. If this address is blocked, unexpected behavior can occur in various scenarios. 168.63.129.16 is a [virtual IP of the host node](./network-security-groups-overview.md#azure-platform-considerations) and as such it isn't subject to user defined routes.
 
-- The virtual machine Agent requires outbound communication over ports 80/tcp and 32526/tcp with WireServer (168.63.129.16). These ports should be open in the local firewall on the virtual machine. The communication on these ports with 168.63.129.16 isn't subject to the configured network security groups. The traffic must always come from the primary network interface of the virtual machine.
+- The virtual machine Agent requires outbound communication over ports 80/tcp and 32526/tcp with WireServer (168.63.129.16). These ports should be open in the local firewall on the virtual machine. The communication on these ports with 168.63.129.16 isn't subject to the configured network security groups. 
 - 168.63.129.16 can provide DNS services to the virtual machine. If DNS services provided by 168.63.129.16 isn't desired, outbound traffic to 168.63.129.16 ports 53/udp and 53/tcp can be blocked in the local firewall on the virtual machine.
 
   By default DNS communication isn't subject to the configured network security groups unless targeted using the [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags) service tag. To block DNS traffic to Azure DNS through NSG, create an outbound rule to deny traffic to [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags). Specify **"Any"** as **"Source"**, **"*"** as **"Destination port ranges"**, **"Any"** as protocol and **"Deny"** as action.
