Update what-is-ip-address-168-63-129-16.md

vikedesai · web-flow · commit 4fd2222b00bd · 2026-02-25T10:29:29.000-08:00
This line is incorrect: "The traffic must always come from the primary network interface of the virtual machine." Traffic can come from both the primary and secondary network interfaces, and this is supported by ICM https://portal.microsofticm.com/imp/v5/incidents/details/51000000803242/summary. Please work with PG and PM to confirm this,
diff --git a/articles/virtual-network/what-is-ip-address-168-63-129-16.md b/articles/virtual-network/what-is-ip-address-168-63-129-16.md
@@ -23,7 +23,7 @@ Azure IP address 168.63.129.16 is a virtual public IP address that facilitates c
 
 The public IP address 168.63.129.16 is used in all regions and all national clouds. Microsoft owns this special public IP address and it doesn't change. We recommend that you allow this IP address in any local (in the virtual machine) firewall policies (outbound direction). The communication between this special IP address and the resources is safe because only the internal Azure platform can source a message from this IP address. If this address is blocked, unexpected behavior can occur in various scenarios. 168.63.129.16 is a [virtual IP of the host node](./network-security-groups-overview.md#azure-platform-considerations) and as such it isn't subject to user defined routes.
 
-- The virtual machine Agent requires outbound communication over ports 80/tcp and 32526/tcp with WireServer (168.63.129.16). These ports should be open in the local firewall on the virtual machine. The communication on these ports with 168.63.129.16 isn't subject to the configured network security groups. The traffic must always come from the primary network interface of the virtual machine.
+- The virtual machine Agent requires outbound communication over ports 80/tcp and 32526/tcp with WireServer (168.63.129.16). These ports should be open in the local firewall on the virtual machine. The communication on these ports with 168.63.129.16 isn't subject to the configured network security groups. 
 - 168.63.129.16 can provide DNS services to the virtual machine. If DNS services provided by 168.63.129.16 isn't desired, outbound traffic to 168.63.129.16 ports 53/udp and 53/tcp can be blocked in the local firewall on the virtual machine.
 
   By default DNS communication isn't subject to the configured network security groups unless targeted using the [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags) service tag. To block DNS traffic to Azure DNS through NSG, create an outbound rule to deny traffic to [AzurePlatformDNS](../virtual-network/service-tags-overview.md#available-service-tags). Specify **"Any"** as **"Source"**, **"*"** as **"Destination port ranges"**, **"Any"** as protocol and **"Deny"** as action.
