Managed Instance enhances security with network traffic containment within Azure cloud
Updated: July 31, 2019
Azure SQL Database Managed Instance along with its native virtual network connectivity is now even more secure through enclosing its management traffic within the Azure cloud.
Prior to this service update, Managed Instance has required Internet outbound security rule in the networking configuration to fetch revoked certificate lists and has also required Azure DNS to be configured as a failsafe hostname lookup mechanism.
As of today, managed instance network requirements have been loosened and any outbound Internet network rule, or Azure DNS configuration is no longer required. If your business scenario requires to open data traffic to public endpoints on the Internet, you can do so through customizing NSG and UDR rules.
To learn more, see Connectivity architecture for managed instance.