It might be that you have rules within your Azure subscription or tenancy that automatically apply network rules to restrict access to resources to only be allowed from certain IP addresses. If this is the case, you'll want to use the Set Authorized IP Ranges option during the deployment. You can read more about what that means in the FAQ.

Hope that helps.

The error reported by the application indicates that your subsection is limited by enterprise IT deny assignment rules for: resource 'kubernetes' was disallowed by policy.  It is missing something called a "guardrails tag" and provides an link to an internal service-now exemption form that I am not able to share in a public forum. 

the Set Authorized IP Ranges was set during SAS Viya Azure deployment. the IP range to be updated but though the security rule updated, still application was not able to access from the new IP range. need help to add more IP range into inbound rule. 

The IP ranges needs to be set in multiple places, you might want to verify it is set in these places in the deployment and try again. Please let us know if that helped, or any further questions.Thanks.

1. NSG resource – in the Inbound Security Rules
2. AKS resource – In the Networking section, Specify IP ranges under Security.

The IP restriction was already available as a part of deployment. i need to update/edit or make it for wider range. There is deny permission was imposed by the SAS deployment and got the below error though my account has the complete permission.
Error: The client with object id 'has permission to perform action ; however, it does not have permission to perform action 'Microsoft.Network/virtualNetworks/subnets/join/action' on the '0' linked scope(s) '' or the linked scope(s) are invalid and is blocked by deny assignments on the '1' linked scope(s).

Thanks for the update, we will look into this and get back to you.

We have added a runbook that will allow adding more IP addresses after the deployment. This is available in the latest, so new deployment with latest is needed. This is documented here: https://go.documentation.sas.com/doc/en/viyaakscdc/v_001/viyaakstasks/n0kldoq6spqxman129kk4f5klmq8.h...

Please let us know any questions.

Thanks,
Priyha