@Arvind ,
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you would like to access "https://management.azure.com/" without having internet access from a VM.
Unfortunately, this is not possible.
- This is not a PaaS Service, and so you cannot use a service endpoint or private endpoint to access this via Private IPs.
- You will need internet connection to access this.
- This means, not necessarily NAT - you can also attach a Public IP to the VM to access "https://management.azure.com/" .
You must use NSGs or Firewall and fine tune your internet connectivity instead of cutting off Internet connection altogether.
- With NSG, you can consider using "AzureResourceManager" service tag and allow traffic on Port 443.
- See : How NSG works
- With Azure Firewall, you can use still use the "AzureResourceManager" service tag and allow the traffic using Application rules.
P.S : With NSG, you still require NAT or Public IP assigned to the VM, but with Azure Firewall you don't have to attach the NAT or Public IP to the VM
Kindly let us know if this helps or you need further assistance on this issue.
Thanks,
Kapil
Please don’t forget to close the thread by clicking "Accept the answer" wherever the information provided helps you, as this can be beneficial to other community members.