diff --git a/profiles/preview/preview/security/mgmt/security/models.go b/profiles/preview/preview/security/mgmt/security/models.go
index 8a0ec00f449d..5727ed99cd6c 100644
--- a/profiles/preview/preview/security/mgmt/security/models.go
+++ b/profiles/preview/preview/security/mgmt/security/models.go
@@ -23,6 +23,7 @@ import original "github.com/Azure/azure-sdk-for-go/services/preview/security/mgm
 
 type AdvancedThreatProtectionClient = original.AdvancedThreatProtectionClient
 type AlertsClient = original.AlertsClient
+type AllowedConnectionsClient = original.AllowedConnectionsClient
 type AutoProvisioningSettingsClient = original.AutoProvisioningSettingsClient
 
 const (
@@ -66,6 +67,13 @@ const (
 	AutoProvisionOn  AutoProvision = original.AutoProvisionOn
 )
 
+type ConnectionType = original.ConnectionType
+
+const (
+	External ConnectionType = original.External
+	Internal ConnectionType = original.Internal
+)
+
 type ExternalSecuritySolutionKind = original.ExternalSecuritySolutionKind
 
 const (
@@ -147,6 +155,11 @@ type AlertList = original.AlertList
 type AlertListIterator = original.AlertListIterator
 type AlertListPage = original.AlertListPage
 type AlertProperties = original.AlertProperties
+type AllowedConnectionsList = original.AllowedConnectionsList
+type AllowedConnectionsListIterator = original.AllowedConnectionsListIterator
+type AllowedConnectionsListPage = original.AllowedConnectionsListPage
+type AllowedConnectionsResource = original.AllowedConnectionsResource
+type AllowedConnectionsResourceProperties = original.AllowedConnectionsResourceProperties
 type AscLocation = original.AscLocation
 type AscLocationList = original.AscLocationList
 type AscLocationListIterator = original.AscLocationListIterator
@@ -168,6 +181,8 @@ type ComplianceListIterator = original.ComplianceListIterator
 type ComplianceListPage = original.ComplianceListPage
 type ComplianceProperties = original.ComplianceProperties
 type ComplianceSegment = original.ComplianceSegment
+type ConnectableResource = original.ConnectableResource
+type ConnectedResource = original.ConnectedResource
 type ConnectedWorkspace = original.ConnectedWorkspace
 type Contact = original.Contact
 type ContactList = original.ContactList
@@ -268,6 +283,12 @@ func NewAlertsClient(subscriptionID string, ascLocation string) AlertsClient {
 func NewAlertsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) AlertsClient {
 	return original.NewAlertsClientWithBaseURI(baseURI, subscriptionID, ascLocation)
 }
+func NewAllowedConnectionsClient(subscriptionID string, ascLocation string) AllowedConnectionsClient {
+	return original.NewAllowedConnectionsClient(subscriptionID, ascLocation)
+}
+func NewAllowedConnectionsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) AllowedConnectionsClient {
+	return original.NewAllowedConnectionsClientWithBaseURI(baseURI, subscriptionID, ascLocation)
+}
 func NewAutoProvisioningSettingsClient(subscriptionID string, ascLocation string) AutoProvisioningSettingsClient {
 	return original.NewAutoProvisioningSettingsClient(subscriptionID, ascLocation)
 }
@@ -334,6 +355,9 @@ func PossibleAlertsToAdminsValues() []AlertsToAdmins {
 func PossibleAutoProvisionValues() []AutoProvision {
 	return original.PossibleAutoProvisionValues()
 }
+func PossibleConnectionTypeValues() []ConnectionType {
+	return original.PossibleConnectionTypeValues()
+}
 func PossibleExternalSecuritySolutionKindValues() []ExternalSecuritySolutionKind {
 	return original.PossibleExternalSecuritySolutionKindValues()
 }
diff --git a/services/preview/security/mgmt/2017-08-01-preview/security/allowedconnections.go b/services/preview/security/mgmt/2017-08-01-preview/security/allowedconnections.go
new file mode 100644
index 000000000000..85f0a2e38e3f
--- /dev/null
+++ b/services/preview/security/mgmt/2017-08-01-preview/security/allowedconnections.go
@@ -0,0 +1,365 @@
+package security
+
+// Copyright (c) Microsoft and contributors.  All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+//
+// See the License for the specific language governing permissions and
+// limitations under the License.
+//
+// Code generated by Microsoft (R) AutoRest Code Generator.
+// Changes may cause incorrect behavior and will be lost if the code is regenerated.
+
+import (
+	"context"
+	"github.com/Azure/go-autorest/autorest"
+	"github.com/Azure/go-autorest/autorest/azure"
+	"github.com/Azure/go-autorest/autorest/validation"
+	"github.com/Azure/go-autorest/tracing"
+	"net/http"
+)
+
+// AllowedConnectionsClient is the API spec for Microsoft.Security (Azure Security Center) resource provider
+type AllowedConnectionsClient struct {
+	BaseClient
+}
+
+// NewAllowedConnectionsClient creates an instance of the AllowedConnectionsClient client.
+func NewAllowedConnectionsClient(subscriptionID string, ascLocation string) AllowedConnectionsClient {
+	return NewAllowedConnectionsClientWithBaseURI(DefaultBaseURI, subscriptionID, ascLocation)
+}
+
+// NewAllowedConnectionsClientWithBaseURI creates an instance of the AllowedConnectionsClient client.
+func NewAllowedConnectionsClientWithBaseURI(baseURI string, subscriptionID string, ascLocation string) AllowedConnectionsClient {
+	return AllowedConnectionsClient{NewWithBaseURI(baseURI, subscriptionID, ascLocation)}
+}
+
+// Get gets the list of all possible traffic between resources for the subscription and location, based on connection
+// type.
+// Parameters:
+// resourceGroupName - the name of the resource group within the user's subscription. The name is case
+// insensitive.
+// connectionType - the type of allowed connections (Internal, External)
+func (client AllowedConnectionsClient) Get(ctx context.Context, resourceGroupName string, connectionType ConnectionType) (result AllowedConnectionsResource, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsClient.Get")
+		defer func() {
+			sc := -1
+			if result.Response.Response != nil {
+				sc = result.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}},
+		{TargetValue: resourceGroupName,
+			Constraints: []validation.Constraint{{Target: "resourceGroupName", Name: validation.MaxLength, Rule: 90, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.MinLength, Rule: 1, Chain: nil},
+				{Target: "resourceGroupName", Name: validation.Pattern, Rule: `^[-\w\._\(\)]+$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("security.AllowedConnectionsClient", "Get", err.Error())
+	}
+
+	req, err := client.GetPreparer(ctx, resourceGroupName, connectionType)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "Get", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.GetSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "Get", resp, "Failure sending request")
+		return
+	}
+
+	result, err = client.GetResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "Get", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// GetPreparer prepares the Get request.
+func (client AllowedConnectionsClient) GetPreparer(ctx context.Context, resourceGroupName string, connectionType ConnectionType) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"ascLocation":       autorest.Encode("path", client.AscLocation),
+		"connectionType":    autorest.Encode("path", connectionType),
+		"resourceGroupName": autorest.Encode("path", resourceGroupName),
+		"subscriptionId":    autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2015-06-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Security/locations/{ascLocation}/allowedConnections/{connectionType}", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// GetSender sends the Get request. The method will close the
+// http.Response Body if it receives an error.
+func (client AllowedConnectionsClient) GetSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// GetResponder handles the response to the Get request. The method always
+// closes the http.Response Body.
+func (client AllowedConnectionsClient) GetResponder(resp *http.Response) (result AllowedConnectionsResource, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// List gets the list of all possible traffic between resources for the subscription
+func (client AllowedConnectionsClient) List(ctx context.Context) (result AllowedConnectionsListPage, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsClient.List")
+		defer func() {
+			sc := -1
+			if result.ACL.Response.Response != nil {
+				sc = result.ACL.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("security.AllowedConnectionsClient", "List", err.Error())
+	}
+
+	result.fn = client.listNextResults
+	req, err := client.ListPreparer(ctx)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "List", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.ACL.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "List", resp, "Failure sending request")
+		return
+	}
+
+	result.ACL, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "List", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListPreparer prepares the List request.
+func (client AllowedConnectionsClient) ListPreparer(ctx context.Context) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2015-06-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Security/allowedConnections", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListSender sends the List request. The method will close the
+// http.Response Body if it receives an error.
+func (client AllowedConnectionsClient) ListSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListResponder handles the response to the List request. The method always
+// closes the http.Response Body.
+func (client AllowedConnectionsClient) ListResponder(resp *http.Response) (result AllowedConnectionsList, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listNextResults retrieves the next set of results, if any.
+func (client AllowedConnectionsClient) listNextResults(ctx context.Context, lastResults AllowedConnectionsList) (result AllowedConnectionsList, err error) {
+	req, err := lastResults.allowedConnectionsListPreparer(ctx)
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListComplete enumerates all values, automatically crossing page boundaries as required.
+func (client AllowedConnectionsClient) ListComplete(ctx context.Context) (result AllowedConnectionsListIterator, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsClient.List")
+		defer func() {
+			sc := -1
+			if result.Response().Response.Response != nil {
+				sc = result.page.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	result.page, err = client.List(ctx)
+	return
+}
+
+// ListByHomeRegion gets the list of all possible traffic between resources for the subscription and location.
+func (client AllowedConnectionsClient) ListByHomeRegion(ctx context.Context) (result AllowedConnectionsListPage, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsClient.ListByHomeRegion")
+		defer func() {
+			sc := -1
+			if result.ACL.Response.Response != nil {
+				sc = result.ACL.Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	if err := validation.Validate([]validation.Validation{
+		{TargetValue: client.SubscriptionID,
+			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}}}); err != nil {
+		return result, validation.NewError("security.AllowedConnectionsClient", "ListByHomeRegion", err.Error())
+	}
+
+	result.fn = client.listByHomeRegionNextResults
+	req, err := client.ListByHomeRegionPreparer(ctx)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "ListByHomeRegion", nil, "Failure preparing request")
+		return
+	}
+
+	resp, err := client.ListByHomeRegionSender(req)
+	if err != nil {
+		result.ACL.Response = autorest.Response{Response: resp}
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "ListByHomeRegion", resp, "Failure sending request")
+		return
+	}
+
+	result.ACL, err = client.ListByHomeRegionResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "ListByHomeRegion", resp, "Failure responding to request")
+	}
+
+	return
+}
+
+// ListByHomeRegionPreparer prepares the ListByHomeRegion request.
+func (client AllowedConnectionsClient) ListByHomeRegionPreparer(ctx context.Context) (*http.Request, error) {
+	pathParameters := map[string]interface{}{
+		"ascLocation":    autorest.Encode("path", client.AscLocation),
+		"subscriptionId": autorest.Encode("path", client.SubscriptionID),
+	}
+
+	const APIVersion = "2015-06-01-preview"
+	queryParameters := map[string]interface{}{
+		"api-version": APIVersion,
+	}
+
+	preparer := autorest.CreatePreparer(
+		autorest.AsGet(),
+		autorest.WithBaseURL(client.BaseURI),
+		autorest.WithPathParameters("/subscriptions/{subscriptionId}/providers/Microsoft.Security/locations/{ascLocation}/allowedConnections", pathParameters),
+		autorest.WithQueryParameters(queryParameters))
+	return preparer.Prepare((&http.Request{}).WithContext(ctx))
+}
+
+// ListByHomeRegionSender sends the ListByHomeRegion request. The method will close the
+// http.Response Body if it receives an error.
+func (client AllowedConnectionsClient) ListByHomeRegionSender(req *http.Request) (*http.Response, error) {
+	return autorest.SendWithSender(client, req,
+		azure.DoRetryWithRegistration(client.Client))
+}
+
+// ListByHomeRegionResponder handles the response to the ListByHomeRegion request. The method always
+// closes the http.Response Body.
+func (client AllowedConnectionsClient) ListByHomeRegionResponder(resp *http.Response) (result AllowedConnectionsList, err error) {
+	err = autorest.Respond(
+		resp,
+		client.ByInspecting(),
+		azure.WithErrorUnlessStatusCode(http.StatusOK),
+		autorest.ByUnmarshallingJSON(&result),
+		autorest.ByClosing())
+	result.Response = autorest.Response{Response: resp}
+	return
+}
+
+// listByHomeRegionNextResults retrieves the next set of results, if any.
+func (client AllowedConnectionsClient) listByHomeRegionNextResults(ctx context.Context, lastResults AllowedConnectionsList) (result AllowedConnectionsList, err error) {
+	req, err := lastResults.allowedConnectionsListPreparer(ctx)
+	if err != nil {
+		return result, autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listByHomeRegionNextResults", nil, "Failure preparing next results request")
+	}
+	if req == nil {
+		return
+	}
+	resp, err := client.ListByHomeRegionSender(req)
+	if err != nil {
+		result.Response = autorest.Response{Response: resp}
+		return result, autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listByHomeRegionNextResults", resp, "Failure sending next results request")
+	}
+	result, err = client.ListByHomeRegionResponder(resp)
+	if err != nil {
+		err = autorest.NewErrorWithError(err, "security.AllowedConnectionsClient", "listByHomeRegionNextResults", resp, "Failure responding to next results request")
+	}
+	return
+}
+
+// ListByHomeRegionComplete enumerates all values, automatically crossing page boundaries as required.
+func (client AllowedConnectionsClient) ListByHomeRegionComplete(ctx context.Context) (result AllowedConnectionsListIterator, err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsClient.ListByHomeRegion")
+		defer func() {
+			sc := -1
+			if result.Response().Response.Response != nil {
+				sc = result.page.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	result.page, err = client.ListByHomeRegion(ctx)
+	return
+}
diff --git a/services/preview/security/mgmt/2017-08-01-preview/security/contacts.go b/services/preview/security/mgmt/2017-08-01-preview/security/contacts.go
index 848b039c58e8..0edd662d33de 100644
--- a/services/preview/security/mgmt/2017-08-01-preview/security/contacts.go
+++ b/services/preview/security/mgmt/2017-08-01-preview/security/contacts.go
@@ -61,9 +61,7 @@ func (client ContactsClient) Create(ctx context.Context, securityContactName str
 			Constraints: []validation.Constraint{{Target: "client.SubscriptionID", Name: validation.Pattern, Rule: `^[0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12}$`, Chain: nil}}},
 		{TargetValue: securityContact,
 			Constraints: []validation.Constraint{{Target: "securityContact.ContactProperties", Name: validation.Null, Rule: false,
-				Chain: []validation.Constraint{{Target: "securityContact.ContactProperties.Email", Name: validation.Null, Rule: true, Chain: nil},
-					{Target: "securityContact.ContactProperties.Phone", Name: validation.Null, Rule: true, Chain: nil},
-				}}}}}); err != nil {
+				Chain: []validation.Constraint{{Target: "securityContact.ContactProperties.Email", Name: validation.Null, Rule: true, Chain: nil}}}}}}); err != nil {
 		return result, validation.NewError("security.ContactsClient", "Create", err.Error())
 	}
 
diff --git a/services/preview/security/mgmt/2017-08-01-preview/security/models.go b/services/preview/security/mgmt/2017-08-01-preview/security/models.go
index 2cdae3b816d9..06a1de228a67 100644
--- a/services/preview/security/mgmt/2017-08-01-preview/security/models.go
+++ b/services/preview/security/mgmt/2017-08-01-preview/security/models.go
@@ -93,6 +93,21 @@ func PossibleAutoProvisionValues() []AutoProvision {
 	return []AutoProvision{AutoProvisionOff, AutoProvisionOn}
 }
 
+// ConnectionType enumerates the values for connection type.
+type ConnectionType string
+
+const (
+	// External ...
+	External ConnectionType = "External"
+	// Internal ...
+	Internal ConnectionType = "Internal"
+)
+
+// PossibleConnectionTypeValues returns an array of possible values for the ConnectionType const type.
+func PossibleConnectionTypeValues() []ConnectionType {
+	return []ConnectionType{External, Internal}
+}
+
 // ExternalSecuritySolutionKind enumerates the values for external security solution kind.
 type ExternalSecuritySolutionKind string
 
@@ -802,6 +817,246 @@ func (ap AlertProperties) MarshalJSON() ([]byte, error) {
 	return json.Marshal(objectMap)
 }
 
+// AllowedConnectionsList list of all possible traffic between Azure resources
+type AllowedConnectionsList struct {
+	autorest.Response `json:"-"`
+	Value             *[]AllowedConnectionsResource `json:"value,omitempty"`
+	// NextLink - The URI to fetch the next page.
+	NextLink *string `json:"nextLink,omitempty"`
+}
+
+// AllowedConnectionsListIterator provides access to a complete listing of AllowedConnectionsResource
+// values.
+type AllowedConnectionsListIterator struct {
+	i    int
+	page AllowedConnectionsListPage
+}
+
+// NextWithContext advances to the next value.  If there was an error making
+// the request the iterator does not advance and the error is returned.
+func (iter *AllowedConnectionsListIterator) NextWithContext(ctx context.Context) (err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsListIterator.NextWithContext")
+		defer func() {
+			sc := -1
+			if iter.Response().Response.Response != nil {
+				sc = iter.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	iter.i++
+	if iter.i < len(iter.page.Values()) {
+		return nil
+	}
+	err = iter.page.NextWithContext(ctx)
+	if err != nil {
+		iter.i--
+		return err
+	}
+	iter.i = 0
+	return nil
+}
+
+// Next advances to the next value.  If there was an error making
+// the request the iterator does not advance and the error is returned.
+// Deprecated: Use NextWithContext() instead.
+func (iter *AllowedConnectionsListIterator) Next() error {
+	return iter.NextWithContext(context.Background())
+}
+
+// NotDone returns true if the enumeration should be started or is not yet complete.
+func (iter AllowedConnectionsListIterator) NotDone() bool {
+	return iter.page.NotDone() && iter.i < len(iter.page.Values())
+}
+
+// Response returns the raw server response from the last page request.
+func (iter AllowedConnectionsListIterator) Response() AllowedConnectionsList {
+	return iter.page.Response()
+}
+
+// Value returns the current value or a zero-initialized value if the
+// iterator has advanced beyond the end of the collection.
+func (iter AllowedConnectionsListIterator) Value() AllowedConnectionsResource {
+	if !iter.page.NotDone() {
+		return AllowedConnectionsResource{}
+	}
+	return iter.page.Values()[iter.i]
+}
+
+// IsEmpty returns true if the ListResult contains no values.
+func (ACL AllowedConnectionsList) IsEmpty() bool {
+	return ACL.Value == nil || len(*ACL.Value) == 0
+}
+
+// allowedConnectionsListPreparer prepares a request to retrieve the next set of results.
+// It returns nil if no more results exist.
+func (ACL AllowedConnectionsList) allowedConnectionsListPreparer(ctx context.Context) (*http.Request, error) {
+	if ACL.NextLink == nil || len(to.String(ACL.NextLink)) < 1 {
+		return nil, nil
+	}
+	return autorest.Prepare((&http.Request{}).WithContext(ctx),
+		autorest.AsJSON(),
+		autorest.AsGet(),
+		autorest.WithBaseURL(to.String(ACL.NextLink)))
+}
+
+// AllowedConnectionsListPage contains a page of AllowedConnectionsResource values.
+type AllowedConnectionsListPage struct {
+	fn  func(context.Context, AllowedConnectionsList) (AllowedConnectionsList, error)
+	ACL AllowedConnectionsList
+}
+
+// NextWithContext advances to the next page of values.  If there was an error making
+// the request the page does not advance and the error is returned.
+func (page *AllowedConnectionsListPage) NextWithContext(ctx context.Context) (err error) {
+	if tracing.IsEnabled() {
+		ctx = tracing.StartSpan(ctx, fqdn+"/AllowedConnectionsListPage.NextWithContext")
+		defer func() {
+			sc := -1
+			if page.Response().Response.Response != nil {
+				sc = page.Response().Response.Response.StatusCode
+			}
+			tracing.EndSpan(ctx, sc, err)
+		}()
+	}
+	next, err := page.fn(ctx, page.ACL)
+	if err != nil {
+		return err
+	}
+	page.ACL = next
+	return nil
+}
+
+// Next advances to the next page of values.  If there was an error making
+// the request the page does not advance and the error is returned.
+// Deprecated: Use NextWithContext() instead.
+func (page *AllowedConnectionsListPage) Next() error {
+	return page.NextWithContext(context.Background())
+}
+
+// NotDone returns true if the page enumeration should be started or is not yet complete.
+func (page AllowedConnectionsListPage) NotDone() bool {
+	return !page.ACL.IsEmpty()
+}
+
+// Response returns the raw server response from the last page request.
+func (page AllowedConnectionsListPage) Response() AllowedConnectionsList {
+	return page.ACL
+}
+
+// Values returns the slice of values for the current page or nil if there are no values.
+func (page AllowedConnectionsListPage) Values() []AllowedConnectionsResource {
+	if page.ACL.IsEmpty() {
+		return nil
+	}
+	return *page.ACL.Value
+}
+
+// AllowedConnectionsResource the resource whose properties describes the allowed traffic between Azure
+// resources
+type AllowedConnectionsResource struct {
+	autorest.Response `json:"-"`
+	// ID - Resource Id
+	ID *string `json:"id,omitempty"`
+	// Name - Resource name
+	Name *string `json:"name,omitempty"`
+	// Type - Resource type
+	Type *string `json:"type,omitempty"`
+	// Location - Location where the resource is stored
+	Location                              *string `json:"location,omitempty"`
+	*AllowedConnectionsResourceProperties `json:"properties,omitempty"`
+}
+
+// MarshalJSON is the custom marshaler for AllowedConnectionsResource.
+func (acr AllowedConnectionsResource) MarshalJSON() ([]byte, error) {
+	objectMap := make(map[string]interface{})
+	if acr.ID != nil {
+		objectMap["id"] = acr.ID
+	}
+	if acr.Name != nil {
+		objectMap["name"] = acr.Name
+	}
+	if acr.Type != nil {
+		objectMap["type"] = acr.Type
+	}
+	if acr.Location != nil {
+		objectMap["location"] = acr.Location
+	}
+	if acr.AllowedConnectionsResourceProperties != nil {
+		objectMap["properties"] = acr.AllowedConnectionsResourceProperties
+	}
+	return json.Marshal(objectMap)
+}
+
+// UnmarshalJSON is the custom unmarshaler for AllowedConnectionsResource struct.
+func (acr *AllowedConnectionsResource) UnmarshalJSON(body []byte) error {
+	var m map[string]*json.RawMessage
+	err := json.Unmarshal(body, &m)
+	if err != nil {
+		return err
+	}
+	for k, v := range m {
+		switch k {
+		case "id":
+			if v != nil {
+				var ID string
+				err = json.Unmarshal(*v, &ID)
+				if err != nil {
+					return err
+				}
+				acr.ID = &ID
+			}
+		case "name":
+			if v != nil {
+				var name string
+				err = json.Unmarshal(*v, &name)
+				if err != nil {
+					return err
+				}
+				acr.Name = &name
+			}
+		case "type":
+			if v != nil {
+				var typeVar string
+				err = json.Unmarshal(*v, &typeVar)
+				if err != nil {
+					return err
+				}
+				acr.Type = &typeVar
+			}
+		case "location":
+			if v != nil {
+				var location string
+				err = json.Unmarshal(*v, &location)
+				if err != nil {
+					return err
+				}
+				acr.Location = &location
+			}
+		case "properties":
+			if v != nil {
+				var allowedConnectionsResourceProperties AllowedConnectionsResourceProperties
+				err = json.Unmarshal(*v, &allowedConnectionsResourceProperties)
+				if err != nil {
+					return err
+				}
+				acr.AllowedConnectionsResourceProperties = &allowedConnectionsResourceProperties
+			}
+		}
+	}
+
+	return nil
+}
+
+// AllowedConnectionsResourceProperties describes the allowed traffic between Azure resources
+type AllowedConnectionsResourceProperties struct {
+	// CalculatedDateTime - The UTC time on which the allowed connections resource was calculated
+	CalculatedDateTime *date.Time `json:"calculatedDateTime,omitempty"`
+	// ConnectableResources - List of connectable resources
+	ConnectableResources *[]ConnectableResource `json:"connectableResources,omitempty"`
+}
+
 // AscLocation the ASC location of the subscription is in the "name" field
 type AscLocation struct {
 	autorest.Response `json:"-"`
@@ -1803,6 +2058,26 @@ type ComplianceSegment struct {
 	Percentage *float64 `json:"percentage,omitempty"`
 }
 
+// ConnectableResource describes the allowed inbound and outbound traffic of an Azure resource
+type ConnectableResource struct {
+	// ID - The Azure resource id
+	ID *string `json:"id,omitempty"`
+	// InboundConnectedResources - The list of Azure resources that the resource has inbound allowed connection from
+	InboundConnectedResources *[]ConnectedResource `json:"inboundConnectedResources,omitempty"`
+	// OutboundConnectedResources - The list of Azure resources that the resource has outbound allowed connection to
+	OutboundConnectedResources *[]ConnectedResource `json:"outboundConnectedResources,omitempty"`
+}
+
+// ConnectedResource describes properties of a connected resource
+type ConnectedResource struct {
+	// ConnectedResourceID - The Azure resource id of the connected resource
+	ConnectedResourceID *string `json:"connectedResourceId,omitempty"`
+	// TCPPorts - The allowed tcp ports
+	TCPPorts *string `json:"tcpPorts,omitempty"`
+	// UDPPorts - The allowed udp ports
+	UDPPorts *string `json:"udpPorts,omitempty"`
+}
+
 // ConnectedWorkspace ...
 type ConnectedWorkspace struct {
 	// ID - Azure resource ID of the connected OMS workspace