diff --git a/06-customer-responsibilities-for-running-azure-spring-cloud-in-vnet.md b/06-customer-responsibilities-for-running-azure-spring-cloud-in-vnet.md
index 4217a69..097d5b5 100644
--- a/06-customer-responsibilities-for-running-azure-spring-cloud-in-vnet.md
+++ b/06-customer-responsibilities-for-running-azure-spring-cloud-in-vnet.md
@@ -41,4 +41,14 @@ By default, Azure Spring Cloud have unrestricted outbound (egress) internet acce
     | <i>acs-mirror.azureedge.net</i> | HTTPS:443 | Repository required to install required binaries like kubenet and Azure CNI.​ |
     | <i>mscrl.microsoft.com</i> | HTTPS:80 | Required Microsoft Certificate Chain Paths.​ |
     | <i>crl.microsoft.com</i> | HTTPS:80 | Required Microsoft Certificate Chain Paths.​ ​ |
-    | <i>crl3.digicert.com</i> | HTTPS:80 | 3rd Party SSL Certificate Chain Paths.​  |
\ No newline at end of file
+    | <i>crl3.digicert.com</i> | HTTPS:80 | 3rd Party SSL Certificate Chain Paths.​  |
+
+  - Azure Spring Cloud optional FQDN for third party APM (Application Performance Management).
+    - Azure Firewall provides a FQDN Tag "AzureKubernetesService" to simplify all following configurations.
+
+    | Destination FQDN | Port | Use                                                          |
+    | ---------------- | ---- | ------------------------------------------------------------ |
+    | collector*.newrelic.com | TCP:443/80 | Required networks of New Relic APM agents from US region, also see [APM Agents Networks](https://docs.newrelic.com/docs/using-new-relic/cross-product-functions/install-configure/networks/#agents). |
+    | collector*.eu01.nr-data.net | TCP:443/80 | Required networks of New Relic APM agents from EU region, also see [APM Agents Networks](https://docs.newrelic.com/docs/using-new-relic/cross-product-functions/install-configure/networks/#agents). |
+
+