Category: Azure Networking

Hello everyone,

Managing network security across multiple Azure environments can quickly become complex. As organizations scale their cloud infrastructure, maintaining visibility over firewalls, network security groups, routing rules, and other controls becomes increasingly important.

To address this challenge, Microsoft introduced the Azure Network Security Hub, a centralized experience designed to simplify how security configurations are monitored and managed across Azure networking resources.

Continue reading “Overview of the new Azure Network Security Hub experience”

In modern cloud architectures, securing application traffic is not only about protecting the connection between users and the entry point of the application. It is equally important to ensure that communication between application gateways and backend services is also properly validated and encrypted.

Azure Application Gateway provides several capabilities to enforce TLS validation when communicating with backend services. These controls help organizations maintain strong security practices by verifying backend identities and preventing potential man-in-the-middle scenarios.

Continue reading “Backend TLS validation controls in Azure Application Gateway explained”

IP address planning is one of the most important aspects of designing scalable network architectures in Azure. While virtual networks provide flexibility in defining address spaces, subnet design can become challenging as environments grow and requirements evolve.

A capability that helps address this challenge is the ability to assign multiple address prefixes to a single subnet. This feature introduces new design possibilities for managing IP space more efficiently without requiring disruptive changes to existing environments.

Continue reading “Design patterns using multiple address prefixes for Azure VNet subnets”

Hello everyone,

Secure application delivery is a central topic in modern cloud architectures. As organizations increasingly adopt private networking models, controlling how applications are exposed becomes a key design consideration.

A new capability in Azure Application Gateway v2 introduces the concept of a Private Application Gateway, allowing the service to operate entirely within private network boundaries.

Continue reading “Private Application Gateway on Azure Application Gateway v2 overview”

As cloud environments grow in complexity, protecting resources is no longer limited to traditional network boundaries. Organizations are increasingly adopting architectures where services communicate internally across multiple virtual networks, subscriptions, and regions.

In these environments, the challenge is not only protecting external access but also defining clear and controlled boundaries between services. Azure Network Security Perimeter introduces a model that helps address this challenge by creating a structured security boundary around platform services.

This capability allows organizations to control how Azure services can be accessed, helping reduce exposure while maintaining flexibility in cloud architectures.

Continue reading “Operational insights on Azure Network Security Perimeter”

Managing security infrastructure in production environments always requires careful coordination. Network security components such as firewalls sit directly in the data path of critical applications, meaning that even small operational changes must be handled with caution.

Azure has introduced customer-controlled maintenance for Azure Firewall, a capability that gives organizations more control over when maintenance activities and updates are applied.

This improvement can be particularly valuable for enterprises that operate workloads with strict availability requirements.

Continue reading “Operational insights on customer controlled maintenance for Azure Firewall”

Hello everyone,

DNS plays a critical role in modern cloud environments. Almost every application relies on DNS resolution to connect services, APIs, and external platforms. Because of this central role, DNS is also a common entry point for security threats.

To address these risks, Azure introduced DNS security policies, allowing organizations to apply additional protection and governance over DNS traffic.

Continue reading “Azure DNS security policy explained”

As Azure environments grow, managing IP address space becomes increasingly important. What starts as a small set of virtual networks can quickly evolve into dozens or even hundreds of interconnected networks supporting multiple applications, environments, and regions.

Without proper planning and governance, IP addressing can become fragmented, overlapping, and difficult to maintain. This is where Azure Virtual Network Manager introduces valuable capabilities that help organizations manage networking at scale.

One of the key areas where this service can bring operational improvements is IP address management and network planning across large Azure environments.

Continue reading “Implementing Azure Virtual Network Manager IP address management”

Hello everyone,

One of the challenges when managing network security at scale is ensuring that configuration changes are introduced in a controlled and predictable way. This becomes even more important when working with critical components such as Azure Firewall policies.

A recent improvement introduces a Draft and Deploy workflow, which helps bring more structure and safety to how firewall configurations are managed.

Continue reading “Draft and Deploy workflow in Azure Firewall explained”

Azure Firewall continues to evolve with capabilities that simplify the design of secure network architectures in Azure. One feature that has recently become generally available is the ability to configure Destination Network Address Translation (DNAT) using the firewall’s private IP address.

This capability may seem like a small enhancement at first glance, but it opens new architectural possibilities. In many enterprise environments, traffic flows do not always originate from the public internet. Instead, connections may come from internal networks, private connectivity environments, or hybrid infrastructures.

Supporting DNAT directly on the private IP address of Azure Firewall helps address these scenarios in a more flexible way.

Continue reading “Implementing DNAT on Azure Firewall private IP address”