Azure Data Explorer and subnet delegation

This post has been republished via RSS; it originally appeared at: Azure Data Explorer articles.

Subnet delegation enables you to designate a specific subnet for an Azure PaaS service of your choice that needs to be injected into your virtual network. When you delegate a subnet to Azure Data Explorer, you allow the service to establish some basic network configuration rules for that subnet, which help ADX to operate in a stable manner.

 

cosh23_0-1623408109886.png

 

As a result, ADX adds a set of Network Intent Policies policies which are required for the service to work properly. In the past you had to create all of those Input and Output Network Security Group rules yourself and everytime we had to change some of the IPs you had to change some of them. 

 

cosh23_1-1623408165345.png

 

Benefits

 

Since beginning of June 2021 we are enforcing subnet delegation on the subnet you like to use for ADX. However we are aware of scenarios where customers need to opt-out because of certain requirements (Custom Private Link in the same subnet or company policies in general). For those situations we allow our customer to opt-out using the "preview features" configuration in the Azure portal. If you register for "Azure Data Explorer: opt out of subnet delegation" your ADX service deployments will not enforce subnet delegation to be enabled. 

 

cosh23_1-1623406252411.png

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.