Wired for Hybrid – Episode 3 – What’s New in Azure Networking – February 2023 Edition

Posted by

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

Azure Networking is the foundation of your infrastructure in Azure. So, we’re happy to bring you a monthly update on What’s new in Azure Networking.


In this blog post, we’ll cover what is new with Azure Networking.



Public preview: Azure Firewall Basic


Azure Firewall Basic is a new SKU of Azure Firewall designed to meet the needs of SMBs by providing enterprise-grade protection of their cloud environment at an affordable price point. It is a cloud-native, highly available, stateful firewall as a service offering that enables customers to centrally govern and log all of their traffic flows with essential capabilities at scale.





This will give customers access to:

  • Network and application traffic filtering
  • Threat intelligence to alert on malicious traffic
  • Built-in high availability
  • Seamless integration with other Azure security services


 Setup and maintenance are easy.  Maintenance is lower for smaller IT shops.

  • Set up in just a few minutes.
  • Automate deployment (deploy as code).
  • Zero maintenance with automatic updates.
  • Central management via Azure Firewall Manager.


Azure Firewall Basic is like Firewall Standard, but has the following limitations:

  • Supports Threat Intel alert mode only.
  • Fixed scale unit to run the service on two virtual machine backend instances.
  • Recommended for environments with maximum throughput of 250 Mbps. The throughput may increase for feature general availability (GA).


Like the other Firewall SKUs, this version integrates with Azure Firewall Management to centrally manage Azure Firewalls across multiple subscriptions. Firewall Manager uses firewall policy to apply a common set of network/application rules and configuration to the firewalls in your tenant.


This is the best option for SMBs wanting enterprise-grade Firewall protection and throughput needs less than 250 mbps. If you need features like DNS Proxy/Custom DNS or web content filtering, or higher speeds, you’ll need standard or premium.






Announcement: Public preview: Azure Firewall Basic


Learning opportunity:


Looking to Deploy? Start with Deploy & configure Azure Firewall Basic (preview) and policy using the Azure portal | Microsoft Learn


Public preview: IP Protection SKU for Azure DDoS Protection





Distributed denial of service (DDoS) attacks security concerns are a major blocker for customers looking to move their applications to the cloud. Luckily, IP Protection, designed with SMBs in mind, delivers enterprise-grade, cost-effective DDoS protection.


Instead of enabling DDoS protection on a per virtual network basis, including all public IP resources associated with resources in those virtual networks, you now have the flexibility to enable DDoS protection on an individual public IP.   That means that from now on the standard SKU of Azure DDoS Protection will now be known as “Network Protection”. “IP Protection” includes the same features as Network Protection, but Network Protection will have in the following value-added services: DDoS Rapid Response support, cost protection, integration with Azure Firewall Manager, and discounts on Azure Web Application Firewall.


You can see the difference between IP Protection and Network protection here.


Announcement: What’s new in Azure Network Security at Microsoft Ignite 2022

Documentation: What is Azure DDoS Protection?

Learning opportunity:


Public preview: Azure Bastion now supports shareable links.




With this release, you no longer need to access the Azure Portal to use Azure Bastion for VM access. VMs using Bastion for administrative access can be accessed through a shareable link. Users of these VMs won't require full access in the Azure Portal, thus decreasing your security exposure.


Basically, you need to deploy bastion Standard SKU in the VNet with your VM resources, configure the instance to support Shareable Links (under configurations). Once configured, you create shareable links for the VMs that will utilize them.


To use the links, open the link in your browser. You’ll have the option to choose protocol connection (RDP or SSH) and port, then enter your credentials. No credentials are provided so users will require credentials to each resource they need to access.



Announcement: Public preview: Azure Bastion now support shareable links


Learning opportunity:


Public preview: Azure Resource Topology





Azure Resource Topology (ART) allows you to visualize the resources in a network, acquire system context, understand state and debug issues faster.


This leads to upgrading the network monitoring and management experience in Azure. This topology (Preview) experience will allow the users to draw a unified and dynamic topology across multiple subscription, regions, and resource groups (RGs) comprising of multiple resources.





Allowing deep dive into your environment, ART provides the capability for users to drill down from regions, VNETs to subnets, and resource view diagram of resources supported in Azure. It also stitches the end-to-end monitoring and diagnostics story with the capability to run next hop directly from a VM selected in the topology after specifying the destination IP address.




Supported resource types supported by Topology:

  • Application gateways
  • ExpressRoute Circuits
  • Load balancers
  • Network Interfaces
  • Network Security Groups
  • PrivateLink Endpoints
  • PrivateLink Services
  • Public IP Addresses
  • Virtual Machines
  • Virtual Network Gateways
  • Virtual Networks


Announcement: Public preview: Azure Resource Topology


Learning opportunity:


 See you next month!






Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.