Aviatrix Blog

Enterprise Multicloud Networking

Archive

Aviatrix Blog

How to Handle the 2025 Change to Azure VM Internet Access

Photo by Brendan Church on Unsplash

When Microsoft Azure last year announced that support for default access to the internet is ending for new virtual machines (VMs) after September 30, 2025, it sparked some excellent discussions around outbound/inbound internet access that I believe will ultimately help organizations become more secure.  

 

Coming to the table as a former Azure Global Black Belt now helping to push the boundaries in cloud networking at Aviatrix, these discussions are right up my alley. I recently had a chance to share some perspective on what this change means for businesses on the Microsoft Blog, along with some best practices for finding the right solution for each unique organization. 

 

As I explain in that article: 

 

While this change will not affect existing VMs, any VM built after this date will need an explicit method to allow outbound or inbound internet access. Today, any VM in Azure can access the internet right out of the box using a feature called default source network address translation (SNAT). 

 

Default SNAT happens to outbound internet connections from VMs when none of the preferred methods for source address translation are otherwise available. Here, Azure will automatically translate the private IP of the VM to a special public IP pulled from a reserved regional block. While convenient, this method has its downsides, such as implicit internet access, lack of control or visibility over the public IP, and difficulties performing advanced troubleshooting. 

 

There are several choices for allowing VMs to connect to public endpoints, such as instance-level public IPsoutbound rules, the Azure NAT Gateway, and vendor-based solutions (like  Distributed Cloud Firewall for Egress from Aviatrix). And some of these choices are better than others, depending on what you want to accomplish.  

 

If you’re trying to figure out the right solution for your organization, you can read my full post on the Microsoft Blog here. I’d also encourage you to check out the Aviatrix Guide to Network Security in Azure, which goes further in depth on how Aviatrix enhances Azure’s native resources and services, optimizing performance and improving security. 

 

And of course, if you still have questions, our expert team is always here to help.