Networking

The Networking forum covers all aspects of Networking in Azure, including endpoints, load-balancing, network security, DNS, Traffic Manager, virtual networks, and external connectivity.

Virtual Network:

  • Service overview

  • Technical documentation

  • Pricing details

  • Traffic Manager:

  • Service overview

  • Technical documentation

  • Pricing details

  • Network Watcher:

  • Service overview

  • Technical documentation

  • Pricing details

  • If you have any feedback on any aspect of Azure relating to Networking, we’d love to hear it.

    • Hot ideas
    • Top ideas
    • New ideas
    • My feedback
    1. Bring Your Own Public IP Address space and Internet subnet routing in Azure Virtual Networks

      When you own a public address space IPv4 and/or IPv6, Windows Azure should provide a way to use it (via LISP and/or classic routing).
      When you don't own a public address space, you should be able to rent it for your virtual network on Windows Azure both via Microsoft or via Tunnel Broker providers

      542 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      21 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    2. Azure DevOps Whitelisting

      Please create service tag for Azure DevOps Hosted Build Agents. I have been told that to allow hosted agent access through NSG - to my ASE's, I need to whitelist ALL external Azure IPs.. This is unaccesptable from a Security standpoint. Please address immediately

      https://developercommunity.visualstudio.com/idea/467755/static-ip-address-for-azure-devops.html?childToView=571222#comment-571222

      493 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    3. Feature Central IP Object usable for ALL Azure Resources

      Central IP Object usable for ALL Azure Resources

      In this new feature (ex : Azure IP Object management) user can create IP Object (List of Ips or Subnet) this object can be added in any Azure Resources who have a Firewall (Azure SQL, Storage Account, WebApp,...)

      For Exemple:
      You create an Object "Company Public IPs" and you add in this object All your company Public IP.
      In your Azure resources Firewall (WebApp, AzureDB, NSG,...) you specify this Object to allowing access.

      If tomorrow you need to add a new public IP you just need to add this new public IP…

      91 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      3 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →

      Thanks for the valid suggestion. Your feedback is now open for the user community to upvote which allows us to effectively prioritize your request against our existing feature list and also gives us insight into the potential impact of implementing the suggested feature

    4. Expose IP address ranges via API

      You can download an XML file of Azure IP address ranges from http://www.microsoft.com/en-us/download/details.aspx?id=41653. It's updated weekly.
      It would be nice to be able to access this list via an API so that we could automate any changes required when the Azure's IP address list changes.
      Kind of like what Amazon does: https://aws.amazon.com/blogs/aws/aws-ip-ranges-json/

      50 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  5 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    5. Provide a rest api to access the list of Azure IP Addresses

      Please provide an api that will us to gather the full list of azure ip addresses, the ones added in the last week, and the ones deleted in the last week. This would be used to automate the weekly changes we need to make to accommodate these changes.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    6. Block out access to azure resources from outside

      I am looking for a way to completely block out access to azure resources from outside of Japan. An access from abroad is most likely from a person who are not from our company.

      Recently, I am terribly worried because there are a lot of illegal access from the outside country. It's very reassuring to have the ability to shut off foreign access in Azure. This scenario is difficult to achieve because the NSG feature has a limit in a number of IP addresses which can be restricted.

      45 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    7. NVA Public IP

      Ability to assign Public IP to an NVA interface, without going through the Azure Internal NAT. Like Onpremise Firewall. Currently, Azure creates interfaces with Private and Public IP, but only permit assigns Private IP to the NVA interfaces.

      28 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      triaged  ·  0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    8. difrentiate IP ranges per service

      At the moment if we want to restrict access to Azure services we need to whitelist entire Region. PCI certification requirements require to limit also outgoing access to the specific IP addreses to avoid possibility that attacker will be able to exfiltrate data from attacked machine.
      With current scenario (whitelisting entire region) attacker can put FTP or HTTP upload server in the same region of the Azure and successfully upload data there. If ranges would be specific for services (e.g. Sql Azure, Key Vault, etc) then such exfiltration wouldn't be possible as we could restrict access to the services which…

      8 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    9. APIM as Service

      hi team,

      would like to have IPAM as service: it would be nice to be able to create an "Azure IP range" and then request IP ranges for new vNets from it, perform inventory etc.

      6 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    10. Provide an IP and URL address service, like Office 365, to replace the XML download process.

      Provide an IP and URL address service like Office 365 to replace the XML download process for Azure Datacenter IP address ranges.

      For example - Office 365 Link: https://docs.microsoft.com/en-us/office365/enterprise/office-365-ip-web-service

      3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      2 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    11. 3 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    12. IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Find a user from which IP cannot

      IP report(Risky IP) and User Report(Bad Password Attempts) from the Azure should be merged into one report. Finding a user from which IP cannot directly

      2 votes
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      0 comments  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    13. Need a 1 to 1 mapping between data centers and the IP range list

      Trying to use Azure Backup to German Northeast and North Central US.

      Would be nice if there was a one to one mapping between the regions displayed here: https://azure.microsoft.com/en-ca/global-infrastructure/regions/

      and what is listed here: https://www.microsoft.com/en-us/download/details.aspx?id=41653

      Having problems guessing which region to use for the for following locations:

      German Northeast - options:

                  <Region Name="europeeast">

      <Region Name="europenorth2">

      <Region Name="europenorth">

      North Central US: options:

                  <Region Name="uscentraleuap">

      <Region Name="uscentral">

      <Region Name="usnorth">

      <Region Name="uswestcentral">

      1 vote
      Vote
      Sign in
      (thinking…)
      Sign in with: Microsoft
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      1 comment  ·  IP addresses  ·  Flag idea as inappropriate…  ·  Admin →
    • Don't see your idea?

    Feedback and Knowledge Base