implement Service tags for UDR/Route
Can be good when we create a Route/UDR to have the possibility to select in "Next Hop Type" a service Tag, or Azure Region IP range.
Thank you for the feedback. We will consider this for inclusion in our planning.
Dee Hawkins commented
Please implement Service Tags for UDRs. This is the most critical improvement for Azure Networking for secure networks implementing Network Security Appliances.
Aidan Finn commented
The numbers of routes required for PaaS services in a secure network design is crazy. SQL MI in particular is a nightmare.
Patricia Lucas commented
Is there an update on this beyond "Under Review". The more work we do with UDRs, the more important this feature becomes.
Andrej Kasnik commented
Now this would make even more sense when Azure Firewall roles out as you could force traffic for PaaS services such as storage account to Azure Firewall and only allowed URLs (storage accounts you control) to be accessed.
Morad Chetbi commented
This is our biggest headache at the moment also. It would be great if the Azure regions DC addresses were ideally managed under the hood for us. Or either as suggested above using a Tagged approach as has been done for NSG recently.
In our scenario we ideally want to force tunnel all externally destined traffic out via our own Azure based NG Firewalls in order to apply control + web filtering etc, but as the environment grew the amount of underlying Azure traffic passing the FW's did also.