NSG flow logging isn't supported when using NAT
Any plans when this or if this is going to be implemented in the future. NSG flow logging.
For compliance, we need to capture NSG Flow Logs. NAT Gateway would increase our security posture by being able to remove public IPs from VMs, but we can't do that unless we can retain the flow logs. When will this limitation be removed?
Droessler, Michael J. commented
Agreed. We have medium security use cases where we don't require an Azure Firewall, but a NAT Gateway would allow for known egress IPs. However, without NSG Flow Logging this remains a non-starter.