Wired for Hybrid – What’s New in Azure Networking December 2023 edition


Hello Folks,

Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What's new in Azure Networking.

In this blog post, we'll cover what's new with Azure Networking in December 2023.  In this blog post, we will cover the following announcements and how they can help you.


Connection Monitor, a multi-agent monitoring solution, detects network connectivity and performance errors real time with aggregated packet loss and latency, localizes the problematic network component with end-to-end path visibility in unified topology and provides actionable insights to diagnose and troubleshoot the issues, thus reducing the overall Mean Time to Resolve network connectivity issues.

With Agent, we aim to consolidate multi-monitoring agents into a single agent. This capability addresses connectivity monitoring logs and metrics data collection needs across Azure and ARC enabled

The highlighted features of this new update are:

  • Connectivity monitoring support for ARC enabled on-premises endpoints as source as well as destination.
  • Simpler management of network monitoring extensions
  • One agent for monitoring Azure and non-Azure Arc endpoints 
  • Enhanced security through Managed Identity and Azure () tokens

The roadmap for the feature includes:

  • Portal support for auto-enablement of Agent extension
  • Integrated support for enablement of Network Watcher extension with Azure Monitor Agent
  • Extended support across Azure resources beyond VM and scale set
  • Enhanced performance metrics with Throughput and Jitter UI support

The support for configuring the same port number for public and private listeners on your Application Gateway is now generally available.

The provision enables you to easily use a single Application deployment to serve both internet-facing and internal clients. With this, you don't need to use non-standard ports on listeners or customize the backend application. This feature is now generally available in all public regions, Azure China cloud regions, and Azure Government cloud regions.

An additional configuration may be needed for Inbound rules if you use Network Security Groups with your application .

Rate-limit custom rules on Azure's regional Web Application Firewall (WAF) running on Application Gateway are now available. Rate-limiting enables you to detect and block abnormally high levels of traffic destined for your application. By using rate limiting, you can mitigate many types of denial-of-service attacks, protect against clients that have accidentally been misconfigured to send large volumes of requests in a short time period, or control traffic rates to your site from specific geographies.

ExpressRoute Direct customers will be able to manage network costs, connect ExpressRoute circuits from multiple subscriptions with one ExpressRoute direct Port resource, and isolate management of ExpressRoute Direct resource from your ExpressRoute circuits. 

ExpressRoute Direct gives you the ability to connect directly into the Microsoft global network at peering locations strategically distributed around the world. ExpressRoute Direct provides dual 100-Gbps or 10-Gbps connectivity, that supports Active/Active connectivity at scale.

This requires an ExpressRoute Direct port and an ExpressRoute Circuit.  Previously, ExpressRoute circuits and ExpressRoute Direct resources were created in one subscription, you then could connect their circuit to a Virtual Network resource that is located in a different subscription using an authorization.

With this feature today, you can create the Port and ExpressRoute circuit in different subscriptions redeeming the authorizations to create a circuit.


Express Route is now a Trusted Service in Azure. This means you can store your Media Access Control, or MACsec, secrets (Connectivity Association Key and Connectivity Association Key Name) in an Azure Key Vault with Firewall policies enabled. That way you can restrict public access to Keyvault yet allow Trusted services like ExpressRoute to access secrets, passwords, or keys stored in the Keyvault.

This continues with our push to make it easier for you to securely connect to Azure from your on-premises environment.


Brings greater ability to manage org wide your security posture. Unlike NSGs, sec admin rules will be applied to any virtual network added to a network group w/ a sec configuration applied.


That's it for this month.   Happy Holidays!




This article was originally published by Microsoft's ITOps Talk Blog. You can find the original article here.