You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/virtual-network/ip-services/default-outbound-access.md
+4-5Lines changed: 4 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,7 @@ Examples of explicit outbound connectivity for virtual machines are:
26
26
27
27
## How and when default outbound access is provided
28
28
29
-
If a Virtual Machine (VM) is deployed without an explicit outbound connectivity method, Azure assigns it a default outbound public IP address. This IP, known as the default outbound access IP, is owned by Microsoft and can change without notice. It isn't recommended for production workloads.
29
+
If a Virtual Machine (VM) is deployed without an explicit outbound connectivity method, Azure assigns it a default outbound public IP address. This IP, known as the default outbound access IP, is owned by Microsoft and can change without notice. Additionally, default outbound connectivity relies on an implicit platform behavior and may be affected by platform‑level changes. For scenarios requiring deterministic outbound behavior, we recommend using an explicit configuration.
30
30
31
31
:::image type="content" source="./media/default-outbound-access/decision-tree-load-balancer.png" alt-text="Diagram of decision tree for default outbound access." lightbox="./media/default-outbound-access/decision-tree-load-balancer.png":::
32
32
@@ -40,7 +40,7 @@ If a Virtual Machine (VM) is deployed without an explicit outbound connectivity
40
40
41
41
**Security**: Default internet access contradicts Zero Trust principles.<br>
42
42
**Clarity**: Explicit connectivity is preferred over implicit access.<br>
43
-
**Stability**: The default outbound IP isn't customer-owned and can change, leading to potential disruptions.
43
+
**Stability**: The default outbound IP isn’t customer-owned and can change; service updates may also affect default outbound behavior, both of which can cause disruptions.
44
44
45
45
Some examples of configurations that don't work when using default outbound access:
46
46
@@ -84,9 +84,6 @@ defaultOutboundAccess = false
84
84
```
85
85
which prevents Azure from assigning default outbound public IPs to virtual machines in this subnet.
86
86
87
-
> [!IMPORTANT]
88
-
> Existing virtual machines must be **stopped and deallocated** for this change to take effect on their network interfaces.
89
-
90
87
# [PowerShell](#tab/powershell)
91
88
92
89
The following script takes the names of the Resource Group and Virtual Network and loops through each subnet to enable private subnet.
@@ -170,6 +167,8 @@ Set the value of `defaultOutboundAccess` parameter to be "false"
170
167
]
171
168
}
172
169
```
170
+
> [!IMPORTANT]
171
+
> Existing virtual machines must be **stopped and deallocated** for the change of a subnet (either from non-private to private, or the reverse) to take effect on their network interfaces.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments