Merge pull request #127390 from TrevorwrightMS/patch-4

Court72 · web-flow · commit 73a850c9458b · 2025-08-21T14:24:29.000-06:00
Update virtual-network-encryption-faq.yml
diff --git a/articles/virtual-network/virtual-network-encryption-faq.yml b/articles/virtual-network/virtual-network-encryption-faq.yml
@@ -21,9 +21,9 @@ sections:
         answer: |
           Encryption verification is limited to the status of the network interface resource, vnetEncryptionSupported, and Accelerated networking during public preview. After public preview, virtual network flow logs can be used to see the encrypted and unencrypted flows between virtual machines.
       
-      - question: Is there data not encrypted?
+      - question: Why are packets dropped in encrypted virtual networks, and how can I prevent it?
         answer: |
-          Fragmented packets aren't offloaded to hardware and don't get encrypted. Use an MTU of 1500 in the network configuration of your virtual machines.
+          Fragmented packets are not offloaded to hardware and are therefore dropped. To avoid this, configure your virtual machines with a network MTU of 1400. For encrypted virtual networks, ensure the "Don't Fragment" (DF) flag is set. Packets exceeding the 1400 MTU limit will be dropped rather than fragmented.
 
       - question: What certificate is used for the DTLS establishment on the Azure Host? 
         answer: |
