You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/network-watcher/traffic-analytics-what-if.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,23 +9,25 @@ ms.date: 04/06/2026
9
9
ms.topic: how-to
10
10
---
11
11
12
+
# Use rule impact analyzer in traffic analytics
13
+
12
14
In this article, you learn how to use the Rule Impact Analysis feature with network groups in Azure Virtual Network Manager. You can use the Azure portal to create a security admin configuration, add a security admin rule, and simulate the impact of your rule changes before deploying them.
13
15
14
16
The Rules Impact Analyzer enables you to preview the impact of security admin rules before applying them to your environment. This feature helps you validate rule behavior, identify potential conflicts, and ensure that connectivity requirements are met without disrupting live traffic. By understanding the impact of your proposed rules changes, you can confidently plan changes, maintain compliance, and reduce the risk of misconfiguration across your virtual networks.
15
17
16
-
# Prerequisites
18
+
##Prerequisites
17
19
18
20
- An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
19
21
20
-
-A network group. If you don't have a network group, see[Create a network group](../virtual-network-manager/create-virtual-network-manager-portal#create-a-network-group).
21
-
22
-
-The right permissions. Traffic Analytics must be enabled to run Rule Impact Analysis, so ensure you have the required permissions to access and operate on Traffic Analytics data. For details, see [Azure RBAC Permissions - Azure Network Watcher](https://learn.microsoft.com/en-us/azure/network-watcher/required-rbac-permissions#traffic-analytics).
22
+
-Traffic analytics enabled for your virtual network flow logs or network security group fow logs. For more information, see[Enable traffic analytics on virtual network flow logs](vnet-flow-logs-manage.md#enable-or-disable-traffic-analytics) or [Enable traffic analytics on network security group flow logs](nsg-flow-logs-manage.md#enable-or-disable-traffic-analytics).
23
+
24
+
-Required role-based access control (RBAC) permissions. For more information, see [Trafic analytics RBAC Permissions](required-rbac-permissions.md#traffic-analytics).
23
25
24
-
-Access to the Azure portal
26
+
-A network group. If you don't have a network group, see [Create a network group](../virtual-network-manager/create-virtual-network-manager-portal#create-a-network-group).
25
27
26
-
# Workflow and Step-by-Step guide for Rules Impact Analysis
28
+
##Workflow and Step-by-Step guide for Rules Impact Analysis
27
29
28
-
## Configuring network security across multiple environments requires careful planning. The Rule Impact Analyzer provides a safe way to validate security admin rules before they are applied, helping you understand their impact and avoid disruptions. By simulating changes first, you gain confidence that your rules will work as intended and maintain compliance without affecting live traffic.
30
+
onfiguring network security across multiple environments requires careful planning. The Rule Impact Analyzer provides a safe way to validate security admin rules before they are applied, helping you understand their impact and avoid disruptions. By simulating changes first, you gain confidence that your rules will work as intended and maintain compliance without affecting live traffic.
29
31
30
32
## How does Rule Impact Analysis Work?
31
33
@@ -83,8 +85,6 @@ After selecting the rules to analyze, you must specify the scope of the evaluati
83
85
84
86
- Click **Apply**.
85
87
86
-
<!---->
87
-
88
88
- The system analyses the rules against your current configuration.
89
89
90
90
### Step 3: Review results
@@ -114,10 +114,10 @@ The table lists all target virtual networks analysed during the simulation and s
114
114
115
115
For impacted virtual networks, the report identifies the **impacting rule**, its p**riority**, and the **number of** f**lows breaking**, helping you assess the severity of the change. Use **View Query** to inspect the underlying query and validate the result before deploying the rules.
116
116
117
-
# Next Steps
117
+
# Related content
118
+
118
119
119
-
Additional resources:
120
+
-[Create a security admin rule using network groups - Azure Virtual Network Manager \| Microsoft Learn](https://learn.microsoft.com/en-us/azure/virtual-network-manager/how-to-create-security-admin-rule-network-group)
120
121
121
-
1.[Create a security admin rule using network groups - Azure Virtual Network Manager \| Microsoft Learn](https://learn.microsoft.com/en-us/azure/virtual-network-manager/how-to-create-security-admin-rule-network-group)
122
+
-[View configurations applied by Azure Virtual Network Manager \| Microsoft Learn](https://learn.microsoft.com/en-gb/azure/virtual-network-manager/how-to-view-applied-configurations)
122
123
123
-
2.[View configurations applied by Azure Virtual Network Manager \| Microsoft Learn](https://learn.microsoft.com/en-gb/azure/virtual-network-manager/how-to-view-applied-configurations)
0 commit comments