Merge pull request #54092 from staleycyn/patch-3

Content drift fixes for Azure Virtual Networks

Author: v-regandowner

learn-pr/wwl-azure/introduction-to-azure-virtual-networks/includes/10-configure-internet-access-azure-virtual-nat.md

@@ -1,23 +1,29 @@
 
+[Azure NAT Gateway](/azure/nat-gateway/nat-overview) is a fully managed Network Address Translation (NAT) service that provides secure, scalable outbound connectivity from a subnet to the internet. NAT Gateway is the recommended method for outbound connectivity in Azure. 
 
+### NAT Gateway SKUs
 
+Azure NAT gateway is available in two SKUs.
 
-Globally, IPv4 address ranges are in short supply, and can be an expensive way to grant access to Internet resources. [Azure Network Address Translation (NAT)](/azure/nat-gateway/nat-overview) lets internal resources on a private network to share routable IPv4 addresses. Rather than purchasing an IPv4 address for each resource that requires internet access, you can use a NAT service to map outgoing requests from internal resources to an external IP address.
+| Feature	 | Standard	 | StandardV2 |
+| --- | --- | --- |
+| Availability zone	 | Zonal (single zone) |	Zone-redundant (all zones) |
+| IPv6 support |	No |	Yes |
+| Maximum throughput |	50 Gbps |	100 Gbps |
+| Flow logs	 | No |	Yes |
+
+### NAT Gateway usage scenario
 
 The following diagram shows outbound traffic flow from Subnet 1 through the NAT gateway to be mapped to a Public IP address or a Public IP prefix.
 
 :::image type="content" source="../media/nat-flow-map-e4870a4e.png" alt-text="Diagram with NAT service providing internet connectivity for internal resources.":::
 
 After NAT is configured, all UDP and TCP outbound flows from any virtual machine instance will use NAT for internet connectivity. No further configuration is necessary, and you don’t need to create any user-defined routes. NAT takes precedence over other outbound scenarios and replaces the default Internet destination of a subnet.
 
-NAT scales automatically to support dynamic workloads. NAT can support up to 16 public IP addresses. By using port network address translation (PNAT or PAT), NAT provides up to 64,000 concurrent flows for UDP and TCP. NAT is compatible with the following standard SKU resources:
-
-- Load balancer
-- Public IP address
-- Public IP prefix
+NAT scales automatically to support dynamic workloads. NAT can support up to 16 public IP addresses. By using port network address translation (PNAT or PAT), NAT provides up to 64,000 concurrent flows for UDP and TCP. 
 
-## Limitations of NAT
+### Considerations for NAT Gateway
 
-- Only the IPv4 address family is supported. NAT doesn't interact with IPv6 address family. 
+- Standard NAT gateway supports IPv4 only.
+- StandardV2 NAT gateway supports both IPv4 and IPv6 public IP addresses and prefixes.
 - NAT can't span multiple virtual networks.
-- IP fragmentation isn't supported.

learn-pr/wwl-azure/introduction-to-azure-virtual-networks/includes/2-explore-azure-virtual-networks.md

@@ -11,11 +11,11 @@ This video reviews the basics of IP addressing and subnetting.
 
 Azure VNets enable resources in Azure to securely communicate with each other, the internet, and on-premises networks.
 
-- **Communication with the internet.** All resources in a VNet can communicate outbound to the internet, by default. You can communicate inbound to a resource by assigning a public IP address or a public Load Balancer. You can also use public IP or public Load Balancer to manage your outbound connections.
-- **Communication between Azure resources.** There are three key mechanisms through which Azure resource can communicate: VNets, VNet service endpoints, and VNet peering. Virtual Networks can connect not only virtual machines (VMs), but other Azure Resources, such as the App Service Environment, Azure Kubernetes Service, and Azure Virtual Machine Scale Sets. You can use service endpoints to connect to other Azure resource types, such as Azure SQL databases and storage accounts. When you create a VNet, your services and VMs within your VNet can communicate directly and securely with each other in the cloud.
-- **Communication between on-premises resources.** Securely extend your data center. You can connect your on-premises computers and networks to a virtual network using any of the following options: Point-to-site virtual private network (VPN), Site-to-site VPN, Azure ExpressRoute.
+- **Communication with the internet.** Resources in a VNet can communicate outbound to the internet using a NAT gateway, public IP address, or public load balancer. 
+- **Communication between Azure resources.** There are four key mechanisms through which Azure resource can communicate: VNets, VNet service endpoints, VNet private endpoints and VNet peering. 
+- **Communication between on-premises resources.** You can connect your on-premises computers and networks to a virtual network using any of the following options: Point-to-site virtual private network (VPN), Site-to-site VPN, and Azure ExpressRoute.
 - **Filtering network traffic.** You can filter network traffic between subnets using any combination of network security groups and network virtual appliances.  
-- **Routing network traffic.** Azure routes traffic between subnets, connected virtual networks, on-premises networks, and the Internet, by default. You can implement route tables or border gateway protocol (BGP) routes to override the default routes Azure creates.
+- **Routing network traffic.** Azure routes traffic between subnets, connected virtual networks, and on-premises networks. You can implement route tables or border gateway protocol (BGP) routes to override the default routes Azure creates.
 
 ## Design considerations for Azure Virtual Networks
 
@@ -61,4 +61,4 @@ When planning to implement virtual networks, you need to consider:
 
 
 
-Choose the best response for each question.
+Choose the best response for each question.

learn-pr/wwl-azure/introduction-to-azure-virtual-networks/includes/3-configure-public-ip-services.md

@@ -1,7 +1,3 @@
-
-
-
-
 Public networks like the Internet communicate by using public IP addresses. Private networks like your Azure Virtual Network use private IP addresses, which aren't routable on public networks. To support a network that exists both in Azure and on-premises, you must configure IP addressing for both types of networks.
 
 Public IP addresses enable Internet resources to communicate with Azure resources and enable Azure resources to communicate outbound with Internet and public-facing Azure services. A public IP address in Azure is dedicated to a specific resource. A resource without a public IP assigned can communicate outbound through network address translation services, where Azure dynamically assigns an available IP address that isn't dedicated to the resource.
@@ -31,16 +27,16 @@ Public IP addresses are created with an IPv4 or IPv6 address, which can be eithe
 ## Choose the appropriate SKU for a public IP address
 
 > [!IMPORTANT]
->
-> On September 30, 2025, Basic SKU public IPs will be retired. If you are currently using Basic SKU public IPs, make sure to upgrade to Standard SKU public IPs prior to the retirement date. For guidance on upgrading, visit [Upgrading a basic public IP address to Standard SKU](/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance).
-
-| Public IP address | **Standard** | **Basic**|
-| --- | --- |--- |
-| Allocation method | Static |  For IPv4: Dynamic or Static; For IPv6: Dynamic. |
-| Idle time-out | Have an adjustable inbound originated flow idle time out of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle time out of 4 minutes. |  Have an adjustable inbound originated flow idle time out of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle time out of 4 minutes. |
-|Security | Secure by default model and be closed to inbound traffic when used as a frontend. Allow traffic with network security group (NSG) is required (for example, on the NIC of a virtual machine with a Standard SKU Public IP attached). |Open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic|
-|Availability zones | Supported. Standard IPs can be nonzonal, zonal, or zone-redundant. Zone redundant IPs can only be created in regions where there are three availability zones.| Not supported.|
-|Routing preference | Supported to enable more granular control of how traffic is routed between Azure and the Internet.| Not supported.|
-|Global tier | Supported via cross-region load balancers.| Not supported.|
-
-Choose the best response for each question.
+> On September 30, 2025, Basic SKU public IPs were retired. If you're currently using Basic SKU public IPs, upgrade to Standard SKU public IPs as soon as possible. Basic IPs remain operational post-retirement but are unsupported and not covered by SLA guarantees. For guidance on upgrading, visit [Upgrading a basic public IP address to Standard SKU](/azure/virtual-network/ip-services/public-ip-basic-upgrade-guidance).
+
+
+| Public IP address | **Standard SKU** | 
+| --- | --- |
+| Allocation method | Static | 
+| Idle time-out | Have an adjustable inbound originated flow idle time out of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle time out of 4 minutes. |  
+| Security | Secure by default model and be closed to inbound traffic when used as a frontend. Allow traffic with network security group (NSG) is required (for example, on the NIC of a virtual machine with a Standard SKU Public IP attached). 
+| Availability zones | Supported. Standard IPs can be nonzonal, zonal, or zone-redundant. Zone redundant IPs can only be created in regions where there are three availability zones.|
+| Routing preference | Supported to enable more granular control of how traffic is routed between Azure and the Internet.| 
+| Global tier | Supported via cross-region load balancers.| 
+
+Choose the best response for each question.

learn-pr/wwl-azure/introduction-to-azure-virtual-networks/includes/7-enable-cross-virtual-network-connectivity-peering.md

@@ -11,10 +11,13 @@ Network traffic between peered virtual networks is private. The virtual networks
 
 Virtual network peering enables you to seamlessly connect two Azure virtual networks. Once peered, the virtual networks appear as one, for connectivity purposes. There are two types of VNet peering.
 
+:::image type="content" source="../media/global-vnet-peering-2368962c.png" alt-text="Diagram with VNet1 in Region 1, and VNet2 and VNet3 in Region 2. VNet2 and VNet3 are connected with regional VNet peering. VNet1 and VNet2 are connected with a global VNet peering.":::
+
 - **Regional VNet peering** connects Azure virtual networks in the same region.
-- **Global VNet peering** connects Azure virtual networks in different regions. The peered virtual networks can exist in any Azure public cloud region or China cloud regions, but not in Government cloud regions. You can only peer virtual networks in the same region in Azure Government cloud regions.
+- **Global VNet peering** connects Azure virtual networks in different regions.
 
-:::image type="content" source="../media/global-vnet-peering-2368962c.png" alt-text="Diagram with VNet1 in Region 1, and VNet2 and VNet3 in Region 2. VNet2 and VNet3 are connected with regional VNet peering. VNet1 and VNet2 are connected with a global VNet peering.":::
+> [!TIP]
+> Azure also supports [subnet peering](/azure/virtual-network/how-to-configure-subnet-peering), a more granular peering option. Subnet peering lets you select specific subnets to peer across virtual networks rather than peering entire address spaces. 
 
 ### Benefits of virtual network peering
 
@@ -24,28 +27,13 @@ The benefits of using virtual network peering, whether local or global, include:
 - The ability to apply network security groups in either virtual network to block access to other virtual networks or subnets.
 - The ability to transfer data between virtual networks across Azure subscriptions, Microsoft Entra tenants, deployment models, and Azure regions.
 - The ability to peer virtual networks created through the Azure Resource Manager.
-- The ability to peer a virtual network created through Resource Manager to one created through the classic deployment model.
 - No downtime to resources in either virtual network is required when creating the peering, or after the peering is created.
 
-
-
-## Configure VNet Peering
-
-Here are the steps to configure VNet peering. Notice you need two virtual networks. To test the peering, you need a virtual machine in each network. Initially, the VMs won't be able to communicate, but after peering the communication works. 
-
-1. Create two virtual networks.
-2. **Peer the virtual networks**.
-3. Create virtual machines in each virtual network.
-4. Test the communication between the virtual machines.
-
-> [!NOTE]
-> When you add a peering on one virtual network, the second virtual network configuration is automatically added.
-
 ### Gateway Transit and Connectivity
 
 You can configure a VPN gateway in the peered virtual network as a [gateway transit](/azure/vpn-gateway/vpn-gateway-peering-gateway-transit) point. In this case, a peered virtual network uses the remote gateway to gain access to other resources. A virtual network can have only one gateway. Gateway transit is supported for both VNet Peering and Global VNet Peering.
 
-Gateway Transit allows the virtual network to communicate to resources outside the peering. For example, the subnet gateway could:
+For example, the subnet gateway could:
 
 - Use a site-to-site VPN to connect to an on-premises network.
 - Use a VNet-to-VNet connection to another virtual network.
@@ -59,4 +47,4 @@ In these scenarios, gateway transit allows peered virtual networks to share the
 > Network security groups can be applied in either virtual network to block access to other virtual networks or subnets. 
 
 
-Choose the best response for each question.
+Choose the best response for each question.

learn-pr/wwl-azure/introduction-to-azure-virtual-networks/index.yml

@@ -5,7 +5,7 @@ metadata:
   prefetch-feature-rollout: true
   title: Introduction to Azure Virtual Networks
   description: "In this module, you learn how to design and implement Azure networking services. You learn about virtual networks, public and private IPs, DNS, virtual network peering, routing, and Azure Virtual NAT."
-  ms.date: 02/04/2026
+  ms.date: 03/23/2026
   author: wwlpublish
   ms.author: cynthist
   ms.topic: module