The Containment Era is here. →Explore

aviatrix logoAviatrix

Overview

Threat intelligence hub

Command Center

Visualize blast radius & threats

Under Active Attack
Summarize with:
ChatGPTClaudePerplexityGoogle AIGrok

When Microsoft Azure last year announced that support for default access to the internet is ending for new virtual machines (VMs) after September 30, 2025, it sparked some excellent discussions around outbound/inbound internet access that I believe will ultimately help organizations become more secure.  

Coming to the table as a former Azure Global Black Belt now helping to push the boundaries in cloud networking at Aviatrix, these discussions are right up my alley. I recently had a chance to share some perspective on what this change means for businesses on the Microsoft Blog, along with some best practices for finding the right solution for each unique organization. 

As I explain in that article: 

While this change will not affect existing VMs, any VM built after this date will need an explicit method to allow outbound or inbound internet access. Today, any VM in Azure can access the internet right out of the box using a feature called default source network address translation (SNAT). 

Default SNAT happens to outbound internet connections from VMs when none of the preferred methods for source address translation are otherwise available. Here, Azure will automatically translate the private IP of the VM to a special public IP pulled from a reserved regional block. While convenient, this method has its downsides, such as implicit internet access, lack of control or visibility over the public IP, and difficulties performing advanced troubleshooting. 

There are several choices for allowing VMs to connect to public endpoints, such as instance-level public IPsoutbound rules, the Azure NAT Gateway, and vendor-based solutions (like  Distributed Cloud Firewall for Egress from Aviatrix). And some of these choices are better than others, depending on what you want to accomplish.  

If you’re trying to figure out the right solution for your organization, you can read my full post on the Microsoft Blog here. I’d also encourage you to check out the Aviatrix Guide to Network Security in Azure, which goes further in depth on how Aviatrix enhances Azure’s native resources and services, optimizing performance and improving security. 

And of course, if you still have questions, our expert team is always here to help.

Share This Article
Connect With Us

Ready to see Aviatrix in action?

Get a personalized live demo walkthrough or explore our latest deep-dive cloud threat research intelligence.

Get a DemoThreat Research Center
Recent Articles
Cisco Multicloud Fabric I Led Cisco-s Cloud Networking Software. Here-s My Honest Read.

Cisco Multicloud Fabric: I Led Cisco's Cloud Networking Software. Here's My Honest Read.

Jun 16, 202610 min read
Aviatrix Containment Plugin for Microsoft Agent Control Specification - Blog

Containment Plugin for Microsoft Agent Control Specification

Jun 10, 20267 min read
What is Lateral Movement

Lateral Movement in Cybersecurity: How Attackers Move and How to Stop Them

Jun 09, 202610 min read
Contain. Detect. Eliminate. Aviatrix Deepens Its Investment in the Full Model.

Contain. Detect. Eliminate. Aviatrix Deepens Its Investment in the Full Model.

Jun 08, 20265 min read
View All Articles
Bryan Woodworth
About the Author

Bryan Woodworth

Principal Solutions Strategist

Bryan leads the strategy and GTM of partner-driven solutions at Aviatrix, focusing on how to leverage the most exciting, innovative technologies at both companies. He helps build solutions that solve real-world challenges, while delivering an experience customers will love. In his former role at Microsoft Azure, he was an Azure Global Black Belt.

View Full Biography
Learn Center

Keep Reading

Related Articles

Advanced Zero Trust for Workloads: Latest Aviatrix Release Delivers Runtime Protection
Advanced Zero Trust for Workloads Latest Aviatrix Release Delivers Runtime Protection
Zero Trust
Advanced Zero Trust for Workloads: Latest Aviatrix Release Delivers Runtime Protection
Madhuri Kaniganti
Madhuri Kaniganti

Dec 22, 2025

5 min read
Read More
Cloud Network Security, Simplified: The High-Rise Apartment Analogy
Cloud Network Security, Simplified The High-Rise Apartment Analogy card image
Cloud Native Security Fabric
Cloud Network Security, Simplified: The High-Rise Apartment Analogy
Jason Haworth
Jason Haworth

Dec 29, 2025

9 min read
Read More
2025 Threat Review: Risks, Exposures, and Attack Surfaces
2025 Threat Review Risks, Exposures, and Attack Surfaces card image
Zero Trust
2025 Threat Review: Risks, Exposures, and Attack Surfaces
Matt Snyder
Matt Snyder

Dec 30, 2025

9 min read
Read More
Introducing the Aviatrix Threat Research Center: AI-Powered Breach Intelligence
Threat Research Center
Zero Trust
Introducing the Aviatrix Threat Research Center: AI-Powered Breach Intelligence
John Qian
John Qian

Jan 15, 2026

5 min read
Read More
VoidLink And the Cloud Workload Attack Playbook
Voidlink And the Cloud Workload Attack Playbook
Cloud Native Security Fabric
VoidLink And the Cloud Workload Attack Playbook
Matt Snyder
Matt Snyder

Jan 21, 2026

9 min read
Read More
Incident Response in the Age of AI
The CISO’s Guide to Incident Response in the Age of AI
Zero Trust
Incident Response in the Age of AI
Sachin Saurabh
Sachin Saurabh

Jan 27, 2026

7 min read
Read More

Featured Categories

95a2292256ee0f5750aa745fc7d21d39c8ae2870

ACE Program

Explore Category
Rectangle 3966

Customers

Explore Category
5a9318112c7cc265fab072924a2acaa2122a1c9f

Cloud Network Security

Explore Category
Aws-card

AWS

Explore Category
partner_card

Partners

Explore Category
cloud networking heroes

Cloud Networking Heroes

Explore Category
azure_card

Azure

Explore Category
events_card

Events

Explore Category

Secure The Connections Between Your Clouds and Cloud Workloads

Leverage a security fabric to meet compliance and reduce cost, risk, and complexity.

Request Executive BriefingUnder Active Attack?
Cta pattren Image