Interface endpoints for SQL Database is a new capability that enables customers to connect privately to Azure PaaS services within customer virtual networks, providing direct connectivity from their workloads using isolated traffic to specific resources.
Azure service resources can be mapped directly into a virtual network allowing traffic from the same virtual network or using Express Route or VPN connections.
Public traffic is no longer required to access Azure services privately, and network security configuration is simplified with trusted traffic within your virtual network.
Interface endpoints are managed using the same tools (PowerShell, ARM templates, and CLI) allowing users to quickly get up and running with their setup.
Connect to services in Azure Virtual Network more securely and privately with Azure Private Link, now available in preview. Private Link simplifies the network architecture and secures the connection between endpoints in Azure by keeping data on the Azure network, thus eliminating exposure to the internet. Private Link also enables you to create and render your own services on Azure.
During public preview, Private Link supports Azure Storage, Azure Data Lake Storage Gen 2, Azure SQL Database, Azure SQL Data Warehouse, and customer-owned services.
New improvements have been added to network security group (NSG), which filters network traffic to and from various Azure resources. These include ICMP and Default Overrides for AzurePlatformDNS, IMDS and LKM.
Dual Stack IPv4/IPv6 Connectivity allows you to bring your private IPv6 space into Azure and enables connectivity over IPv6 within your Virtual Networks. This enables you to address IPv4 depletion, meet regulatory requirements and expand into the growing mobile and IoT markets with your Azure-based applications.
Gateway Transit is supported for Global VNet Peering in all Azure public regions, Azure China regions, and Azure Government regions.
Gateway Transit enables you to use a peered virtual network's gateway instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and virtual networks to keep up with the growth. VNet peering's Gateway Transit can help simplify your network architecture.
Public preview for virtual network service endpoint policies for Azure Storage was expanded to four new US regions on March 25. The full list of regions is:
East US 2
North Central US
South Central US
West Central US
West US 2
oday we are excited to launch two new key capabilities to Azure Firewall.
Threat intelligence based filtering
Service tags filtering
Azure Firewall is a cloud native firewall-as-a-service offering which enables customers to centrally govern all their traffic flows using a DevOps approach. The service supports both application (such as *.github.com), and network level filtering rules. It is highly available and auto scales as your traffic grows.
Global VNet Peering now supports Standard Load Balancer. Previously, resources in one virtual network could not communicate with the front-end IP address of an internal load balancer over a globally peered connection. The virtual networks needed to be in the same region. With this announcement, this is no longer the case. You can communicate with the internal IP address of a Standard Load Balancer instance across regions from resources deployed in a globally peered virtual network. This support is in all Azure regions, including Azure China and Azure Government regions.
Global VNet Peering is now generally available in all Azure Government cloud regions. This means you can peer virtual networks across the Azure Government cloud regions. You cannot peer across Azure Government cloud and Azure public cloud regions.