Gateway Transit is supported for Global VNet Peering in all Azure public regions, Azure China regions, and Azure Government regions.
Gateway Transit enables you to use a peered virtual network's gateway instead of creating a new gateway for connectivity. As you increase your workloads in Azure, you need to scale your networks across regions and virtual networks to keep up with the growth. VNet peering's Gateway Transit can help simplify your network architecture.
Public preview for virtual network service endpoint policies for Azure Storage was expanded to four new US regions on March 25. The full list of regions is:
East US 2
North Central US
South Central US
West Central US
West US 2
oday we are excited to launch two new key capabilities to Azure Firewall.
Threat intelligence based filtering
Service tags filtering
Azure Firewall is a cloud native firewall-as-a-service offering which enables customers to centrally govern all their traffic flows using a DevOps approach. The service supports both application (such as *.github.com), and network level filtering rules. It is highly available and auto scales as your traffic grows.
Global VNet Peering now supports Standard Load Balancer. Previously, resources in one virtual network could not communicate with the front-end IP address of an internal load balancer over a globally peered connection. The virtual networks needed to be in the same region. With this announcement, this is no longer the case. You can communicate with the internal IP address of a Standard Load Balancer instance across regions from resources deployed in a globally peered virtual network. This support is in all Azure regions, including Azure China and Azure Government regions.
Global VNet Peering is now generally available in all Azure Government cloud regions. This means you can peer virtual networks across the Azure Government cloud regions. You cannot peer across Azure Government cloud and Azure public cloud regions.
Global VNet Peering is now generally available in all Azure China cloud regions. This means you can peer virtual networks across the China cloud regions. You cannot peer across Azure China and Azure public cloud regions.
Virtual network peering is now available for virtual networks that belong to subscriptions in different Azure Active Directory tenants. Virtual network peering enables direct VM-to-VM connectivity across virtual machines deployed in different virtual networks using the Microsoft backbone.
We are announcing preview of the first native distributed network TAP available in any public cloud. Azure Virtual Network TAP provides continuous mirroring of virtual machine network traffic to a packet collector without using agents.
Azure Firewall, now GA, offers fully stateful network and application level traffic filtering for VNet resources, with built-in high availability and cloud scalability delivered as a service. Customers can protect their VNets by filtering Outbound, Inbound, Spoke-Spoke, VPN and ExpressRoute traffic. Connectivity policy enforcement is supported across multiple VNets and Azure subscriptions. Centralized logging using Azure Monitor, allows you to archive logs to a storage account, stream events to your Event Hub, or send them to Log Analytics or your SIEM of choice. Azure Firewall supports FQDN Tags to allow traffic to well-known Microsoft Services (e.g. ASE, Azure Backup and Windows Update) and Destination NAT configuration.
Azure VNet service endpoint policies enable you to prevent unauthorized access to Azure service resources from your virtual network. Endpoint policies provide more granular control over the Network Security Group (NSG) service tags. You can allow access to only specific Azure service resources (e.g. Azure Storage accounts), using service endpoint policies. The feature is available in preview for Azure Storage.