[German]From September 30, 2025 Microsoft intends to discontinue the standard connectivity of outbound connections for VMs in Azure and switch to new methods.
Virtual machines created in a virtual network without a defined explicit outbound method have so far been assigned a public default IP address in Microsoft Azure. This allows the VM to access the public network and other endpoints (the internet). Microsoft has described this in more detail in the article Default outbound access in Azure.
But this will come to an end on September 30, 2025, as Microsoft is ending this fallback option for security reasons. Microsoft has revealed further details in the support article Default outbound access in Azure.
After September 30, 2025, new virtual networks in Azure will require explicit outbound access methods by default instead of having a fallback to the default outbound access connectivity. All virtual machines that require public endpoint access will need to use explicit outbound connectivity methods such as Azure NAT Gateway, Azure Load Balancer outbound rules, or a directly connected Azure public IP address.
All virtual machines (existing or newly created) in existing VNETs using the default outbound access will continue to work after this change. However, it is strongly recommended to switch to an explicit outbound method so that:
- Microsoft's workloads are not impacted by changes to the public IP address.
- Administrators have more control over how their VMs connect to public endpoints.
- VMs use traceable IP resources owned by the user or organization.
To ensure more controllable and traceable internet connections, convert all existing VMs that rely on standard outbound access to an explicit method of connectivity.
If the VMs are deployed on Azure Cloud Services (extended support), they are not affected and administrators do not need to take any action. The Register has conducted an interview with Aviatrix CPO Chris McHenry on this topic here.
