Announcing the Public Preview of Azure Monitor – Network Security Perimeter Features

Azure Monitor services now extend support to Network Security Perimeter (NSP) features, enabling Azure PaaS resources to communicate securely within a trusted boundary. The integration of NSP features in Azure Monitor services enhances security and monitoring capabilities across 6 Azure cloud regions (East US, East US 2, North Central US, South Central US, West US, West US 2). These features are specifically designed to bolster the security and monitoring of customers' networks. Using NSP features in Azure Monitor services, customers can create a secure and isolated network environment, which is important in today's dynamic threat landscape.

The Network Security Perimeter enables Azure PaaS resources to communicate within a clearly defined and trusted boundary. It aids enterprise customers in securing their PaaS resources from public networks, complementing Private Link connectivity from customer virtual networks. External access is controlled based on network policies defined for all Private Link Resources within a perimeter by specifying inbound and outbound rules.

Azure PaaS Services often run on shared infrastructure for multi-tenant workloads outside customer virtual networks. Customers can secure communications with private endpoint integration, but some scenarios require interaction between services. The Network Security Perimeter (NSP) enables such communication within a trusted boundary, with external access controlled by network policies across all Private Link Resources within the perimeter.

The Azure Network Security Perimeter empowers network administrators to create a logical network isolation boundary for PaaS resources, such as Key Vault, Storage, Cosmos DB, SQL, Azure Monitor deployed outside virtual networks. This ensures that communication is restricted to resources within the perimeter, while public traffic not included in the perimeter is managed through specified inbound and outbound access rules.

Azure Monitor's Log Analytics Workspace and Application Insights are connected to the Network Security Perimeter, which controls inbound and outbound communication based on the established network security rules.

Key benefits of Network Security Perimeter features

• Enhanced Security: NSP allows Azure PaaS resources to communicate within an explicit trusted boundary, limiting external access based on network controls defined across all Private Link Resources within a perimeter. This helps prevent unauthorized access and data exfiltration.

• Granular Access Control: NSP offers the ability to set up inbound and outbound access rules based on IP addresses, subscriptions, or fully qualified domain names (FQDNs). This granular control ensures that only authorized traffic can access the resources within the perimeter.

• Logging and Monitoring: NSP enables logging for resources inside the perimeter, providing visibility into ingress and egress traffic patterns. This helps with auditing and compliance, as well as finding potential security threats.

• Centralized Management: Network administrators can define logical network isolation boundaries and configure common public access controls for multiple PaaS resources using a uniform API and consistent user experience. This centralized management simplifies the process of securing Azure PaaS resources.

• Seamless Integration: NSP integrates with other Azure services, allowing for a unified experience across Azure PaaS resources. This integration ensures that security measures are consistently applied across different services.

• Support for setup involving Multiple Resources: NSP supports complex network setups by allowing multiple Private Link Resources to be associated with a single perimeter. This flexibility is particularly useful for large enterprises with intricate network configurations.

In conclusion, the Network Security Perimeter features in Azure Monitor services offer several key benefits for enhancing the network security in Azure PaaS resources, monitoring, security audit logs, and management of Azure PaaS resources' diagnostics logs settings. These benefits make NSP a valuable tool for organizations looking to enhance their network security posture and ensure the integrity of their data. We expect that the integration of NSP features into Azure Monitor will deliver greater benefits to our customers and the broader Azure community.  

For detailed information on configuring Azure Monitor with a Network Security Perimeter, please refer to the following link: Configure Azure Monitor with Network Security Perimeter.