What is Azure Virtual Network encryption?

Azure Virtual Network encryption is a feature of Azure Virtual Networks. Virtual network encryption allows you to seamlessly encrypt and decrypt traffic between Azure Virtual Machines by creating a DTLS tunnel.

Virtual network encryption enables you to encrypt traffic between Virtual Machines and Virtual Machines Scale Sets within the same virtual network. Virtual network encryption encrypts traffic between regionally and globally peered virtual networks. For more information about virtual network peering, see Virtual network peering.

Virtual network encryption enhances existing encryption in transit capabilities in Azure. For more information about encryption in Azure, see Azure encryption overview.

Requirements

Virtual network encryption has the following requirements:

Availability

Azure Virtual Network encryption is generally available in all Azure public regions.

Limitations

Azure Virtual Network encryption has the following limitations:

  • In scenarios where a PaaS is involved, the virtual machine where the PaaS is hosted dictates if virtual network encryption is supported. The virtual machine must meet the listed requirements.

  • For Internal load balancer, all virtual machines behind the load balancer must be a supported virtual machine SKU.

  • AllowUnencrypted is the only supported enforcement at general availability. DropUnencrypted enforcement will be supported in the future.

Next steps