Share via

All Azure traffic is being froce tunnel on-prem before going to the internet, however, I want traffic destined to Microsoft services such as intune to go directly to the internet. How is this achievable?

ALBERT SITATI 25 Reputation points
2023-08-07T17:47:17.2833333+00:00

I'm force tunneling my Azure traffic to the internet to on-prem. I want to enroll my VMs to Intune however I don't want traffic destined to Microsoft services (such as Intune) to go on-prem first. The on-prem is advertising routes to virtual gateway via BGP.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,716 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. msrini-MSFT 9,291 Reputation points Microsoft Employee
    2023-08-19T16:50:15.1166667+00:00

    Hi,

    You can add a Route table with a rule where you can use service tags which states, if the destination is <Service tag> next hop internet.

    By doing this, you can route the traffic from Azure VNET to Internet for the service tag IPs, and rest of the traffic will go to On-Prem.

    Note: Not all the services are available in Service Tags in UDR. I don't see Intune in here yet.

    User's image

    Regards,

    Karthik Srinivas

    0 comments
  2. ALBERT SITATI 25 Reputation points
    2023-08-20T12:43:48.1933333+00:00

    Wanted to go this way but I equally noticed that there is no service tag for Intune. However, I just created a route table with routes to channel traffic from my specific VMs to internet. It achieved my goal though it was a tiresome experience as the routes were too many.

    Thank you for your help though.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.