![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(195.2, 68%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECH%3C/text%3E%3C/svg%3E)
Azure DNS
An Azure service that enables hosting Domain Name System (DNS) domains in Azure.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 71%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGP%3C/text%3E%3C/svg%3E)
Hello Chad Hendry
To clarify, Microsoft is not retiring default outbound internet access for Azure VMs and VNets right now. The current plan is for the change to take effect for newly created virtual networks (VNets) using API versions released after March 31, 2026. This means that any newly created VNets after this date must use an explicit outbound connectivity method.The options you can use are:
- Azure NAT Gateway is a highly recommended method as it provides scalable and reliable outbound connectivity for your VMs, and Azure Load Balancer Outbound Rules is a method that allows you to configure outbound rules for VMs that are part of a backend pool - https://techcommunity.microsoft.com/t5/marketplace-blog/how-to-handle-the-2025-change-to-azure-vm-internet-access/ba-p/4021442
- Directly Attached Azure Public IP Address will help in assigning a public IP address directly to the VM
- Without these explicit methods, the VMs will not be able to reach external services. If you have existing VMs that rely on default outbound access, they will continue to work, but it's advisable to transition them to one of the explicit methods for better control and reliability - https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access
NOTE: The outbound access is controlled based on the resource metadata.
As for existing VMs and VNets, they won't be affected immediately, so you’re good for now! However, it’s highly recommended to plan for a transition to explicit outbound methods before the deadline to ensure a smooth experience in the future.
If you're looking for potential impacts related to Azure gov failures and how it might connect to this change, please note that this deprecation is specifically oriented towards future configurations and should not affect existing setups immediately.
After March 31, 2026, new virtual networks will default to using private subnets, meaning that an explicit outbound method must be enabled in order to reach public endpoints on the internet and within Microsoft. For more information, see the official announcement.
Reference Articles:
- https://learn.microsoft.com/en-us/answers/questions/2337121/retirement-default-outbound-access-for-vms-in-azur
- https://azure.microsoft.com/en-us/updates?id=default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access
- https://learn.microsoft.com/en-us/answers/questions/2238361/default-outbound-access-for-vms-in-azure-will-be-r
I hope this was helpful!
If the above is unclear or you are unsure about something, please add a comment below.
If these answers your query, do click the "Upvote" and click "Accept the answer" of which might be beneficial to other community members reading this thread.