General availability: New capabilities in Network Watcher Diagnostic tools to evaluate AVNM Security rules
Published date: December 01, 2021
Azure Virtual Network Manager (AVNM) is a management service that enables users to group, configure, deploy, and manage Virtual Networks globally across subscriptions. AVNM security configuration allows users to define a collection of rules that can be applied to one or more network security groups at the global level. These security rules have a higher priority than network security group (NSG) rules.
Two tools in Network Watcher Diagnostics have been updated to support AVNM rules:
- IP Flow Verify: IP Flow Verify diagnostic tool allows the customer to check if a packet is allowed or denied to or from a Virtual Machine. Earlier this tool used to evaluate Network Security Group rule associated with subnet as well as NIC to determine the traffic filter problem. Now with this integration, it will also evaluate the AVNM security rules applicable to a Virtual Machine.
- Effective security rules: Effective security rule’s view returns all the configured NSGs and rules that are associated at a NIC for a virtual machine providing insight into the configuration. With this integration you will also have visibility on the AVNM security rules that will get applied.