Skip to content

Commit 4892710

Browse files
authored
Merge pull request #280996 from halkazwini/vnet-encrypt2
Supported scenarios
2 parents bc2b28b + 62b930b commit 4892710

File tree

1 file changed

+19
-5
lines changed

1 file changed

+19
-5
lines changed

articles/virtual-network/virtual-network-encryption-overview.md

Lines changed: 19 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,8 @@ ms.service: virtual-network
66
author: asudbring
77
ms.author: allensu
88
ms.topic: overview
9-
ms.date: 05/06/2024
10-
ms.custom: template-overview, references_regions
9+
ms.date: 07/18/2024
10+
ms.custom: references_regions
1111
# Customer intent: As a network administrator, I want to learn about encryption in Azure Virtual Network so that I can secure my network traffic.
1212

1313
---
@@ -55,10 +55,24 @@ Azure Virtual Network encryption has the following limitations:
5555

5656
- **AllowUnencrypted** is the only supported enforcement at general availability. **DropUnencrypted** enforcement will be supported in the future.
5757

58-
- Virtual networks with encryption enabled do not support [Azure DNS Private Resolver](/azure/dns/dns-private-resolver-overview).
58+
- Virtual networks with encryption enabled don't support [Azure DNS Private Resolver](/azure/dns/dns-private-resolver-overview).
5959

60-
## Next steps
60+
## Supported scenarios
6161

62-
- For more information about Azure Virtual Networks, see [What is Azure Virtual Network?](/azure/virtual-network/virtual-networks-overview)
62+
Virtual network encryption is supported in the following scenarios:
6363

64+
| Scenario | Support |
65+
| --- | --- |
66+
| VMs in the same virtual network (including virtual machine scale sets and their internal load balancer) | Supported on traffic between VMs from these [SKUs](#requirements). |
67+
| Virtual network peering | Supported on traffic between VMs across regional peering. |
68+
| Global virtual network peering | Supported on traffic between VMs across global peering. |
69+
| Azure Kubernetes Service (AKS) | - Supported on AKS using Azure CNI (regular or overlay mode), Kubenet, or BYOCNI: node and pod traffic is encrypted.<br> - Partially supported on AKS using Azure CNI Dynamic Pod IP Assignment (podSubnetId specified): node traffic is encrypted, but pod traffic isn't encrypted.<br> - Traffic to the AKS managed control plane egresses from the virtual network and thus isn't in scope for virtual network encryption. However, this traffic is always encrypted via TLS. |
6470

71+
> [!NOTE]
72+
> Other services that currently don't support virtual network encryption are included in our future roadmap.
73+
74+
## Related content
75+
76+
- [Create a virtual network with encryption using the Azure portal](how-to-create-encryption-portal.md).
77+
- [Virtual network encryption frequently asked questions (FAQ)](virtual-network-encryption-faq.yml).
78+
- [What is Azure Virtual Network?](virtual-networks-overview.md)

0 commit comments

Comments
 (0)