Merge pull request #253683 from brianlehr/localbranch

prmerger-automator[bot] · web-flow · commit fd6d95c3ae21 · 2023-10-04T16:22:49.000Z
modified for clarity about default outbound access
diff --git a/articles/load-balancer/load-balancer-outbound-connections.md b/articles/load-balancer/load-balancer-outbound-connections.md
@@ -82,21 +82,10 @@ A public IP assigned to a VM is a 1:1 relationship (rather than 1: many) and imp
 
 :::image type="content" source="./media/load-balancer-outbound-connections/default-outbound-access.png" alt-text="Diagram of default outbound access.":::
 
->[!NOTE]
-> This method is **NOT recommended** for production workloads as it adds risk of exhausting ports. Please refrain from using this method for production workloads to avoid potential connection failures. 
+In Azure, virtual machines created in a virtual network without explicit outbound connectivity defined are assigned a default outbound public IP address. This IP address enables outbound connectivity from the resources to the Internet. This access is referred to as [default outbound access](../virtual-network/ip-services/default-outbound-access.md).  This method of access is **not recommended** as it is insecure and the IP addresses are subject to change.
 
-Default outbound access is when An Azure resource is allocated a minimal number of ports for outbound. This access occurs when the resource meets any of the following conditions:
-
-- doesn't have a public IP associated to it.
-- doesn't have a load balancer with outbound Rules in front of it.
-- isn't part of Virtual Machine Scale Sets flexible orchestration mode.
-- doesn't have a NAT gateway resource associated to its subnet. 
-
-Some other examples of default outbound access are:
-
-- Use of a basic SKU load balancer
-- A virtual machine in Azure (without the associations mentioned above). In this case, outbound connectivity is provided by the default outbound access IP. This IP is a dynamic IP assigned by Azure that you can't control. Default SNAT isn't recommended for production workloads and can cause connectivity failures.
-- A virtual machine in the backend pool of a load balancer without outbound rules. As a result, you use the frontend IP address of a load balancer for outbound and inbound and are more prone to connectivity failures from SNAT port exhaustion.
+>[!Important]
+>On September 30, 2025, default outbound access for new deployments will be retired. For more information, see the [official announcement](https://azure.microsoft.com/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/).  It is reccomended to use one the explict forms of connectivity as shown in options 1-3 above.
 
 ### What are SNAT ports?
 
diff --git a/articles/virtual-network/ip-services/default-outbound-access.md b/articles/virtual-network/ip-services/default-outbound-access.md
@@ -38,6 +38,9 @@ If you deploy a virtual machine in Azure and it doesn't have explicit outbound c
 
 :::image type="content" source="./media/default-outbound-access/default-outbound-access.png" alt-text="Diagram of default outbound access.":::
 
+>[!Important]
+>On September 30, 2025, default outbound access for new deployments will be retired. For more information, see the [official announcement](https://azure.microsoft.com/updates/upgrade-to-standard-sku-public-ip-addresses-in-azure-by-30-september-2025-basic-sku-will-be-retired/).  It is reccomended to use one the explict forms of connectivity discussed below.
+
 ## Why is disabling default outbound access recommended?
 
 * Secure by default
