Q3 2025 default Internet outbound access retired - MS CDN still available for Azure Virtual Desktop liek Windows Update, Office Updates, general AVD Services etc.?

Dav 46 Reputation points
2024-10-31T09:31:41.2033333+00:00

September 2025, the Default Internet Outbound for new VMS is switched off. Would these VMS still reach the MS CDN network, Winupdates, Azure Virtual Desktop Service? Or can these services only be reached without NAT GW, for example?

I am not entirely clear that.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,577 questions
Azure Content Delivery Network
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,624 questions
{count} votes

Accepted answer
  1. Sina Salam 14,616 Reputation points
    2024-10-31T20:55:35.2466667+00:00

    Hello Dav,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    I understand that you would like to know or established fact about Q3 2025 default Internet outbound access retired - MS CDN still available for Azure Virtual Desktop such as Windows Update, Office Updates, general AVD Services etc.

    Starting September 30, 2025, new virtual machines (VMs) in Azure will no longer have default outbound internet access. This means that for these VMs to access the internet, including services like the Microsoft Content Delivery Network (CDN), Windows Updates, and Azure Virtual Desktop Service, you'll need to use explicit outbound connectivity methods.

    The options you can use are:

    1. Azure NAT Gateway is a highly recommended method as it provides scalable and reliable outbound connectivity for your VMs, and Azure Load Balancer Outbound Rules is a method that allows you to configure outbound rules for VMs that are part of a backend pool - https://techcommunity.microsoft.com/t5/marketplace-blog/how-to-handle-the-2025-change-to-azure-vm-internet-access/ba-p/4021442
    2. Directly Attached Azure Public IP Address will help in assigning a public IP address directly to the VM
    3. Without these explicit methods, the VMs will not be able to reach external services. If you have existing VMs that rely on default outbound access, they will continue to work, but it's advisable to transition them to one of the explicit methods for better control and reliability - https://azure.microsoft.com/en-us/updates/default-outbound-access-for-vms-in-azure-will-be-retired-transition-to-a-new-method-of-internet-access

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.


    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.