I recently noticed a warning on my Azure virtual machines stating: "Your VM has a default outbound IP, which is insecure and will no longer be assigned by default for new subnets after March 2026." The linked article mentions Advisor recommendations, but I couldn't find any recommendations for my VMs. I also tried setting a subnet to private on the VM hosting Azure Virtual Desktop, but that restricted user access, so I reverted that change. Can someone clarify if I need to take action now? Will my VMs maintain their internet access, especially for Bastion and Remote Desktop sessions, as I rely on them heavily?
3 Answers
Default outbound internet access for VMs will change soon. This means you'll need to take action to maintain access for updates and services. A NAT Gateway is the easiest recommended option, aside from using Azure Firewall.
You should implement a proper outbound method for your VMs, like a NAT Gateway or Load Balancer. This is crucial as outbound internet access will not be available by default anymore. Public IPs per VM aren't the best long-term solution. You can check this guide for more info.
[Learn About NAT Gateways](https://learn.microsoft.com/en-us/azure/nat-gateway/nat-overview)
Existing virtual networks are safe; only new ones will be affected by this change. So you shouldn't have to worry about your current setup.
Thanks for the explanation! But I'm new to this, and the options sound intimidating. If I do nothing, will my existing VMs still have outbound access for services like Bastion or AVD?