Microsoft Azure Security Technologies (AZ-500): Perimeter Security

1. DDoS Protection
2. Azure Firewall
3. Virtual Network Security (VNet)

• Internet Traffic → Azure FW → VNet → On Premise Network.
• VNets can’t communicate with each other unless a Central VNet is configured.

4. VPN Forced Tunneling

• Redirect internet-bound traffic to the company’s on-premise for inspection and auditing.
• For this, you would need site-to-site VPN between on-premise and Azure.

5. User Defined Routes (UDR) and Network Virtual Appliances

• This allows anyone who would like to override Azure’s default system routes, configure your own subnets and control the whole network traffic.