Virtual networks should be protected by Azure Firewall
HIGH
Ensures Azure virtual networks are protected by Azure Firewall for centralized network security and traffic filtering.
What does this mean?
This recommendation ensures that Azure virtual networks route traffic through Azure Firewall, providing centralized network security, threat intelligence-based filtering, and logging of all network flows.
Benefits of implementation
- Centralized network security and traffic inspection
- Threat intelligence-based filtering blocks known malicious traffic
- Full logging and visibility of network flows
Drawbacks and considerations
- Azure Firewall has significant monthly costs
- Adds latency to network traffic
- Requires network architecture changes (hub-spoke or secured virtual hub)
Implementation
Implementation guidance coming soon.
Related recommendations
Related recommendations will be linked here.
Frameworks
Details
- Risk Level
- HIGH
- Category
- Network Security
- Azure Resource
- Frameworks
- 1 frameworks
- Last updated
- 2026-02-12