Big news for Azure Local Hybrid customers!
Starting in Azure Local version 2506, we’re excited to announce Public Preview of Software Defined Networking (SDN) enabled by Azure Arc. This release brings cloud-native networking capability of access control at the network layer using Network Security Groups (NSGs) on Azure Local.
Some of the key highlights in this release are:
1- Centralized network management: Manage Logical networks, network interfaces, and NSGs through the Azure control plane – whether your preference is the Azure Portal, Azure Command-Line Interface (CLI) or Azure Resource Manager templates.
2- Fine-grained traffic control: Safeguard your edge workloads with policy-driven access controls by applying inbound and outbound allow/deny rules on NSGs – just as you would in Azure.
3- Seamless hybrid consistency: Reduce operational friction and accelerate your IT staff’s ramp-up on advanced networking skills by using the same familiar tools and constructs across both Azure public cloud and Azure Local.
Software Defined Networking (SDN) forms the backbone of delivering Azure-style networking on-premises. Whether you’re securing enterprise applications or extending cloud-scale agility to your on-premises infrastructure, Azure Local combined with SDN enabled by Azure Arc offers a unified and scalable solution. Try this feature today and let us know how it transforms your networking operations!
What’s New in this Preview?
Here’s what you can do today with SDN enabled by Azure Arc:
✅ Deploy logical networks — use VLAN-backed networks in your datacenter that integrate with SDN enabled by Azure Arc.
✅ Attach VM Network Interfaces — assign static or DHCP IPs to VMs from logical networks.
✅ Apply NSGs - create, attach, and manage NSGs directly from Azure on your logical networks (VLANs in your datacenter) and/or on the VM network interface.  This enables a generic rule set for VLANs, with a crisper rule set for individual Azure Local VM network interface using a complete 5-tuple control: source and destination IP, port and protocol.
✅ Use Default Network Policies — apply baseline security policies during VM creation for your primary NIC. Select well known inbound ports such as HTTP (while we block everything else for you), while still allowing outbound traffic.  Or select an existing NSG you already have!
✅ Run SDN Network Controller as a Failover Cluster service — no VMs required!
All of this is powered by Network Controller running on your Azure Local infrastructure!
SDN enabled by Azure Arc (Preview) vs. SDN managed by on-premises tools?
Choosing Your Path:
Some SDN features like virtual networks (vNETs), Load Balancers (SLBs), and Gateways are not yet supported in the SDN enabled by Azure Arc (Preview).
But good news: you’ve still got options.
If your workloads need those features today, you can leverage SDN managed by on-premises tools:
The SDN managed by on-premises tools continue to provide full-stack SDN capabilities, including SLBs, Gateways, and VNET peering while we actively work on bringing this additional value to complete SDN enabled by Azure Arc feature set.
You must choose one of the modes of SDN management and cannot run in a hybrid management mode mixing the two. Please read this important consideration section before getting started!
Thank You to Our Community
This milestone was only possible because of your input, your use cases, and your edge innovation. We're beyond excited to see what you build next with SDN enabled by Azure Arc.
To try it out, head to the Azure Local documentation
Let’s keep pushing the edge forward. Together.
#AzureLocal #SDN #AzureArc #HybridCloud #EdgeComputing