AVD Networking

[jbyway]

Would recommend updated section on networking. We've made some further updates on the product and now have the following updated guidance that simplifies setup and maintenance but can improve security.

https://docs.microsoft.com/en-us/azure/firewall/protect-azure-virtual-desktop?context=/azure/virtual-desktop/context/context

I updated our required URL list yesterday to now note the supersedence of 6 wildcard FQDNs (marked now as optional) having been replaced by the new *.prod.warm.ingest.monitor.core.windows.net endpoint. Suggest the inclusion on your table to show the Service Tags for each field. https://docs.microsoft.com/en-us/azure/virtual-desktop/safe-url-list#azure-public-cloud

We've also recently launched into GA the ability to use Service Tags to route table (UDR) rules. This allows you to have AVD traffic go direct to the Azure fabric while still sending other traffic through your default routes without having to use IP subnets which was necessary previously. Service Tags are updated well in advance of new subnets being added and if subnets are retired they are kept reserved for a period after to prevent issues and is recommended for AVD where possible. https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview#service-tags-for-user-defined-routes

[oobedan]

Thanks @jbyway. Will integrate these updates.