How does Azure Virtual Network Manager work?
Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. Then you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once.
During the creation process, you define the scope for what your Azure Virtual Network Manager will manage. Defining a scope requires a management group to be created. After defining the scope, you enable features such as Connectivity and the SecurityAdmin role for your Virtual Network Manager.
After you deploy the Virtual Network Manager instance, you then create a network group by using conditional statements to select virtual networks by name, tags, or IDs (dynamic membership). You can also select specific virtual networks (static membership). The network group rules defined are reflected in Azure Policy as a custom initiative definition and corresponding assignment that illustrate the rules you defined for virtual network membership. For more information about Azure Policy initiatives, see Azure Policy initiative structure. These policies are available in read-only mode today. For more information about how to create, update, and delete these policies, see Network groups and Azure Policy. You then create connectivity and/or security configuration(s) applied to those network groups based on your topology and security needs.
A connectivity configuration enables you to create a mesh or a hub-and-spoke network topology. A security configuration allows you to define a collection of rules that you can apply to one or more network groups at the global level. Once you’ve created your desired network groups and configurations, you can deploy the configurations to any region of your choosing.
Centrally manage connectivity and security policies globally across regions and subscriptions.
Enable transitive communication between spokes in a hub-and-spoke configuration without the complexity of managing a mesh network.
Highly scalable and highly available service with redundancy and replication across the globe.
Ability to create global network security rules that override network security group rules.
Low latency and high bandwidth between resources in different virtual networks using virtual network peering.
Roll out network changes through a specific region sequence and frequency of your choosing.
North Central US
West US 2
East US 2