Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

Plan for Change: Windows 365 Azure Network Connection deployments connected to new VNets

Message ID
MC1239171
View in Message Center
Service
Windows 365
Category
Plan for Change
Tag
Admin impact
Rollout
March 2026

Summary

After March 31, 2026, new Azure VNets used with Windows 365 Azure Network Connection will lack default outbound internet access, requiring explicit outbound connectivity setup (e.g., NAT Gateway) to avoid provisioning failures. Existing VNets and Microsoft hosted network deployments are unaffected. Admins should prepare accordingly.

Details

After March 31st, 2026, newly created Azure Virtual Networks (VNets) will no longer include default outbound internet access.

Windows 365 customers who deploy Cloud PCs using an Azure Network Connection (ANC) connected to a VNet created on or after this date must explicitly configure outbound connectivity for the Cloud PCs.

Windows 365 deployments using Microsoft hosted network (MHN) are not affected.

[How will this affect your organization?]

If your organization deploys Cloud PCs using an Azure Network Connection that is connected to a VNet created on or after March 31, 2026:

  • New VNets will default to private subnets with no outbound internet access.
  • Without an explicitly configured outbound connectivity method (such as a NAT Gateway), Cloud PC provisioning will fail.
  • ANCs using existing VNets created through March 31, 2026, are not impacted and will continue to function with their current outbound configuration.
  • Deployments using Microsoft hosted network (MHN) require no changes.

This change only applies when new VNets are created for Azure Network Connection after March 31, 2026. Existing provisioning policies that use VNets created before this date will continue to work as expected.

[What you need to do to prepare:]

Admins should review their Windows 365 deployment approach and ensure internal teams, including help desks and support staff are aware of this change.

Recommended actions:

  • Use Microsoft hosted network (MHN) where possible. MHN is the recommended deployment option for Windows 365 and includes fully managed outbound connectivity.
  • If continuing to use Azure Network Connection, ensure all new VNets linked in new or existing ANCs include a supported outbound access method:
  • NAT Gateway (recommended)
  • Azure Standard Load Balancer
  • Azure Firewall or a supported third-party Network Virtual Appliance (NVA)*

*NVAs that automatically scale may interrupt persistent connections such as RDP. A direct outbound method like NAT Gateway is preferred.

  • Validate outbound connectivity to ensure Windows 365 service endpoints are reachable and ANC health checks succeed.
  • Review deployment automation (ARM, Bicep, Terraform) to confirm it no longer relies on legacy default outbound access behavior.

[Compliance considerations:]

No compliance considerations identified, review as appropriate for your organization

[Additional Information:]

Azure Default Outbound Access Changes: Guidance for Windows 365 ANC Customers | Microsoft Community Hub

Azure updates | Microsoft Azure 

Change History

Show
Published: February 26, 2026
Last Updated: February 26, 2026
No change history available

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free