Announcing new educator preview features in the AI-powered Reading Coach
April 30, 2025Placeholders get a makeover in PowerPoint
April 30, 2025
What is virtual network TAP?
Virtual network TAP allows customers continuously stream virtual machine network traffic to a network packet collector or analytics tool. Many security and performance monitoring tools rely on packet-level insights that are difficult to access in cloud environments. Virtual network TAP bridges this gap by integrating with our industry partners to offer:
- Enhanced security and threat detection: Security teams can inspect full packet data in real-time to detect and respond to potential threats.
- Performance monitoring and troubleshooting: Operations teams can analyze live traffic patterns to identify bottlenecks, troubleshoot latency issues, and optimize application performance.
- Regulatory compliance: Organizations subject to compliance frameworks such as Health Insurance Portability and Accountability Act (HIPAA), and General Data Protection Regulation (GDPR) can use virtual network TAP to capture network activity for auditing and forensic investigations.
Why use virtual network TAP?
Unlike traditional packet capture solutions that require deploying additional agents or network appliances, virtual network TAP leverages Azure’s native infrastructure to enable seamless traffic mirroring without complex configurations and without impacting the performance of the virtual machine. A key advantage is that mirrored traffic does not count towards virtual machine’s network limits, ensuring complete visibility without compromising application performance. Additionally, virtual network TAP supports all Azure virtual machine SKU.
Deploying virtual network TAP
The portal is a convenient way to get started with Azure virtual network TAP. However, if you have a lot of Azure resources and want to automate the setup you may want to use a PowerShell, CLI, or REST API.
Add a TAP configuration on a network interface that is attached to a virtual machine deployed in your virtual network. The destination is a virtual network IP address in the same virtual network as the monitored network interface or a peered virtual network. The collector solution for virtual network TAP can be deployed behind an Azure Internal Load balancer for high availability.
You can use the same virtual network TAP resource to aggregate traffic from multiple network interfaces in the same or different subscriptions. If the monitored network interfaces are in different subscriptions, the subscriptions must be associated to the same Microsoft Entra tenant. Additionally, the monitored network interfaces and the destination endpoint for aggregating the TAP traffic can be in peered virtual networks in the same region.
Partnering with industry leaders to enhance network monitoring in Azure
To maximize the value of virtual network TAP, we are proud to collaborate with industry-leading security and network visibility partners. Our partners provide deep packet inspection, analytics, threat detection, and monitoring solutions that seamlessly integrate with virtual network TAP:
Network packet brokers
|
Partner |
Product |
|
Gigamon |
|
|
cPacket |
|
|
Keysight |
Security analytics, network/application performance management
|
Partner |
Product |
|
Darktrace |
|
|
Netscout |
|
|
Corelight |
|
|
LinkShadow |
LinkShadow NDR |
|
Fortinet |
|
|
TrendMicro |
|
|
Extrahop |
|
|
Bitdefender |
|
|
eSentire |
|
|
Vectra |
|
|
AttackFence |
|
|
Arista Networks |
Get started with virtual network TAP
To learn more and get started, visit our website.
We look forward to seeing how you leverage virtual network TAP to enhance security, performance, and compliance in your cloud environment. Stay tuned for more updates as we continue to refine and expand on our feature set!