“Due to several issues with the solution, Microsoft is discontinuing support for Virtual Network Injection for Azure Data Explorer customers.

Microsoft announces that it is retiring Virtual Network Injection for Azure Data Explorer. This feature allowed customers to encapsulate their Azure Data Explorer cluster into their own virtual network and manage inbound and outbound network traffic.

Limitations and challenges

Virtual Network Injection introduced several maintenance issues, such as updating firewall lists and using public IP addresses in secure environments. Customers had to take care of intra-cluster communication, which required a dedicated subnet per cluster. This often led to subnet exhaustion and increased management complexity. In addition, the feature did not support cross-region or cross-subscription scenarios, limiting scalability and flexibility.

Microsoft therefore recommends that customers move to a network security architecture based on private endpoints that establish a secure and private connection to a service using Azure Private Link. This also means that the service effectively enters the virtual network using a private IP address.

Microsoft points out the following advantages of this approach:

• Connect securely to Azure Data Explorer from your virtual network or on-premises networks using VPN or ExpressRoute.
• Access Azure Data Explorer from different regions or subscriptions without exposure to the public internet.
• Get all the features of Azure Data Explorer without limitations or compromises.
• Reduce network complexity and management by using one subnet for multiple clusters and services.

Migrate quickly

From now on, new customers will not be able to create virtual network-injected clusters. Existing customers can continue to use their clusters until the migration date. Starting February 1, 2025, all running virtual network-injected clusters will be stopped. Customers who have not yet migrated will not be able to restart their clusters until the migration is complete. Microsoft has worked out a migration process that would not cause major downtime.