This article is contributed. See the original author and article here.

Subnet delegation enables you to designate a specific subnet for an Azure PaaS service of your choice that needs to be injected into your virtual network. When you delegate a subnet to Azure Data Explorer, you allow the service to establish some basic network configuration rules for that subnet, which help ADX to operate in a stable manner.


 


cosh23_0-1623408109886.png


 


As a result, ADX adds a set of Network Intent Policies policies which are required for the service to work properly. In the past you had to create all of those Input and Output Network Security Group rules yourself and everytime we had to change some of the IPs you had to change some of them. 


 


cosh23_1-1623408165345.png


 


Benefits



 


Since beginning of June 2021 we are enforcing subnet delegation on the subnet you like to use for ADX. However we are aware of scenarios where customers need to opt-out because of certain requirements (Custom Private Link in the same subnet or company policies in general). For those situations we allow our customer to opt-out using the “preview features” configuration in the Azure portal. If you register for “Azure Data Explorer: opt out of subnet delegation” your ADX service deployments will not enforce subnet delegation to be enabled. 


 


cosh23_1-1623406252411.png


 


 

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.