GA of NSP for Azure Service Bus & NSP now available in Azure Gov. Regions
TL; DR
Network Security Perimeter (NSP) support for Azure Service Bus is now Generally Available. With this, you can now place your Service Bus namespace inside a central security boundary and apply perimeter-based governance for inbound/outbound network access—while keeping key PaaS-to-PaaS scenarios secure and auditable.
Introduction
We’re excited to announce that Network Security Perimeter (NSP) support for Azure Service Bus is now Generally Available (GA).
This milestone brings one of Azure’s most widely used messaging services into the NSP ecosystem, enabling customers to define a centralized security boundary across messaging and data services.
Alongside this, we are also expanding NSP’s reach — NSP is now available in Azure Government regions, including:
- Texas
- Arizona
- Virginia
- DoD East
- DoD Central
This ensures that customers operating in regulated, sovereign, and mission-critical environments can adopt NSP while meeting their compliance and regional requirements.
Why this matters?
Modern applications rely heavily on messaging layers like Service Bus. These systems often connect microservices, data platforms, key management systems and external integrations. As architectures scale, managing network access individually becomes complex and error prone.
NSP changes this by introducing a perimeter-based access model, where:
- Communication is restricted by default
- Access must be explicitly allowed
- Governance is applied consistently across services
With Service Bus now onboarded and NSP extending into Azure Gov regions, customers can apply this model across both commercial and sovereign environments.
What you can do with Service Bus + NSP
Confine communication within a security boundary
Service Bus namespaces communicate only with resources inside the perimeter by default—blocking unintended access.
Secure PaaS-to-PaaS communication
Enable secure interactions between Service Bus, Azure Key Vault (for CMK scenarios) and other NSP-enabled services (What is a network security perimeter? - Azure Private Link | Microsoft Learn)
Define explicit access controls
- Inbound rules → IP ranges and subscriptions
- Outbound rules → FQDN-based filtering
Enable audit and compliance visibility
Diagnostic logs capture all access attempts, supporting compliance and investigation workflows.
Use Private Link seamlessly
Private endpoint traffic continues to work without additional configuration inside the perimeter.
Azure Government Availability
With this update, NSP is now available in key Azure Government regions (Texas Arizona Virginia DoD East DoD Central), enabling:
Consistent security across clouds
Apply the same NSP model across public Azure regions and Azure Government environments.
Support for regulated workloads
Customers in federal, defence, and highly regulated industries can now:
- Enforce perimeter-based governance
- Reduce exposure risks
- Meet compliance requirements
Enable secure cross-service patterns in Gov clouds
Azure Government boundaries now support scenarios like:
- CMK with Key Vault
- Service-to-service messaging
- Controlled external access
More details of onboarded PaaS services are detailed in What is a network security perimeter? - Azure Private Link | Microsoft Learn
What’s next
Service Bus GA further strengthens NSP’s growing coverage across Azure PaaS services. We will continue to:
- Expand PaaS service onboarding
- Improve access rule capabilities (e.g. Service tag-based access, identity-based access)
What's Your Reaction?
Like
0
Dislike
0
Love
0
Funny
0
Wow
0
Sad
0
Angry
0
Comments (0)