Azure Partners: Introduction to Azure Network Watcher

In the world of IT operations and support, when something’s not working right, suspicion usually lands on the network. This happens for a variety of reasons. Application owners are often not technically informed about the network infrastructure layer, or the specifics of the communication requirements their application has. In many cases, they feel that because it worked as expected in their sandbox, there’s no reason it shouldn’t work in production, and it must be network.

In on-premises environments, the network blame game can be tough to address. Add a hybrid data center environment that’s using Microsoft Azure for one or more components, and the mysteries of cloud networking and communication increase the complexity.

IT pros have had access to tools that help them troubleshoot and diagnose problems by performing packet captures with network monitoring tools, troubleshooting communication flow with router/switch/firewall management interfaces, verifying network access rules by analyzing firewall logs, and a variety of other methods to inspect communications.

With Azure, customers and partners won’t have access to the underlying fabric to directly apply these tools as they do on-premises.

To address this need, Microsoft released Azure Network Watcher, a service that monitors, diagnoses, and provides insights to a network’s performance and health. On the next Azure Partners call on June 8, we’ll be joined by the Azure Networking Global Black Belt team to discuss Network Watcher and demonstrate its capabilities.

Sign up for the June 8 partner call

Azure Network Watcher features and capabilities


Provides a network level view showing the various interconnections and associations between network resources in a resource group.

Learn more

Variable packet capture

Captures packet data in and out of a virtual machine. Advanced filtering options and fine-tuned controls such as being able to set time and size limitations provide versatility. The packet data can be stored in a blob store or on the local disk in .cap format.

Learn more

IP flow verify

Checks if a packet is allowed or denied based on these flow information packet parameters: Destination IP, Source IP, Destination Port, Source Port, and Protocol. If the packet is denied by a security group, the rule and group that denied the packet is returned.

Learn more

Next hop

Determines the next hop for packets being routed in the Azure Network Fabric, enabling you to diagnose any misconfigured user-defined routes.

Learn more

Security group view

Gets the effective and applied security rules that are applied on a virtual machine.

Learn more

Network Security Group flow logging

Flow logs for Network Security Groups enable you to capture logs related to traffic that are allowed or denied by the security rules in the group. The flow is defined by a 5-tuple information – Source IP, Destination IP, Source Port, Destination Port, and Protocol.

Learn more

Virtual Network gateway and Connection troubleshooting

Provides the ability to troubleshoot Virtual Network gateways and Connections.

Learn more

Network subscription limits

Enables you to view network resource usage against limits.

Learn more

Configuring diagnostics log

Provides a single pane to enable or disable diagnostics logs for network resources in a resource group.

Learn more

The partner opportunity

The networking aspects of Microsoft Azure are certain to play a role in delivering your solutions. Use the resources below to become knowledgeable about Network Watcher so you can address the complexities of hybrid cloud infrastructure and network operations and respond to customer concerns. Explaining the insights that Network Watcher provides will help you reassure your customer that have you visibility and transparency into Azure networking, and increase their confidence in using Azure for their line-of-business applications – regardless of complexity.

Azure Infrastructure and Management Partner Community