Security - What's Azure ExpressRoute? An introduction

Azure ExpressRoute provides a more secure and reliable way to connect to resources that are hosted in the Microsoft cloud.

The other week, Taiki Yoshida from Microsoft gave a very interesting on Azure ExpressRoute.

What is Azure ExpressRoute and why would it be useful for Power App and Power Platform users?

What is Azure ExpressRoute, and why would we use it?

Azure ExpressRoute offers a more secure way for companies to connect to the Microsoft cloud, and to access services such as Power Apps, Office 365, SharePoint, Exchange and more. It can also offer more predictable network performance and greater reliability.

Azure ExpressRoute provides a direct route between an organisation and the Microsoft cloud that completely bypasses the public internet. The following diagram from the Microsoft documentation illustrates this very well - the blue path highlights the direct path between a company network and the Microsoft cloud.

ExpressRoute is ideal for organisations that must adhere to strict compliance and regulatory rules. This could include organisations that conduct financial processing activities or organisations that process very sensitive data.

How secure is Power Apps and the Microsoft cloud?

If Azure ExpressRoute provides the highest level of security, does that mean that connecting to the Microsoft cloud outside of ExpressRoute is insecure?

The answer is that Power Apps and the Microsoft cloud is still very secure, even when we access it over the public Internet. It provides the same level of security as we would expect if we were shopping online, or carrying out Internet banking - particularly with the multi-factor authentication that Microsoft 365 provides.

Azure ExpressRoute is designed for use case scenarios where organisations want to completely eliminate any possibility of an attack, by avoiding the public Internet.

How do we set up Azure ExpressRoute?

There are two main steps required to set up Azure ExpressRoute. The first step is to engage a telecoms/network provider to set up the dedicated link between our company network and the Microsoft cloud. In the UK for example, BT (the incumbent telecoms provider) can provide this service.

The list beneath provides a list of companies that can implement this underlying infrastructure, based on country.

Once the underlying infrastructure is set up, we need to take out an Azure ExpressRoute plan with Microsoft. The link beneath shows the pricing details:

When the Azure ExpressRoute setup is complete, we can refer to Taiki's documentation, which provides comprehensive instructions on how to configure the Power Platform for use with ExpressRoute. 


For use case scenarios that require the highest level of security, we can implement connectivity between our company network and the Microsoft cloud using Azure ExpressRoute. This post provided a high-level overview of this type of solution, including how to find out more.
Related posts