Skip to main content

Generally Available: Azure Virtual Network default limits increased for NSGs and route tables

· 2 min read
Simon Painter
Simon Painter
Cloud Network Architect - Microsoft MVP

Microsoft has raised the default Azure Virtual Network limits for both Network Security Groups (NSGs) and route tables. This is now generally available, so you get the new limits without opening a support request.

For teams running large hub-and-spoke estates, or anyone segmenting traffic with lots of explicit routes and rules, this removes a common scaling pain. You can keep cleaner designs with fewer workarounds.

The new defaults are 2,000 rules per NSG, up to 6,000 addresses or ports in an NSG rule, 1,000 routes per route table, and 600 route tables per subscription by default.

What it is

This update increases baseline Virtual Network scale limits that many of us hit during growth phases. In plain terms, Azure now gives more room for security policy and routing logic before you need redesigns.

Microsoft announced this as generally available here: Azure Virtual Network updates, default limits increased for NSGs and route tables.

You can also validate the live platform limits in the official limits page: Azure networking limits.

Who should care

If you manage enterprise landing zones, shared services VNets, or centralised inspection patterns, this one matters. These are the environments where NSG and UDR counts can grow quickly.

I also think this helps platform teams that support many app teams. It reduces the need to split resources purely to avoid old ceiling values.

Gotchas and limits

Higher limits do not remove design trade-offs. Very large NSGs can still be harder to review, and giant route tables can still increase operational complexity.

I would still keep policy grouped by purpose, keep naming clear, and avoid overloading single objects just because the limit is higher.

Also remember that related services have their own constraints. Always check adjacent limits before you consolidate too aggressively.

Quick takeaway

This is a useful quality-of-life update for Azure networking. You get more default scale for NSGs and route tables, which gives you cleaner growth paths and fewer forced workarounds.

If you hit old limits in the past, this is a good time to revisit those designs and simplify where it makes sense.