Discover and evaluate encrypted network traffic

Implementation Effort: High

User Impact: Medium

Overview

Discover and evaluate encrypted network traffic by first enabling NSG Flow Logs and ingesting them into Traffic Analytics to quantify all TLS sessions (typically on port 443) traversing both north–south and east–west paths. Use Azure Network Watcher’s packet-capture feature on critical subnets or NICs to inspect TLS handshakes—verifying versions, cipher suites, and Server Name Indication (SNI)—and to ensure that encrypted flows map to expected application endpoints. Correlate these findings with your known service inventory to identify high-volume or anomalous encrypted traffic, laying the groundwork for deploying Azure Firewall Premium’s TLS inspection capability in the next step.

Reference

• NSG Flow Logs overview
• Traffic Analytics overview
• Network Watcher packet capture
• Azure Firewall Premium TLS inspection