![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 19%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVP%3C/text%3E%3C/svg%3E)
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
7,480 questions
Hello @Vivek Pathak ,
I understand that you would like to know if traffic between Microsoft Edge Router and Azure is encrypted in a normal Expressroute circuit or not. If not, then how to encrypt it without using IPSec.
By default, traffic over an ExpressRoute connection is not encrypted.
ExpressRoute supports a couple of encryption technologies to ensure confidentiality and integrity of the data traversing between your network and Microsoft's network.
- IPSec VPN over Private peering --> which you don't want to do.
- MACsec for ExpressRoute Direct ports:
https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-howto-macsec
Refer: https://video2.skills-academy.com/en-us/azure/expressroute/expressroute-about-encryption
MACsec with ExpressRoute Direct provides point-to-point encryption between your device and Microsoft device. So, in this case all traffic such as BGP control traffic, Private peering traffic, MS peering traffic - which includes PaaS service traffic as well, gets encrypted using MACsec keys.
MACsec encrypts all traffic on a physical link with a key owned by one entity (for example, customer). Therefore, it's available on ExpressRoute Direct only.
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.