Skip to main content
Now that you know how to provision an ExpressRoute circuit and choose the correct SKUs, this lesson focuses on one of the most critical topics: configuring peering for ExpressRoute. Peering determines how your on-premises network exchanges traffic with Azure. It directly impacts connectivity, security posture, and access to Microsoft services. Note that ExpressRoute peering is a distinct concept from peering between Azure virtual networks (VNet peering); it addresses different scenarios and operates at a different network layer.
ExpressRoute peering controls how traffic flows between your on-premises network and Azure: who advertises routes, which IP spaces are used (private vs. public), and how BGP sessions are configured. VNet peering, in contrast, links Azure virtual networks internally and does not involve your on-premises edge.
Learning objectives — what you will gain from this module:
  • Learn how to set up private peering — the most common configuration for connecting on-premises networks to Azure VNets — including IP planning and BGP details.
  • Understand Microsoft peering and when it’s needed to reach Microsoft SaaS and certain PaaS services advertised via Microsoft public IP prefixes.
  • Explore BGP route filtering to control accepted/advertised prefixes for improved security and stability across large or multi-region topologies.
The image lists learning objectives related to private and Microsoft peering for secure communication, connecting using public IP prefixes, and controlling BGP routes. It includes four numbered points on a gradient background.
By the end of this module you will have a practical understanding of how ExpressRoute peering works and the exact differences between Private and Microsoft peering, enabling you to design secure, performant connectivity between your on-premises network and Azure. Further reading and references:

Watch Video