{"id":"azure-network-isolation-infrastructure-to-paas","text":"Azure provides end-to-end network isolation from infrastructure to individual PaaS instances: the zero-trust infrastructure stack (default-deny LB + NSG dual filtering + infrastructure IP preservation) secures the VNet perimeter, while Private Link (backbone routing + per-resource mapping + private DNS) extends isolation to individual service instances with no public internet traversal.","truth_value":"OUT","source":"","source_url":"","source_hash":"","justifications":[],"dependents":[],"metadata":{"_retracted":true},"explanation":{"steps":[{"node":"azure-network-isolation-infrastructure-to-paas","truth_value":"OUT","reason":"retracted premise"}]}}