Working with Microsoft, we determined that there is no BGP community for Azure’s Application Insights. As a result, I’ve created a feedback request for Microsoft to consider doing just that.
Without this BGP community, you can’t route all Application Insights traffic across an ExpressRoute connection without routing for the entire region, something you may not want to do. Other offerings do have their communities, and I mention a few in the feedback request.
Some may ask, “What’s the risk?” Yes, the connection to Application Insights is encrypted. So it’s not so much about a security risk unless you have compliance requirements to keep traffic contained. Really, the risk is more about performance. For instance, we observed that when Application Insights routes over the Internet, sometimes the path chosen is less than ideal because a different region ends up being routed to based on DNS resolution. For instance, Microsoft observed cases where Application Insights traffic did not go to IPs within the region where Application Insight resources are provisioned (such as to West US when Application Insights was provisioned to Central US).