Edit

Share via

Create a virtual network with encryption using the Azure portal

  • Article

Azure Virtual Network encryption is a feature of Azure Virtual Network. Virtual network encryption allows you to seamlessly encrypt and decrypt internal network traffic over the wire, with minimal effect to performance and scale. Azure Virtual Network encryption protects data traversing your virtual network virtual machine to virtual machine and virtual machine to on-premises.

Prerequisites

Create a virtual network

The following procedure creates a virtual network with a resource subnet.

  1. In the portal, search for and select Virtual networks.

  2. On the Virtual networks page, select + Create.

  3. On the Basics tab of Create virtual network, enter or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select Create new.
    Enter test-rg in Name.
    Select OK.
    Instance details
    Name Enter vnet-1.
    Region Select East US 2.

    Screenshot of Basics tab of Create virtual network in the Azure portal.

  4. Select Next to proceed to the Security tab.

  5. Select Next to proceed to the IP Addresses tab.

  6. In the address space box in Subnets, select the default subnet.

  7. In Edit subnet, enter or select the following information:

    Setting Value
    Subnet details
    Subnet template Leave the default Default.
    Name Enter subnet-1.
    Starting address Leave the default of 10.0.0.0.
    Subnet size Leave the default of /24(256 addresses).

    Screenshot of default subnet rename and configuration.

  8. Select Save.

  9. Select Review + create at the bottom of the screen, and when validation passes, select Create.

Important

Azure Virtual Network encryption requires supported virtual machine SKUs in the virtual network for traffic to be encrypted. The setting dropUnencrypted will drop traffic between unsupported virtual machine SKUs if they are deployed in the virtual network. For more information, see Azure Virtual Network encryption requirements.

Enable encryption

Use the following steps to enable encryption for a virtual network.

  1. In the search box at the top of the portal, begin typing Virtual networks. When Virtual networks appears in the search results, select it.

  2. Select vnet-1.

  3. In the Overview of vnet-1, select the Properties tab.

  4. Select Disabled next to Encryption:

    Screenshot of properties of the virtual network.

  5. Select the box next to Virtual network encryption.

  6. Select Save.

Verify encryption enabled

  1. In the search box at the top of the portal, begin typing Virtual networks. When Virtual networks appears in the search results, select it.

  2. Select vnet-1.

  3. In the Overview of vnet-1, select the Properties tab.

  4. Verify that Encryption is set to Enabled.

    Screenshot of properties of the virtual network with encryption enabled.

Clean up resources

When you finish using the resources that you created, you can delete the resource group and all its resources:

  1. In the Azure portal, search for and select Resource groups.

  2. On the Resource groups page, select the test-rg resource group.

  3. On the test-rg page, select Delete resource group.

  4. Enter test-rg in Enter resource group name to confirm deletion, and then select Delete.

Next steps