Create User-Defined Routes (UDRs) in Azure Virtual Network Manager
In this article, you learn how to deploy User-Defined Routes (UDRs) with Azure Virtual Network Manager in the Azure portal. UDRs allow you to describe your desired routing behavior, and Virtual Network Manager orchestrates UDRs to create and maintain that behavior. You deploy all the resources needed to create UDRs, including the following resources:
Virtual Network Manager instance
Two virtual networks and a network group
Routing configuration to create UDRs for the network group
Important
User-defined routese management with Azure Virtual Network Manager is in public preview. Public previews are made available to you on the condition that you agree to the Supplemental Terms of Use for Microsoft Azure Previews. Some features might not be supported or might have constrained capabilities. This preview version is provided without a service level agreement, and it's not recommended for production workloads.
Important
Azure Virtual Network Manager is generally available for hub-and-spoke connectivity configurations and security configurations with security admin rules. Mesh connectivity configurations remain in preview.
This preview version is provided without a service-level agreement, and we don't recommend it for production workloads. Certain features might not be supported or might have constrained capabilities. For more information, see Supplemental Terms of Use for Microsoft Azure Previews.
Prerequisites
An Azure account with an active subscription. Create an account for free.
You need to have the Network Contributor Role for the scope that you want to use for your virtual network manager instance.
Create a Virtual Network Manager instance
In this step, you deploy a Virtual Network Manager instance with the defined scope and access that you need.
Sign in to the Azure portal.
Select + Create a resource and search for Network Manager. Then select Network Manager > Create to begin setting up Virtual Network Manager.
On the Basics tab, enter or select the following information, and then select Review + create.
Setting Value Subscription Select the subscription where you want to deploy Virtual Network Manager. Resource group Select Create new and enter rg-vnm.
Select Ok.Name Enter vnm-1. Region Select (US) East US or a region of your choosing. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance is deployed. Description (Optional) Provide a description about this Virtual Network Manager instance and the task it's managing. Features Select User defined routing from the dropdown list. Select the Management scope tab or select Next: Management scope > to continue.
On the Management scope tab, select + Add.
In Add scopes, select your subscription then choose Select.
Select Review + create and then select Create to deploy the Virtual Network Manager instance.
Create virtual networks and subnets
In this step, you create two virtual networks to become members of a network group.
From the Home screen, select + Create a resource and search for Virtual network.
Select Virtual network > Create to begin configuring a virtual network.
On the Basics tab, enter or select the following information:
Setting Value Subscription Select the subscription where you want to deploy this virtual network. Resource group Select rg-vnm. Virtual network name Enter vnet-spoke-001. Region Select (US) East US. Select Next > Next or the IP addresses tab.
On the IP addresses tab, enter an IPv4 address range of 10.0.0.0 and /16.
Under Subnets, select default and enter the following information in the Edit Subnet window:
Setting Value Subnet purpose Leave as Default. Name Leave as default. IPv4 IPv4 address range Select 10.0.0.0/16. Starting address Enter 10.0.1.0. Size Enter /24 (256 addresses). 
Select Save then Review + create > Create.
Return to home and repeat the preceding steps to create another virtual network with the following information:
Setting Value Subscription Select the same subscription that you selected in step 2. Resource group Select rg-vnm. Virtual network name Enter vnet-spoke-002. Region Select (US) East US. Edit subnet window Subnet purpose Leave as Default. Name Leave as default. IPv4 IPv4 address range Select 10.1.0.0/16. Starting address Enter 10.1.1.0. Size Enter /24 (256 addresses). Select Save then Review + create > Create.
Create a network group with Azure Policy
In this step, you create a network group containing your virtual networks using Azure policy.
From the Home page, select Resource groups and browse to the rg-vnm resource group, and select the vnm-1 Virtual Network Manager instance.
Under Settings, select Network groups. Then select Create.
On the Create a network group pane, enter the following information:
Setting Value Name Enter ng-spoke. Description (Optional) Provide a description about this network group. Member type Select Virtual network. Select Create.
Select ng-spoke and choose Create Azure Policy.
In Create Azure Policy, enter or select the following information:
Setting Value Policy name Enter ng-azure-policy. Scope Select Select Scope and choose your subscription, if not already selected. Under Criteria, enter a conditional statement to define the network group membership. Enter or select the following information:
Setting Value Parameter Select Name from the dropdown menu. Operator Select Contains from the dropdown menu. Condition Enter -spoke-. 
```Select Preview Resources to see the resources included in the network group, and select Close.
Select Save to create the policy.
Create a routing configuration and rule collection
In this step, you define the UDRs for the network group by creating a routing configuration and rule collection with routing rules.
Return the vnm-1 Virtual Network Manager instance and Configurations under Settings.
Select + Create or Create routing configuration.
In Create a routing configuration, enter or select the following information:
Setting Value Name Enter routing-configuration. Description (Optional) Provide a description about this routing configuration. Select Rule collections tab or Next: Rule collections >.
In Rule collections, select + Add.
In Add a rule collection, enter, or select the following information:
Setting Value Name Enter rule-collection-1. Description (Optional) Provide a description about this rule collection. Local route setting Select Direct routing within virtual network. Target network groups select ng-spoke. 
Note
With the Local route setting option, you can choose how to route traffic within the same virtual network or subnet. For more information, see Local route settings.
Under Routing rules, select + add.
In Add a routing rule, enter, or select the following information:
Setting Value Name Enter rr-spoke. Destination Destination type Select IP address. Destination IP addresses/CIDR ranges Enter 0.0.0.0/0. Next hop Next hop type Select Virtual network. 
Select Add and **Add to save the routing rule collection.
Select Review + create and then Create to create the routing configuration.
Deploy the routing configuration
In this step, you deploy the routing configuration to create the UDRs for the network group.
On the Configurations page, select the checkbox for routing-configuration and choose Deploy from the taskbar.
In Deploy a configuration , select, or enter the routing-configuration
Setting Value Configurations Include user defined routing configurations in your goal state Select checkbox. User defined routing configurations Select routing-configuration. Region Target regions Select (US) East US. Select Next and then Deploy to deploy the routing configuration.
Note
When you create and deploy a routing configuration, you need to be aware of the impact of existing routing rules. For more information, see limitations for UDR management.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for