What is Azure Virtual Network Manager?

Azure Virtual Network Manager is a management service that enables you to group, configure, deploy, and manage virtual networks globally across subscriptions. With Virtual Network Manager, you can define network groups to identify and logically segment your virtual networks. Then you can determine the connectivity and security configurations you want and apply them across all the selected virtual networks in network groups at once.

How does Azure Virtual Network Manager work?

During the creation process, you define the scope for what your Azure Virtual Network Manager manages. Your Network Manager only has the delegated access to apply configurations within this scope boundary. Defining a scope can be done directly on a list of subscriptions. However it's recommended to use management groups to define your scope. Management groups provide hierarchical organization to your subscriptions. After defining the scope, you deploy configuration types including Connectivity and the SecurityAdmin rules for your Virtual Network Manager.

After you deploy the Virtual Network Manager instance, you create a network group, which serves as a logical container of networking resources to apply configurations at scale. You can manually select individual virtual networks to be added to your network group, known as static membership. Or you can use Azure Policy to define conditions that govern your group membership dynamically, or dynamic membership. For more information about Azure Policy initiatives, see Azure Virtual Network Manager and Azure Policy.

Next, you create connectivity and/or security configuration(s) applied to those network groups based on your topology and security needs. A connectivity configuration enables you to create a mesh or a hub-and-spoke network topology. A security configuration allows you to define a collection of rules that you can apply to one or more network groups at the global level. Once you have created your desired network groups and configurations, you can deploy the configurations to any region of your choosing.

Azure Virtual Network Manager can be deployed and managed through the Azure portal, Azure CLI, Azure PowerShell, or Terraform.

Key benefits

• Centrally manage connectivity and security policies globally across regions and subscriptions.

• Enable direct connectivity between spokes in a hub-and-spoke configuration without the complexity of managing a mesh network.

• Highly scalable and highly available service with redundancy and replication across the globe.

• Ability to create network security rules that override network security group rules.

• Low latency and high bandwidth between resources in different virtual networks using virtual network peering.

• Roll out network changes through a specific region sequence and frequency of your choosing.

For current information on the regions where Azure Virtual Network Manager is available, see Azure Virtual Network Manager regions.

Pricing

For pricing details, see Azure Virtual Network Manager pricing.

New Azure Virtual Network Manager instances will charge solely on the virtual network-based pricing described in the pricing page above.

Azure Virtual Network Manager instances created prior to the release of the virtual network-based pricing will continue to charge on the subscription-based pricing described in the pricing page above. If you prefer for your Azure Virtual Network Manager instance to instead charge on the virtual network-based pricing, follow the steps below to switch its pricing model.

1. In the Azure Portal, search for "Preview features".
2. On the "Preview Features" page, ensure the subscription selected is the subscription that contains your Azure Virtual Network Manager instance. Filter the features by "Network manager".
3. Select the feature named "Network manager billing by virtual networks" and register. The Azure Virtual Network Manager instance in the registered subscription will now charge on the virtual network-based pricing.

FAQs

For FAQs, see Azure Virtual Network Manager FAQs.

Limits

For limits, see Azure Virtual Network Manager limits.

Service Level Agreement

For SLA, see SLA for Azure Virtual Network Manager

Next steps

Create an Azure Virtual Network Manager instance using the Azure portal.