Events
Apr 29, 2 p.m. - Apr 30, 7 p.m.
Join the ultimate Windows Server virtual event April 29-30 for deep-dive technical sessions and live Q&A with Microsoft engineers.
Sign up nowThis browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
A lot of workloads running on-premises and in multi-cloud environments require connections to virtual machines (VMs) running in Microsoft Azure. To connect a server to an Azure Virtual Network, you have several options, including Site-to-Site VPN, Azure Express Route, and Point-to-Site VPN.
Windows Admin Center and Azure Network Adapter provide a one-click experience to connect the server with your virtual network using a Point-to-Site VPN connection. The process automates configuring the virtual network gateway and the on-premises VPN client.
Azure Network Adapter Point-to-Site VPN connections are useful when you want to connect to your virtual network from a remote location, such as a branch office, store, or other location. You can also use Azure Network Adapter instead of a Site-to-Site VPN when you require only a few servers to connect to a virtual network. Azure Network Adapter connections don't require a VPN device or a public-facing IP address.
Using Azure Network Adapter to connect to a virtual network requires the following:
Note
It’s not required to install Windows Admin Center on the server that you want to connect to Azure. However, you can do that in a single server scenario.
To configure Azure Network Adapter, go to the Network extension for it in Windows Admin Center.
In Windows Admin Center:
Subscription
Location
Virtual Network
Gateway Subnet (if doesn’t exist)
Gateway SKU (if doesn’t exist)
Client Address Space
The client address pool is a range of private IP addresses that you specify. The clients that connect over a Point-to-Site VPN dynamically receive an IP address from this range. Use a private IP address range that does not overlap with the on-premises location that you connect from, or the virtual network that you want to connect to. We recommend using IP addresses that are in the ranges designated for private networks (10.x.x.x, 192.168.x.x, or 172.16.0.0 to 172.31.255.255).
Authentication Certificate
Azure uses certificates to authenticate clients connecting to a virtual network over a Point-to-Site VPN connection. The public key information of the root certificate is uploaded to Azure. The root certificate is then considered “trusted” by Azure for a Point-to-Site connection to the virtual network. Client certificates must be generated from the trusted root certificate and installed on the client server. The client certificate is used to authenticate the client when it initiates a connection to the virtual network.
To learn more, see the “Configure authentication type” section of Configure a Point-to-Site VPN connection to a VNet using native Azure certificate authentication: Azure portal.
Note
Network appliances, such as VPN Gateway and Application Gateway that run inside a virtual network, come with additional cost. To learn more, see Virtual Network pricing.
If there is no existing Azure Virtual Network gateway, Windows Admin Center creates one for you. The setup process can take up to 25 minutes. After the Azure Network Adapter is created, you can start to access VMs in the virtual network directly from your server.
If you don’t need the connectivity anymore, under Networks, select the Azure Network Adapter that you want to disconnect, from the top menu, select Disconnect, and then on the Disconnect VPN Confirmation pop-up window, select Yes.
For more information about Azure Virtual Network, see also:
Events
Apr 29, 2 p.m. - Apr 30, 7 p.m.
Join the ultimate Windows Server virtual event April 29-30 for deep-dive technical sessions and live Q&A with Microsoft engineers.
Sign up nowTraining
Module
Implement hybrid network infrastructure - Training
You learn to connect your on-premises environment to Azure, implement subnets and routing between your on-premises and cloud environments, and ensure that workloads in the cloud and on-premises perform DNS resolution to locate each other.
Certification
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.
Documentation
Extend your on-premises subnets into Azure using extended network for Azure
Extend your on-premises subnets into Azure using extended network for Azure
Tutorial: Create site-to-site connections using Virtual WAN - Azure Virtual WAN
Learn how to use Azure Virtual WAN to create a site-to-site VPN connection to Azure.