Quickstart: Create a virtual network using the Azure portal
In this quickstart, you learn how to create a virtual network using the Azure portal. You deploy two virtual machines (VMs). Next, you securely communicate between VMs and connect to VMs from the internet. A virtual network is the fundamental building block for your private network in Azure. It enables Azure resources, like VMs, to securely communicate with each other and with the internet.
Prerequisites
- An Azure account with an active subscription. Create one for free.
Sign in to Azure
Sign in to the Azure portal.
Create a virtual network
Select Create a resource in the upper left-hand corner of the portal.
In the search box, enter Virtual Network. Select Virtual Network in the search results.
In the Virtual Network page, select Create.
In Create virtual network, enter or select this information in the Basics tab:
Setting Value Project details Subscription Select your subscription. Resource group Select Create new. Enter myResourceGroup. Select OK. Instance details Name Enter myVNet. Region Select (US) East US. 
Select the IP Addresses tab, or select the Next: IP Addresses button at the bottom of the page and enter in the following information then select Add:
Setting Value IPv4 address space Enter 10.1.0.0/16. Add subnet Subnet name Enter MySubnet. Subnet address range Enter 10.1.0.0/24. Select Add. 
Select the Security tab, or select the Next: Security button at the bottom of the page.
Under BastionHost, select Enable. Enter this information:
Setting Value Bastion name Enter myBastionHost AzureBastionSubnet address space Enter 10.1.1.0/24 Public IP Address Select Create new. For Name, enter myBastionIP. Select OK. 
Select the Review + create tab or select the Review + create button.
Select Create.
Create virtual machines
Create two VMs in the virtual network:
Create the first VM
On the upper-left side of the portal, select Create a resource > Compute > Virtual machine.
In Create a virtual machine, type or select the values in the Basics tab:
Setting Value Project Details Subscription Select your Azure subscription Resource Group Select myResourceGroup Instance details Virtual machine name Enter myVM1 Region Select (US) East US Availability Options Select No infrastructure redundancy required Image Select Windows Server 2019 Datacenter - Gen2 Azure Spot instance Select No Size Choose VM size or take default setting Administrator account Username Enter a username Password Enter a password Confirm password Reenter password Inbound port rules Public inbound ports Select None. 
Select the Networking tab, or select Next: Disks, then Next: Networking.
In the Networking tab, select or enter:
Setting Value Network interface Virtual network Select myVNet. Subnet Select mySubnet Public IP Select None NIC network security group Select Basic Public inbound ports network Select None. Select the Review + create tab, or select the blue Review + create button at the bottom of the page.
Review the settings, and then select Create.
Create the second VM
On the upper-left side of the portal, select Create a resource > Compute > Virtual machine.
In Create a virtual machine, type or select the values in the Basics tab:
Setting Value Project Details Subscription Select your Azure subscription Resource Group Select myResourceGroup Instance details Virtual machine name Enter myVM2 Region Select (US) East US Availability Options Select No infrastructure redundancy required Image Select Windows Server 2019 Datacenter - Gen2 Azure Spot instance Select No Size Choose VM size or take default setting Administrator account Username Enter a username Password Enter a password Confirm password Reenter password Inbound port rules Public inbound ports Select None. Select the Networking tab, or select Next: Disks, then Next: Networking.
In the Networking tab, select or enter:
Setting Value Network interface Virtual network Select myVNet. Subnet Select mySubnet Public IP Select None NIC network security group Select Basic Public inbound ports network Select None. Select the Review + create tab, or select the blue Review + create button at the bottom of the page.
Review the settings, and then select Create.
Note
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the back-end pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when a public IP address is assigned to the VM, the VM is placed in the back-end pool of a standard load balancer, with or without outbound rules, or if an Azure Virtual Network NAT gateway resource is assigned to the subnet of the VM.
VMs that are created by virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use source network address translation (SNAT) for outbound connections.
Connect to myVM1
Go to the Azure portal to manage your private VM. Search for and select Virtual machines.
Pick the name of your private virtual machine myVM1.
In the VM menu bar, select Connect, then select Bastion.
In the Connect page, select the blue Use Bastion button.
In the Bastion page, enter the username and password you created for the virtual machine previously.
Select Connect.
For more information about Azure Bastion, see Azure Bastion.
Communicate between VMs
In the Bastion connection of myVM1, open PowerShell.
Enter
ping myVM2.You'll get a reply message like this:
PS C:\Users\myVM1> ping myVM2 Pinging myVM2.ovvzzdcazhbu5iczfvonhg2zrb.bx.internal.cloudapp.net Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 10.0.0.5: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),The ping fails, because it uses the Internet Control Message Protocol (ICMP). By default, ICMP isn't allowed through your Windows firewall.
To allow myVM2 to ping myVM1 in a later step, enter this command:
New-NetFirewallRule –DisplayName "Allow ICMPv4-In" –Protocol ICMPv4That command lets ICMP inbound through the Windows firewall.
Close the bastion connection to myVM1.
Complete the steps in Connect to myVM1, but connect to myVM2.
Open PowerShell on myVM2, enter
ping myVM1.You'll receive a successful reply message like this:
Pinging myVM1.cs4wv3rxdjgedggsfghkjrxuqf.bx.internal.cloudapp.net [10.1.0.4] with 32 bytes of data: Reply from 10.1.0.4: bytes=32 time=1ms TTL=128 Reply from 10.1.0.4: bytes=32 time=1ms TTL=128 Reply from 10.1.0.4: bytes=32 time=1ms TTL=128 Reply from 10.1.0.4: bytes=32 time=1ms TTL=128 Ping statistics for 10.1.0.4: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1msClose the bastion connection to myVM2.
Clean up resources
In this quickstart, you created a default virtual network and two VMs.
You connected to one VM from the internet and securely communicated between the two VMs.
When you're done using the virtual network and the VMs, delete the resource group and all of the resources it contains:
Search for and select myResourceGroup.
Select Delete resource group.
Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME and select Delete.
Next steps
To learn more about virtual network settings, see Create, change, or delete a virtual network.
To learn more about types of VM network communications, see Filter network traffic.
Feedback
Submit and view feedback for