Create a virtual network with encryption

Azure Virtual Network encryption is a feature of Azure Virtual Network. With Virtual Network encryption, you can seamlessly encrypt and decrypt internal network traffic over the wire, with minimal effect to performance and scale. Virtual Network encryption protects data that traverses your virtual network from virtual machine to virtual machine.

Prerequisites

An Azure account with an active subscription. Create one for free.

Create a virtual network

The following procedure creates a virtual network with a resource subnet.

  1. In the portal, search for and select Virtual networks.

  2. On the Virtual networks page, select + Create.

  3. On the Basics tab of Create virtual network, enter or select the following information:

    Setting Value
    Project details
    Subscription Select your subscription.
    Resource group Select Create new.
    Enter test-rg in Name.
    Select OK.
    Instance details
    Name Enter vnet-1.
    Region Select East US 2.

    Screenshot that shows the Basics tab of Create virtual network in the Azure portal.

  4. Select Next to proceed to the Security tab.

  5. Select Next to proceed to the IP addresses tab.

  6. In the address space box under Subnets, select the default subnet.

  7. On the Edit subnet pane, enter or select the following information:

    Setting Value
    Subnet details
    Subnet template Leave the default as Default.
    Name Enter subnet-1.
    Starting address Leave the default of 10.0.0.0.
    Subnet size Leave the default of /24(256 addresses).

    Screenshot that shows the default subnet rename and configuration.

  8. Select Save.

  9. Select Review + create at the bottom of the screen. After validation passes, select Create.

Important

To encrypt traffic, Virtual Network encryption requires supported virtual machine versions in the virtual network. The setting dropUnencrypted drops traffic between unsupported virtual machine versions if they're deployed in the virtual network. For more information, see Azure Virtual Network encryption requirements.

Enable encryption on a virtual network

Use the following steps to enable encryption for a virtual network.

  1. In the search box at the top of the portal, begin to enter Virtual networks. When Virtual networks appears in the search results, select it.

  2. Select vnet-1 to open the vnet-1 pane.

  3. On the service menu, select Overview, and then select the Properties tab.

  4. Under Encryption, select Disabled.

    Screenshot that shows properties of the virtual network.

  5. Select the box next to Virtual network encryption.

  6. Select Save.

Verify that encryption is enabled

  1. In the search box at the top of the portal, begin to enter Virtual networks. When Virtual networks appears in the search results, select it.

  2. Select vnet-1 to open the vnet-1 pane.

  3. On the service menu, select Overview, and then select the Properties tab.

  4. Verify that Encryption is set to Enabled.

    Screenshot that shows properties of the virtual network with Encryption st as Enabled.

Clean up resources

When you finish using the resources that you created, you can delete the resource group and all its resources.

  1. In the Azure portal, search for and select Resource groups.

  2. On the Resource groups page, select the test-rg resource group.

  3. On the test-rg page, select Delete resource group.

  4. Enter test-rg in Enter resource group name to confirm deletion, and then select Delete.