Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Azure Network Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. Network diagnostic and visualization tools available with Network Watcher help you understand, diagnose, and gain insights to your network in Azure.
Network Watcher is enabled in an Azure region through the creation of a Network Watcher instance in that region. This instance allows you to utilize Network Watcher capabilities in that particular region.
Note
- By default, Network Watcher is automatically enabled. When you create or update a virtual network in your subscription, Network Watcher will be automatically enabled in your Virtual Network's region.
- Automatically enabling Network Watcher doesn't affect your resources or associated charge.
- If you previously chose to opt out of Network Watcher automatic enablement, you must manually enable Network Watcher in each region where you want to use Network Watcher capabilities. For more information, see Network Watcher Azure regions.
Prerequisites
An Azure account with an active subscription. Create an account for free.
Sign in to the Azure portal with your Azure account.
Enable Network Watcher for your region
If you choose to opt out of Network Watcher automatic enablement, you must manually enable Network Watcher in each region where you want to use Network Watcher capabilities. To enable Network Watcher in a region, create a Network Watcher instance in that region using the Azure portal, PowerShell, the Azure CLI, REST API, or an Azure Resource Manager template (ARM template).
In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.
On the Overview page, select + Create.
On Add network watcher, select your Azure subscription, then select the region that you want to enable Azure Network Watcher for.
Select Add.
Note
When you create a Network Watcher instance using the Azure portal:
- The name of the Network Watcher instance is automatically set to NetworkWatcher_region, where region corresponds to the Azure region of the Network Watcher instance. For example, a Network Watcher enabled in the East US region is named NetworkWatcher_eastus.
- The Network Watcher instance is created in a resource group named NetworkWatcherRG. The resource group is created if it doesn't already exist.
If you wish to customize the name of a Network Watcher instance and resource group, you can use PowerShell or REST API methods. In each option, the resource group must exist before you create a Network Watcher in it.
Disable Network Watcher for your region
You can disable Network Watcher for a region by deleting the Network Watcher instance in that region. You can delete a Network Watcher instance using the Azure portal, PowerShell, the Azure CLI, or REST API.
Warning
Deleting a Network Watcher instance deletes all Network Watcher running operations, historical data, and alerts with no option to revert. For example, if you delete NetworkWatcher_eastus instance, all flow logs, connection monitors and packet captures in East US region will be deleted.
In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.
On the Overview page, select the Network Watcher instances that you want to delete, then select Disable.
Enter yes, then select Delete.
Opt out of Network Watcher automatic enablement
You can opt out of Network Watcher automatic enablement using Azure PowerShell or Azure CLI.
Caution
Opting-out of Network Watcher automatic enablement is a permanent change. Once you opt out, you cannot opt in without contacting Azure support.
Opting-out of Network Watcher automatic enablement isn't available in the Azure portal. Use PowerShell or Azure CLI to opt out of Network Watcher automatic enablement.
Note
After you opt out of Network Watcher automatic enablement, you must manually enable Network Watcher in each region where you want to use Network Watcher capabilities. For more information, see Enable Network Watcher for your region.
List Network Watcher instances
You can view all regions where Network Watcher is enabled in your subscription by listing available Network Watcher instances in your subscription. Use the Azure portal, PowerShell, the Azure CLI, or REST API to list Network Watcher instances in your subscription.
In the search box at the top of the portal, enter network watcher. Select Network Watcher from the search results.
On the Overview page, you can see all Network Watcher instances in your subscription.
Related content
To get started with Network Watcher, see: