In this article, you create a virtual machine (VM) with a static public IP address. A public IP address enables you to communicate to a VM from the internet. Assign a static public IP address, rather than a dynamic address, to ensure the address never changes.
Public IP addresses have a nominal charge. There's a limit to the number of public IP addresses that you can use per subscription.
You can download the list of ranges (prefixes) for the Azure Public, US government, China, and Germany clouds.
Prerequisites
- An Azure account with an active subscription. Create an account for free.
- Azure PowerShell installed locally or Azure Cloud Shell.
- If you choose to install and use PowerShell locally, this article requires the Azure PowerShell module version 5.4.1 or later.
- Run
Get-Module -ListAvailable Az to find the installed version.
- If you need to upgrade, see Install Azure PowerShell module. If you're running PowerShell locally, you also need to run
Connect-AzAccount to create a connection with Azure.
- An Azure account with an active subscription. Create an account for free.
- This tutorial requires version 2.0.28 or later of the Azure CLI. If using Azure Cloud Shell, the latest version is already installed.
Create a virtual machine with a static public IP address
In this section, you create a virtual machine with a static public IP address using the Azure portal, Azure PowerShell, or Azure CLI. Along with the virtual machine, you create a public IP address and the other required resources.
Sign in to Azure
Sign in to the Azure portal.
Create a virtual machine
In the search box at the top of the portal, enter Virtual machine.
In the search results, select Virtual machines.
Select + Create, then select Azure virtual machine.
In Basics tab of Create a virtual machine, enter or select the following:
| Setting |
Value |
| Project Details |
|
| Subscription |
Select your Azure subscription |
| Resource Group |
Select Create new.
In Name, enter myResourceGroup.
Select OK. |
| Instance details |
|
| Virtual machine name |
Enter myVM. |
| Region |
Select East US. |
| Availability Options |
Select No infrastructure redundancy required. |
| Security type |
Select Standard. |
| Image |
Select Windows Server 2019 Datacenter - x64 Gen2. |
| Size |
Choose VM size or take default setting. |
| Administrator account |
|
| Username |
Enter a username. |
| Password |
Enter a password. |
| Confirm password |
Reenter password. |
| Public inbound ports |
Select Allow selected ports. |
| Select inbound ports |
Select RDP (3389). |
Warning
Port 3389 is selected to enable remote access to the Windows Server virtual machine from the internet. Opening port 3389 to the internet is not recommended to manage production workloads.
For secure access to Azure virtual machines, see What is Azure Bastion?.
Select the Networking tab, or select Next: Disks, then Next: Networking.
In the Networking tab, enter or select the following:
| Setting |
Value |
| Network interface |
|
| Virtual network |
Accept the default network name. |
| Subnet |
Accept the default subnet configuration. |
| Public IP |
Select Create new.
In Create public IP address, enter myPublicIP in Name.
SKU: select Standard.
Assignment: select Static.
Select OK. |
| NIC network security group |
Select Basic |
| Public inbound ports |
Select Allow selected ports. |
| Select inbound ports |
Select RDP (3389) |
Note
The SKU of the virtual machine's public IP address must match the public IP SKU of Azure public load balancer when added to the backend pool of the load balancer. For details, see Azure Load Balancer.
Select Review + create.
Review the settings, and then select Create.
Warning
Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary. For more information, see Add a private IP address to an operating system.
Note
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the backend pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when one of the following events happens:
- A public IP address is assigned to the VM.
- The VM is placed in the backend pool of a standard load balancer, with or without outbound rules.
- An Azure NAT Gateway resource is assigned to the subnet of the VM.
VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.
Create a resource group
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with New-AzResourceGroup named myResourceGroup in the eastus2 location.
$rg =@{
Name = 'myResourceGroup'
Location = 'eastus2'
}
New-AzResourceGroup @rg
Create a public IP address
Use New-AzPublicIpAddress to create a standard public IPv4 address.
The following command creates a zone-redundant public IP address named myPublicIP in myResourceGroup.
## Create IP. ##
$ip = @{
Name = 'myPublicIP'
ResourceGroupName = 'myResourceGroup'
Location = 'eastus2'
Sku = 'Standard'
AllocationMethod = 'Static'
IpAddressVersion = 'IPv4'
Zone = 1,2,3
}
New-AzPublicIpAddress @ip
Create a virtual machine
Create a virtual machine with New-AzVM.
The following command creates a Windows Server virtual machine. You enter the name of the public IP address created previously in the -PublicIPAddressName parameter. When prompted, provide a username and password to be used as the credentials for the virtual machine:
## Create virtual machine. ##
$vm = @{
ResourceGroupName = 'myResourceGroup'
Location = 'East US 2'
Name = 'myVM'
PublicIpAddressName = 'myPublicIP'
}
New-AzVM @vm
For more information on public IP SKUs, see Public IP address SKUs. A virtual machine can be added to the backend pool of an Azure Load Balancer. The SKU of the public IP address must match the SKU of a load balancer's public IP. For more information, see Azure Load Balancer.
View the public IP address assigned and confirm that it was created as a static address, with Get-AzPublicIpAddress:
## Retrieve public IP address settings. ##
$ip = @{
Name = 'myPublicIP'
ResourceGroupName = 'myResourceGroup'
}
Get-AzPublicIpAddress @ip | Select "IpAddress","PublicIpAllocationMethod" | Format-Table
Warning
Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.
Note
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the backend pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when one of the following events happens:
- A public IP address is assigned to the VM.
- The VM is placed in the backend pool of a standard load balancer, with or without outbound rules.
- An Azure NAT Gateway resource is assigned to the subnet of the VM.
VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.
Create a resource group
An Azure resource group is a logical container into which Azure resources are deployed and managed.
Create a resource group with az group create named myResourceGroup in the eastus2 location.
az group create \
--name myResourceGroup \
--location eastus2
Create a public IP address
Use az network public-ip create to create a standard public IPv4 address.
The following command creates a zone-redundant public IP address named myPublicIP in myResourceGroup.
az network public-ip create \
--resource-group myResourceGroup \
--name myPublicIP \
--version IPv4 \
--sku Standard \
--zone 1 2 3
Create a virtual machine
Create a virtual machine with az vm create.
The following command creates a Windows Server virtual machine. You enter the name of the public IP address created previously in the -PublicIPAddressName parameter. When prompted, provide a username and password to be used as the credentials for the virtual machine:
az vm create \
--name myVM \
--resource-group TutorVMRoutePref-rg \
--public-ip-address myPublicIP \
--size Standard_A2 \
--image MicrosoftWindowsServer:WindowsServer:2019-Datacenter:latest \
--admin-username azureuser
For more information on public IP SKUs, see Public IP address SKUs. A virtual machine can be added to the backend pool of an Azure Load Balancer. The SKU of the public IP address must match the SKU of a load balancer's public IP. For more information, see Azure Load Balancer.
View the public IP address assigned and confirm that it was created as a static address, with az network public-ip show:
az network public-ip show \
--resource-group myResourceGroup \
--name myPublicIP \
--query [ipAddress,publicIpAllocationMethod,sku] \
--output table
Warning
Do not modify the IP address settings within the virtual machine's operating system. The operating system is unaware of Azure public IP addresses. Though you can add private IP address settings to the operating system, we recommend not doing so unless necessary, and not until after reading Add a private IP address to an operating system.
Note
Azure provides a default outbound access IP for VMs that either aren't assigned a public IP address or are in the backend pool of an internal basic Azure load balancer. The default outbound access IP mechanism provides an outbound IP address that isn't configurable.
The default outbound access IP is disabled when one of the following events happens:
- A public IP address is assigned to the VM.
- The VM is placed in the backend pool of a standard load balancer, with or without outbound rules.
- An Azure NAT Gateway resource is assigned to the subnet of the VM.
VMs that you create by using virtual machine scale sets in flexible orchestration mode don't have default outbound access.
For more information about outbound connections in Azure, see Default outbound access in Azure and Use Source Network Address Translation (SNAT) for outbound connections.
Clean up resources
When resources are no longer needed, delete all resources created in this article to avoid incurring charges.
Use the Azure portal to delete the resource group and all of the resources it contains:
Enter myResourceGroup in the search box at the top of the portal. When you see myResourceGroup in the search results, select it.
Select Delete resource group.
Enter myResourceGroup for TYPE THE RESOURCE GROUP NAME: and select Delete.
Use Remove-AzResourceGroup to remove the resource group and all of the resources it contains:
Remove-AzResourceGroup -Name myResourceGroup -Force
Use az group delete to remove the resource group and all of the resources it contains:
az group delete --name myResourceGroup --yes
Next steps
In this article, you learned how to create a VM with a static public IP.
