Events
May 19, 6 PM - May 23, 12 AM
Calling all developers, creators, and AI innovators to join us in Seattle @Microsoft Build May 19-22.
Register todayEnable virtual network integration in Azure App Service
Through integrating with an Azure virtual network from your Azure App Service app, you can reach private resources from your app within the virtual network.
The virtual network integration feature requires:
- An App Service pricing tier that supports virtual network integration.
- A virtual network in the same region with an empty subnet.
The subnet must be delegated to Microsoft.Web/serverFarms. If you don't delegate before integration, the provisioning process configures this delegation. The subnet must be allocated an IPv4 /28 block (16 addresses). We recommend that you have a minimum of 64 addresses (IPv4 /26 block) to allow for maximum horizontal scale.
If the virtual network is in a different subscription than the app, ensure that the subscription with the virtual network is registered for the Microsoft.Web resource provider. The provider is registered when you create the first web app in a subscription. To explicitly register the provider, see Register resource provider.
Go to your app in the Azure portal. Select Settings > Networking. Under Outbound traffic configuration, next to Virtual network integration, select the Not configured link.
Select Add virtual network integration.
Select a subscription and virtual network.
Under Subnet, the dropdown list contains all the virtual networks in your subscription in the same region. Select an empty preexisting subnet or create a new subnet. Select Connect.
During the integration, your app is restarted. When integration finishes, you see details on the virtual network that you integrated with.
You can also configure virtual network integration by using the Azure CLI:
az webapp vnet-integration add --resource-group <group-name> --name <app-name> --vnet <vnet-name> --subnet <subnet-name>
Note
The command checks if the subnet is delegated to Microsoft.Web/serverFarms. If it isn't configured, the command applies the necessary delegation. If the subnet was configured and you don't have permissions to check it, or if the virtual network is in another subscription, you can use the --skip-delegation-check parameter to bypass the validation.
Prepare parameters.
$siteName = '<app-name>' $vNetResourceGroupName = '<group-name>' $webAppResourceGroupName = '<group-name>' $vNetName = '<vnet-name>' $integrationSubnetName = '<subnet-name>' $vNetSubscriptionId = '<subscription-guid>'Note
If the virtual network is in another subscription than webapp, you can use the
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"command to set the current subscription context. Set the current subscription context to the subscription where the virtual network was deployed.Check if the subnet is delegated to Microsoft.Web/serverFarms.
$vnet = Get-AzVirtualNetwork -Name $vNetName -ResourceGroupName $vNetResourceGroupName $subnet = Get-AzVirtualNetworkSubnetConfig -Name $integrationSubnetName -VirtualNetwork $vnet Get-AzDelegation -Subnet $subnetIf your subnet isn't delegated to Microsoft.Web/serverFarms, add delegation using these commands.
$subnet = Add-AzDelegation -Name "myDelegation" -ServiceName "Microsoft.Web/serverFarms" -Subnet $subnet Set-AzVirtualNetwork -VirtualNetwork $vnetConfigure virtual network integration.
$subnetResourceId = "/subscriptions/$vNetSubscriptionId/resourceGroups/$vNetResourceGroupName/providers/Microsoft.Network/virtualNetworks/$vNetName/subnets/$integrationSubnetName" $webApp = Get-AzResource -ResourceType Microsoft.Web/sites -ResourceGroupName $webAppResourceGroupName -ResourceName $siteName $webApp.Properties.virtualNetworkSubnetId = $subnetResourceId $webApp.Properties.vnetRouteAllEnabled = 'true' $webApp | Set-AzResource -ForceNote
If the webapp is in another subscription than virtual network, you can use the
Set-AzContext -Subscription "xxxx-xxxx-xxxx-xxxx"command to set the current subscription context. Set the current subscription context to the subscription where the web app was deployed.
Additional resources
Training
Module
Configure virtual networks - Training
Learn how to configure virtual networks and subnets, including IP addressing.
Certification
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.