Microsoft.Network virtualNetworks 2019-11-01

Template format

To create a Microsoft.Network/virtualNetworks resource, add the following JSON to the resources section of your template.

{
  "name": "string",
  "type": "Microsoft.Network/virtualNetworks",
  "apiVersion": "2019-11-01",
  "location": "string",
  "tags": {},
  "properties": {
    "addressSpace": {
      "addressPrefixes": [
        "string"
      ]
    },
    "dhcpOptions": {
      "dnsServers": [
        "string"
      ]
    },
    "subnets": [
      {
        "id": "string",
        "properties": {
          "addressPrefix": "string",
          "addressPrefixes": [
            "string"
          ],
          "networkSecurityGroup": {
            "id": "string",
            "location": "string",
            "tags": {},
            "properties": {
              "securityRules": [
                {
                  "id": "string",
                  "properties": {
                    "description": "string",
                    "protocol": "string",
                    "sourcePortRange": "string",
                    "destinationPortRange": "string",
                    "sourceAddressPrefix": "string",
                    "sourceAddressPrefixes": [
                      "string"
                    ],
                    "sourceApplicationSecurityGroups": [
                      {
                        "id": "string",
                        "location": "string",
                        "tags": {},
                        "properties": {}
                      }
                    ],
                    "destinationAddressPrefix": "string",
                    "destinationAddressPrefixes": [
                      "string"
                    ],
                    "destinationApplicationSecurityGroups": [
                      {
                        "id": "string",
                        "location": "string",
                        "tags": {},
                        "properties": {}
                      }
                    ],
                    "sourcePortRanges": [
                      "string"
                    ],
                    "destinationPortRanges": [
                      "string"
                    ],
                    "access": "string",
                    "priority": "integer",
                    "direction": "string"
                  },
                  "name": "string"
                }
              ]
            }
          },
          "routeTable": {
            "id": "string",
            "location": "string",
            "tags": {},
            "properties": {
              "routes": [
                {
                  "id": "string",
                  "properties": {
                    "addressPrefix": "string",
                    "nextHopType": "string",
                    "nextHopIpAddress": "string"
                  },
                  "name": "string"
                }
              ],
              "disableBgpRoutePropagation": "boolean"
            }
          },
          "natGateway": {
            "id": "string"
          },
          "serviceEndpoints": [
            {
              "service": "string",
              "locations": [
                "string"
              ]
            }
          ],
          "serviceEndpointPolicies": [
            {
              "id": "string",
              "location": "string",
              "tags": {},
              "properties": {
                "serviceEndpointPolicyDefinitions": [
                  {
                    "id": "string",
                    "properties": {
                      "description": "string",
                      "service": "string",
                      "serviceResources": [
                        "string"
                      ]
                    },
                    "name": "string"
                  }
                ]
              }
            }
          ],
          "delegations": [
            {
              "id": "string",
              "properties": {
                "serviceName": "string"
              },
              "name": "string"
            }
          ],
          "privateEndpointNetworkPolicies": "string",
          "privateLinkServiceNetworkPolicies": "string"
        },
        "name": "string"
      }
    ],
    "virtualNetworkPeerings": [
      {
        "id": "string",
        "properties": {
          "allowVirtualNetworkAccess": "boolean",
          "allowForwardedTraffic": "boolean",
          "allowGatewayTransit": "boolean",
          "useRemoteGateways": "boolean",
          "remoteVirtualNetwork": {
            "id": "string"
          },
          "remoteAddressSpace": {
            "addressPrefixes": [
              "string"
            ]
          },
          "peeringState": "string"
        },
        "name": "string"
      }
    ],
    "enableDdosProtection": "boolean",
    "enableVmProtection": "boolean",
    "ddosProtectionPlan": {
      "id": "string"
    },
    "bgpCommunities": {
      "virtualNetworkCommunity": "string"
    }
  },
  "resources": []
}

Property values

The following tables describe the values you need to set in the schema.

Microsoft.Network/virtualNetworks object

Name Type Required Value
name string Yes The name of the virtual network.
type enum Yes Microsoft.Network/virtualNetworks
apiVersion enum Yes 2019-11-01
location string Yes Resource location.
tags object No Resource tags.
properties object Yes Properties of the virtual network. - VirtualNetworkPropertiesFormat object
resources array No virtualNetworkPeerings subnets

VirtualNetworkPropertiesFormat object

Name Type Required Value
addressSpace object No The AddressSpace that contains an array of IP address ranges that can be used by subnets. - AddressSpace object
dhcpOptions object No The dhcpOptions that contains an array of DNS servers available to VMs deployed in the virtual network. - DhcpOptions object
subnets array No A list of subnets in a Virtual Network. - Subnet object
virtualNetworkPeerings array No A list of peerings in a Virtual Network. - VirtualNetworkPeering object
enableDdosProtection boolean No Indicates if DDoS protection is enabled for all the protected resources in the virtual network. It requires a DDoS protection plan associated with the resource.
enableVmProtection boolean No Indicates if VM protection is enabled for all the subnets in the virtual network.
ddosProtectionPlan object No The DDoS protection plan associated with the virtual network. - SubResource object
bgpCommunities object No Bgp Communities sent over ExpressRoute with each route corresponding to a prefix in this VNET. - VirtualNetworkBgpCommunities object

AddressSpace object

Name Type Required Value
addressPrefixes array No A list of address blocks reserved for this virtual network in CIDR notation. - string

DhcpOptions object

Name Type Required Value
dnsServers array No The list of DNS servers IP addresses. - string

Subnet object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the subnet. - SubnetPropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

VirtualNetworkPeering object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the virtual network peering. - VirtualNetworkPeeringPropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

SubResource object

Name Type Required Value
id string No Resource ID.

VirtualNetworkBgpCommunities object

Name Type Required Value
virtualNetworkCommunity string Yes The BGP community associated with the virtual network.

SubnetPropertiesFormat object

Name Type Required Value
addressPrefix string No The address prefix for the subnet.
addressPrefixes array No List of address prefixes for the subnet. - string
networkSecurityGroup object No The reference to the NetworkSecurityGroup resource. - NetworkSecurityGroup object
routeTable object No The reference to the RouteTable resource. - RouteTable object
natGateway object No Nat gateway associated with this subnet. - SubResource object
serviceEndpoints array No An array of service endpoints. - ServiceEndpointPropertiesFormat object
serviceEndpointPolicies array No An array of service endpoint policies. - ServiceEndpointPolicy object
delegations array No An array of references to the delegations on the subnet. - Delegation object
privateEndpointNetworkPolicies string No Enable or Disable apply network policies on private end point in the subnet.
privateLinkServiceNetworkPolicies string No Enable or Disable apply network policies on private link service in the subnet.

VirtualNetworkPeeringPropertiesFormat object

Name Type Required Value
allowVirtualNetworkAccess boolean No Whether the VMs in the local virtual network space would be able to access the VMs in remote virtual network space.
allowForwardedTraffic boolean No Whether the forwarded traffic from the VMs in the local virtual network will be allowed/disallowed in remote virtual network.
allowGatewayTransit boolean No If gateway links can be used in remote virtual networking to link to this virtual network.
useRemoteGateways boolean No If remote gateways can be used on this virtual network. If the flag is set to true, and allowGatewayTransit on remote peering is also true, virtual network will use gateways of remote virtual network for transit. Only one peering can have this flag set to true. This flag cannot be set if virtual network already has a gateway.
remoteVirtualNetwork object No The reference to the remote virtual network. The remote virtual network can be in the same or different region (preview). See here to register for the preview and learn more (https://docs.microsoft.com/azure/virtual-network/virtual-network-create-peering). - SubResource object
remoteAddressSpace object No The reference to the remote virtual network address space. - AddressSpace object
peeringState enum No The status of the virtual network peering. - Initiated, Connected, Disconnected

NetworkSecurityGroup object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No Properties of the network security group. - NetworkSecurityGroupPropertiesFormat object

RouteTable object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No Properties of the route table. - RouteTablePropertiesFormat object

ServiceEndpointPropertiesFormat object

Name Type Required Value
service string No The type of the endpoint service.
locations array No A list of locations. - string

ServiceEndpointPolicy object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No Properties of the service end point policy. - ServiceEndpointPolicyPropertiesFormat object

Delegation object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the subnet. - ServiceDelegationPropertiesFormat object
name string No The name of the resource that is unique within a subnet. This name can be used to access the resource.

NetworkSecurityGroupPropertiesFormat object

Name Type Required Value
securityRules array No A collection of security rules of the network security group. - SecurityRule object

RouteTablePropertiesFormat object

Name Type Required Value
routes array No Collection of routes contained within a route table. - Route object
disableBgpRoutePropagation boolean No Whether to disable the routes learned by BGP on that route table. True means disable.

ServiceEndpointPolicyPropertiesFormat object

Name Type Required Value
serviceEndpointPolicyDefinitions array No A collection of service endpoint policy definitions of the service endpoint policy. - ServiceEndpointPolicyDefinition object

ServiceDelegationPropertiesFormat object

Name Type Required Value
serviceName string No The name of the service to whom the subnet should be delegated (e.g. Microsoft.Sql/servers).

SecurityRule object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the security rule. - SecurityRulePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

Route object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the route. - RoutePropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

ServiceEndpointPolicyDefinition object

Name Type Required Value
id string No Resource ID.
properties object No Properties of the service endpoint policy definition. - ServiceEndpointPolicyDefinitionPropertiesFormat object
name string No The name of the resource that is unique within a resource group. This name can be used to access the resource.

SecurityRulePropertiesFormat object

Name Type Required Value
description string No A description for this rule. Restricted to 140 chars.
protocol enum Yes Network protocol this rule applies to. - Tcp, Udp, Icmp, Esp, *, Ah
sourcePortRange string No The source port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
destinationPortRange string No The destination port or range. Integer or range between 0 and 65535. Asterisk '*' can also be used to match all ports.
sourceAddressPrefix string No The CIDR or source IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used. If this is an ingress rule, specifies where network traffic originates from.
sourceAddressPrefixes array No The CIDR or source IP ranges. - string
sourceApplicationSecurityGroups array No The application security group specified as source. - ApplicationSecurityGroup object
destinationAddressPrefix string No The destination address prefix. CIDR or destination IP range. Asterisk '*' can also be used to match all source IPs. Default tags such as 'VirtualNetwork', 'AzureLoadBalancer' and 'Internet' can also be used.
destinationAddressPrefixes array No The destination address prefixes. CIDR or destination IP ranges. - string
destinationApplicationSecurityGroups array No The application security group specified as destination. - ApplicationSecurityGroup object
sourcePortRanges array No The source port ranges. - string
destinationPortRanges array No The destination port ranges. - string
access enum Yes The network traffic is allowed or denied. - Allow or Deny
priority integer No The priority of the rule. The value can be between 100 and 4096. The priority number must be unique for each rule in the collection. The lower the priority number, the higher the priority of the rule.
direction enum Yes The direction of the rule. The direction specifies if rule will be evaluated on incoming or outgoing traffic. - Inbound or Outbound

RoutePropertiesFormat object

Name Type Required Value
addressPrefix string No The destination CIDR to which the route applies.
nextHopType enum Yes The type of Azure hop the packet should be sent to. - VirtualNetworkGateway, VnetLocal, Internet, VirtualAppliance, None
nextHopIpAddress string No The IP address packets should be forwarded to. Next hop values are only allowed in routes where the next hop type is VirtualAppliance.

ServiceEndpointPolicyDefinitionPropertiesFormat object

Name Type Required Value
description string No A description for this rule. Restricted to 140 chars.
service string No Service endpoint name.
serviceResources array No A list of service resources. - string

ApplicationSecurityGroup object

Name Type Required Value
id string No Resource ID.
location string No Resource location.
tags object No Resource tags.
properties object No Properties of the application security group. - ApplicationSecurityGroupPropertiesFormat object

Quickstart templates

The following quickstart templates deploy this resource type.

Template Description
101-1vm-2nics-2subnets-1vnet

Deploy to Azure
Creates a new VM with two NICs which connect to two different subnets within the same VNet.
Azure Container Instances - VNet

Deploy to Azure
Deploy a container instance into an Azure virtual network.
Deploy an app service with regional VNet integration

Deploy to Azure
This template allows you to deploy an app service plan and a basic Windows web app, with regional VNet integration enabled to a newly created virtual network
Azure Databricks All-in-one Template for VNet Injection

Deploy to Azure
This template allows you to create a network security group, a virtual network and an Azure Databricks workspace with the virtual network.
Azure Databricks Virtual Network for VNet Injection

Deploy to Azure
This template allows you to create a Virtual Network for Azure Databricks VNet injection.
ExpressRoute circuit with private peering and Azure VNet

Deploy to Azure
This template configure ExpressRoute Microsoft peering, deploy an Azure VNet with Expressroute Gateway and link the VNet to the ExpressRoute circuit
Deploy an Azure Function Premium plan with vnet integration

Deploy to Azure
This template allows you to deploy an Azure Function Premium plan with regional virtual network integration enabled to a newly created virtual network.
Deploy a VNet, and a HBase cluster within the VNet

Deploy to Azure
This template allows you to create an Azure VNet and an HDInsight HBase cluster running Linux within the VNet.
Deploy an Azure VNet and two HBase clusters within the VNet

Deploy to Azure
This template allows you to configure an HBase environment with two HBase clusters within a VNet for configuring HBase replication.
Deploy HBase replication with two VNets in one region

Deploy to Azure
This template allows you to configure aN HBase environment with two HBase clusters within two VNets in the same region for configuring HBase replication.
Deploy a secure VNet and a HDInsight cluster within the VNet

Deploy to Azure
This template allows you to create an Azure VNet and an HDInsight Hadoop cluster running Linux within the VNet.
Deploy a Spark cluster in a VNet

Deploy to Azure
This template allows you to create an Azure VNet and an HDInsight Spark cluster within the VNet.
Deploy Azure Data Explorer cluster into your VNet.

Deploy to Azure
This template allows you deploy a cluster into your VNet.
Deploy Azure Database for MariaDB with VNet

Deploy to Azure
This template provides a easy way to deploy Azure database for MariaDB with VNet integration
Deploy Azure Database for MySQL with VNet

Deploy to Azure
This template provides a easy way to deploy Azure database for MySQL with VNet integration
Deploy Azure Database for PostgreSQL with VNet

Deploy to Azure
This template provides a easy way to deploy Azure database for PostgreSQL with VNet integration
Virtual Network NAT

Deploy to Azure
Deploy a NAT gateway and virtual network
Network Interface with Public IP Address

Deploy to Azure
This template allows you to create a Network Inerface in a Virtual Network referencing a Public IP Address.
Create SQL MI inside the new virtual network

Deploy to Azure
Deploy Azure Sql Database Managed Instance (SQL MI) inside new Virtual Network.
Create a Virtual Network with two Subnets

Deploy to Azure
This template allows you to create a Virtual Network with two subnets.
Web App with VNet Injection and Private Endpoint.

Deploy to Azure
This template allows you to create a secure end to end solution with two web apps, front end and back end, front end will consume securely the back through VNet injection and Private Endpoint