Create an Azure VM with ports actually working via Azure PowerShell

Ever spun up an Azure virtual machine just to realize it doesn’t have the right ports open? Then, after 30 minutes of rolling your face on the keyboard, updating, restarting, and punching your monitor, it still doesn’t work? Just do it with Azure PowerShell.

$ResourceGroup = "YourResourceGroupName"
$VmName = "YourVirtualMachineName"
$Location = "eastus"
$ImageName = "Win2019Datacenter"
$VmSize = "Standard_B4ms"

$VmUsername = "icanconnectuser"
$VmUserPassword = ConvertTo-SecureString "[email protected]" -AsPlainText -Force

$credential = New-Object System.Management.Automation.PSCredential ($VmUsername, $VmUserPassword)

$NewAzureVmParams = @{
            ResourceGroupName = $ResourceGroup
            Name = $VmName
            Location = $Location
            ImageName = $ImageName
            Size = $VmSize
            Credential = $credential
            #OpenPorts = 80, 443, 3389

#This creates your VM!
New-AzVM @NewAzureVmParams

Now at this point, you’ve just created the VM and you still can’t connect. Notice I’ve commented out the OpenPorts parameter. I’ve done this because, well… it doesn’t mean it updates the network security group and still won’t work. Updating the network security group will create and update the necessary pieces in Azure for your connections to work.

#Create a VM object to make life easier
$Vm = Get-AzVM -Name $VmName -ResourceGroupName $ResourceGroup

#Get the network security group
$NSG = Get-AzNetworkSecurityGroup -Name $Vm.Name

#Create the rules you want
$RuleRdp = New-AzNetworkSecurityRuleConfig -Name AllowRdp -Description "Allow RDP" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 100 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 3389

#Add it to the network security group

$RuleHttp = New-AzNetworkSecurityRuleConfig -Name AllowHttp -Description "Allow HTTP" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 101 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 80


$RuleHttps = New-AzNetworkSecurityRuleConfig -Name AllowHttps -Description "Allow HTTPS" `
-Access Allow -Protocol Tcp -Direction Inbound -Priority 102 -SourceAddressPrefix `
Internet -SourcePortRange * -DestinationAddressPrefix * -DestinationPortRange 443


#Lastly, update the Network security group
Set-AzNetworkSecurityGroup -NetworkSecurityGroup $NSG

Yes, I could have put this into a pretty function, and you should! If you check your VM’s network section, you should now see the ports. Now when you go to your VM and press “Connect” and download the RDP file, it will actually work right away…. hassle free!

By Greg Coffman

Technical strategist, agile evangelist, and all-around web nerd. Spends the day as Solution Architect at Sitecore. Thoughts and ideas are my own and do not represent Sitecore.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.