Windows Server 2022 with Azure Network Adapter

It has been quite some time since I have written about the Azure Network Adapter. This is a feature that is exposed in Windows Admin Center managed server of Windows Server 2012 R2 and higher, now including Windows Server 2022. What are its requirements? How can the Azure Network Adapter help simplify hybrid connectivity? Let’s consider Windows Server 2022 with Azure Network Adapter.

What is Azure Network Adapter?

The entire purpose of the Azure Network Adapter is to make it easy to interconnect specific Windows Servers with your Azure vNet. Traditionally, there are several options organizations have for accomplishing this. They could create a site-to-site VPN connection, Azure Express Route, or a Point-to-Site VPN connection.

However, the connections mentioned above can potentially add unneeded complexity to the network configuration for an environment. Azure Network Adapter is a new feature introduced in conjunction with Windows Admin Center that allows creating a Point-to-Site VPN connection using Windows Server 2012 R2 servers and higher. It offers several benefits, including:

• It does not require a public-facing IP address
• It makes creating connections from a remote location easy
• It does not require a VPN device
• It provides an easier way to connect specific resources with Azure vNets

Requires for Azure Network Adapter:

• An Azure account with at least one active subscription.
• An existing virtual network.
• Internet access for the target servers that you want to connect to the Azure virtual network.
• A Windows Admin Center connection to Azure. To learn more, see Configuring Azure integration.
• The latest version of Windows Admin Center. To learn more, see Windows Admin Center.

Register Windows Admin Center with Azure

I am testing this feature out on a Windows Server 2022 domain controller in the lab. If you want to configure Azure network adapter on a domain controller, you will need to do this from a Windows Admin Center Gateway box, as you can’t install Windows Admin Center on a domain controller. After you manage your domain controller with Windows Admin Center, you will need to make sure you register your Windows Admin Center instance with your Azure environment.

You can easily get to this point by just trying to add an Azure Network Adapter first and it will prompt you to register your Windows Admin Center to Azure.

                    Prompt to register Windows Admin Center to Azure environment

Register the Windows Admin Center with Azure.

                Register Windows Admin Center with Azure

Follow the wizard to connect your Windows Admin Center instance.

                            Select the Azure cloud and copy the code

Enter your copied code.

                            Enter the code copied

Singing into Windows Admin Center and connecting with Azure.

                            Sign in to Azure

Click Continue.

                            Confirm registration of Windows Admin Center

Windows Admin Center is now signed in.

                    You have signed into Azure with Windows Admin Center

Complete the wizard to connect Admin Center.

                                Connect to Azure Active Directory

After you click Connect you will then need to Sign in again.

                                Sign in to Azure 1

The Azure App will be registered with Azure AD.

                            Windows Admin Center is registered with Azure

Windows Server 2022 with Azure Network Adapter

Now, let’s go back and add the Azure Network Adapter to the server.

                                    Click to Add an Azure Network Adapter

Choose your Azure subscription, Location, Virtual Network, Gateway SKU, and Client Address Space.

                            Add Azure network adapter connection wizard

The installation of the Azure Network Adapter takes care of the certificate management automatically.

                                Certificate configuration is handled automatically

The request to provision the Virtual Network Gateway is submitted successfully.

                            Request to create the Virtual Network Gateway successful

If this is a new Virtual Network Gateway, it can take up to 25 minutes to provision as noted in the informational message.

                                    The request may take up to 35 minutes

After the process has completed, you will see the Azure Network Adapter listed. Right-click and connect.

                                Right click the connection and select to connect

The connection successfully connects.

                                The Azure network adapter is connected successfully

Thoughts and considerations

The Azure network adapter is a great tool in the administrator toolbag. It provides a way to connect a standalone server to your Azure vNet without having to stand up a site-to-site VPN connection from the edge. However, the strength of the solution can easily become its Achilles heal. If you have many servers that need connectivity to Azure, you are best to stand up a site-to-site connection due to the administrative burden involved with creating the connection. While it is fairly simple and easy, you don’t want to have to do this 50 times for 50 different servers.

One wish I have with the Azure Network Adapter is that Microsoft would add the flexibility for the communication to be two-way. At least in my testing and tinkering, there isn’t a way to allow communication from Azure back to the Azure Network Adapter. This would add a really great new option I think that would fit several use cases.

One of which I am thinking about is the Windows 365 Enterprise Cloud PC requirement to have an on-premises connection back to your on-premises Active Directory Domain Services (ADDS) server. It would be great to have this as a tool to quickly and easily do that.

However, all things considered, it still provides a quick and easy way to plumb in your on-premises Windows Server 2012 R2 to Windows Server 2022 server to your Azure network.