Creating Public IP Addresses

Key options when creating a public IP
Demo: Create a VM and associate a Public IP
1) Create the virtual machine
2) Create the public IP resource
3) Associate the public IP with the VM NIC
Connect to the VM and install Apache
Bring Your Own IP (BYOIP)

Creating a public IP address in Azure requires the usual prerequisites—an Azure subscription, resource group, and target region—plus a handful of configuration choices that determine how the IP behaves and which workloads it supports. This guide explains each option, shows a step-by-step example of creating a public IP and attaching it to a Virtual Machine (VM), and includes the commands to connect and run a simple web server.

Key options when creating a public IP

Option	Description	Recommended choice
IP version	IPv4 or IPv6. IPv4 is the common default.	IPv4 unless your design requires IPv6
SKU type	Standard or Basic. Standard is modern, more secure, and feature-rich.	Standard
Scope (Tier)	Regional (per-region) or Global (for cross-region services).	Regional for most resources
Allocation type	Static (IP address reserved) vs Dynamic (may change).	Static for production
Routing preference	Microsoft network (Azure private backbone) vs Internet (public Internet).	Microsoft network for performance and predictability
Additional options	Idle timeout, DNS name label (friendly DNS record)	Configure to suit your workload

A presentation slide titled "Creating Public IP Addresses" showing a configuration form (name, IP version set to IPv4, SKU set to Standard, regional tier, static assignment, and routing preference set to Microsoft network) alongside labeled gray buttons for IP Version, SKU Type, Scope, Allocation Type and a highlighted "Routing Preference".

Internet routing can cause traffic to traverse the public Internet backbone, which may increase latency and reduce predictability and security—use it only for explicit requirements.

Standard SKU with Static allocation and Microsoft network routing is the recommended starting configuration for most production deployments.

For full Azure documentation on public IP options and limits, see: Public IP addresses overview (Azure)

Demo: Create a VM and associate a Public IP

This example deploys an Ubuntu VM into an existing virtual network and subnet, creates a Standard static public IP, and associates that public IP with the VM’s network interface (NIC). The demo uses a pre-existing virtual network with a “webservers” subnet.

A screenshot of the Microsoft Azure portal showing the "vnet-az700-demo" virtual network's Subnets page. It lists two subnets—snet-webservers (192.168.0.0/27, 27 available IPs) and snet-db (192.168.0.32/28, 11 available IPs).

1) Create the virtual machine

Portal: Create > Virtual machine.
Basics:
- Name: choose a meaningful name (e.g., vm-az700-pip).
- Region: pick the same region as your VNet (West Europe in this demo).
- Image: Ubuntu (LTS recommended).
- Size: choose a small size for demos/cost savings.
- Authentication: Password for demo; SSH keys recommended for production.
- Inbound ports: enable SSH (22) and HTTP (80) for the demo.
  - Note: Network Security Groups (NSGs) control traffic—restrict in production.
Networking tab:
- Virtual network: pick the existing vnet-az700-demo.
- Subnet: snet-webservers.
- Public IP: set to None here (we will create and attach a public IP to the NIC later).

A screenshot of the Microsoft Azure "Create a virtual machine" page showing networking options, with NIC network security group set to Basic and public inbound ports set to allow HTTP (80) and SSH (22). A warning notes this will allow all IP addresses to access the VM, and action buttons (Previous, Next: Management, Review + create) are visible at the bottom.

Opening SSH (22) and HTTP (80) to the internet exposes the VM. In production, restrict access using Network Security Groups (NSGs), Azure Firewall, or just-in-time (JIT) access.

Complete the Management and other tabs with defaults and create the VM. After deployment, the VM will have only a private IP from the selected subnet and will not be reachable from the internet. When deployment finishes, open the VM overview—you will notice there is no public IP assigned initially.

A screenshot of the Microsoft Azure portal showing the overview page for a virtual machine named "vm-az700-pip," with essentials and properties (status, location, subscription, networking) displayed. A warning indicates the VM agent status is not ready and a "Copy to clipboard" tooltip is visible.

2) Create the public IP resource

Portal: All services > Public IP addresses > Create.
Fill the form in the same region and resource group:
- Name: pip-vm-az700
- IP version: IPv4
- SKU: Standard
- Zone: No zone (or choose as needed)
- Tier/Scope: Regional
- Assignment: Static

A screenshot of the Microsoft Azure portal showing the "Create public IP address" form with configuration details (Region set to West Europe, name "pip-vm-az700", IPv4 selected, Standard SKU, No Zone, Regional tier). The page is displayed inside a browser window with macOS-style window controls.

3) Associate the public IP with the VM NIC

After the public IP resource is created:
- Open the Public IP resource and select Associate.
- Resource type: Network interface.
- Choose the NIC for your VM (VMs appear via their NIC resources).

A screenshot of the Microsoft Azure portal showing a Public IP address resource (pip-vm-az700) with the "Associate public IP address" pane open. The pane displays a Resource type of "Network interface" and a dropdown to select a network interface to associate.

After saving, the public IP will appear on the VM overview. Copy the public IP and use it to connect.

Connect to the VM and install Apache

Replace the example IP with your created public IP:

ssh azureuser@4.210.189.55

On first connection you’ll accept the host key:

The authenticity of host '4.210.189.55 (4.210.189.55)' can't be established.
ED25519 key fingerprint is SHA256:wInA6gKr/C3/+uI0GqW0o5R2qDYZ2Xyc1+J90m8QuILc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '4.210.189.55' (ED25519) to the list of known hosts.

Once connected, you’ll see the Ubuntu welcome and the VM’s private IP on the eth0 interface:

azureuser@vm-az700-pip:~$

Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 6.8.0-1031-azure x86_64)

System information as of ...

Memory usage: 34%                 IPv4 address for eth0: 192.168.0.4
...

Install Apache:

sudo apt update
sudo apt install -y apache2

Then browse to the public IP (http://4.210.189.55) and you should see the Apache default page. Example Apache config directory:

/etc/apache2/
|-- apache2.conf
|-- ports.conf
|-- mods-enabled
|   |-- *.load
|   |-- *.conf
|-- conf-enabled
|   |-- *.conf
|-- sites-enabled
|   |-- *.conf

This completes creating a public IP resource, associating it with a VM NIC, and using it to access the VM over the internet.

Bring Your Own IP (BYOIP)

The example above used an IP from Azure’s public pool. If you own public IP prefixes and want Azure to advertise them, Azure supports Bring Your Own IP (BYOIP). BYOIP requires verification of IP ownership and coordination with Microsoft and may involve additional steps and approvals. For details and the BYOIP workflow, see: Bring your own IP addresses (Azure)

If you want, I can provide the equivalent Azure CLI and ARM/Terraform snippets to automate the public IP creation and NIC association.

Watch Video

Bring Your Own IP

Public IP Addresses

Introduction

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

​Key options when creating a public IP

​Demo: Create a VM and associate a Public IP

​1) Create the virtual machine

​2) Create the public IP resource

​3) Associate the public IP with the VM NIC

​Connect to the VM and install Apache

​Bring Your Own IP (BYOIP)

Watch Video

Key options when creating a public IP

Demo: Create a VM and associate a Public IP

1) Create the virtual machine

2) Create the public IP resource

3) Associate the public IP with the VM NIC

Connect to the VM and install Apache

Bring Your Own IP (BYOIP)