AVNM | Maintenance | Modular content update

mbender-ms · mbender-ms · commit 616b22805cf6 · 2026-03-23T15:50:34.000-05:00
diff --git a/articles/networking/includes/azure-virtual-network-manager/create-resource-group.md b/articles/networking/includes/azure-virtual-network-manager/create-resource-group.md
@@ -0,0 +1,29 @@
+---
+title: include file
+description: include file
+services: virtual-network-manager
+author: mbender-ms
+ms.service: azure-virtual-network-manager
+ms.topic: include
+ms.date: 03/23/2026
+ms.author: mbender
+ms.custom: include file
+---
+
+## Create a resource group
+
+Create a resource group to hold the resources used in this article.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Select **+ Create a resource** and search for **Resource group**. Then select **Resource group** > **Create**.
+
+1. On the **Basics** tab, enter or select the following information:
+
+    | Setting | Value |
+    | ------- | ----- |
+    | **Subscription** | Select your subscription. |
+    | **Resource group** | Enter a name for the resource group. |
+    | **Region** | Select a region for the resource group. |
+
+1. Select **Review + create** and then **Create**.
diff --git a/articles/networking/includes/azure-virtual-network-manager/virtual-network-manager-create-instance-complete.md b/articles/networking/includes/azure-virtual-network-manager/virtual-network-manager-create-instance-complete.md
@@ -0,0 +1,131 @@
+---
+title: include file
+description: include file
+services: virtual-network-manager
+author: mbender-ms
+ms.service: azure-virtual-network-manager
+ms.topic: include
+ms.date: 02/02/2026
+ms.author: mbender
+ms.custom: include file
+---
+
+## Create a Virtual Network Manager instance
+
+Deploy a Virtual Network Manager instance with the defined scope and access that you need. You can create a Virtual Network Manager instance using the Azure portal, Azure CLI, or Azure PowerShell.
+
+# [Portal](#tab/azure-portal)
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Select **+ Create a resource** and search for **Network Manager**. Then select **Network Manager** > **Create** to begin setting up Virtual Network Manager.
+
+1. On the **Basics** tab, enter or select the following information:
+
+    | Setting | Value |
+    | ------- | ----- |
+    | **Subscription** | Select the subscription containing your existing virtual networks. |
+    | **Resource group** | Select the existing resource group where you want to deploy Virtual Network Manager. |
+    | **Name** | Enter a name for your Virtual Network Manager instance. |
+    | **Region** | Select a region for your Virtual Network Manager instance. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance will be deployed. |
+    | **Description** | *(Optional)* Provide a description about this Virtual Network Manager instance and the task it's managing. |
+    | [Features](../../../virtual-network-manager/concept-network-manager-scope.md#features) | Select the features you need from the dropdown list: </br> - **Connectivity**: Enables the creation of a full mesh or hub-and-spoke network topology between virtual networks within the scope. </br> - **Security Admin**: Enables the creation of global network security rules. </br> - **Routing**: Enables the creation and management of user-defined routes at scale. |
+
+1. Select the **Management scope** tab or **Next: Management scope** to continue.
+
+1. On the **Management scope** tab, select **+ Add**.
+
+1. In the **Add scopes** pane, select the subscriptions or management groups containing your existing virtual networks, and choose **Select**.
+
+1. Select **Review + create** to validate your configuration.
+
+1. After validation passes, select **Create** to deploy the Virtual Network Manager instance.
+
+# [Azure CLI](#tab/azure-cli)
+
+1. Sign in to Azure and set your subscription context:
+
+    ```azurecli-interactive
+    az login
+    az account set --subscription "<subscription-id>"
+    ```
+
+1. Install or update the Virtual Network Manager extension:
+
+    ```azurecli-interactive
+    az extension add --name virtual-network-manager
+    az extension update --name virtual-network-manager
+    ```
+
+1. Create a Virtual Network Manager instance using [az network manager create](/cli/azure/network/manager#az-network-manager-create). Replace the placeholder values with your specific information:
+
+    ```azurecli-interactive
+    az network manager create \
+        --name "<network-manager-name>" \
+        --location "<region>" \
+        --resource-group "<existing-resource-group-name>" \
+        --scope-accesses "Connectivity" "SecurityAdmin" \
+        --network-manager-scopes subscriptions="/subscriptions/<subscription-id>" \
+        --description "<optional-description>"
+    ```
+
+    > [!NOTE]
+    > For management group scope, use: `managementGroups="/providers/Microsoft.Management/managementGroups/<management-group-id>"`
+    > Ensure the specified resource group already exists in your subscription.
+
+# [Azure PowerShell](#tab/azure-powershell)
+
+1. Sign in to Azure and set your subscription context:
+
+    ```azurepowershell-interactive
+    Connect-AzAccount
+    Set-AzContext -Subscription "<subscription-id>"
+    ```
+
+1. Install or update the Azure PowerShell module:
+
+    ```azurepowershell-interactive
+    Install-Module -Name Az.Network -Force
+    ```
+
+1. Define the scope and access type for your Virtual Network Manager instance:
+
+    ```azurepowershell-interactive
+    # Define subscription scope
+    $subscriptionId = "<subscription-id>"
+    [System.Collections.Generic.List[string]]$subGroup = @()  
+    $subGroup.Add("/subscriptions/$subscriptionId")
+    
+    # Define access types
+    [System.Collections.Generic.List[String]]$access = @()  
+    $access.Add("Connectivity")
+    $access.Add("SecurityAdmin")
+    
+    # Create scope object
+    $scope = New-AzNetworkManagerScope -Subscription $subGroup
+    ```
+
+1. Create the Virtual Network Manager instance using [New-AzNetworkManager](/powershell/module/az.network/new-aznetworkmanager):
+
+    ```azurepowershell-interactive
+    $networkManagerParams = @{
+        Name = "<network-manager-name>"
+        ResourceGroupName = "<existing-resource-group-name>"
+        Location = "<region>"
+        NetworkManagerScope = $scope
+        NetworkManagerScopeAccess = $access
+        Description = "<optional-description>"
+    }
+    
+    $networkManager = New-AzNetworkManager @networkManagerParams
+    ```
+
+    > [!NOTE]
+    > Ensure the specified resource group already exists in your subscription.
+
+---
+
+> [!IMPORTANT]
+> Virtual Network Manager requires specific permissions within the defined scope. Ensure you have the necessary [Azure RBAC roles](../../../virtual-network-manager/concept-network-manager-scope.md#permissions) before creating the instance.
+
+The Virtual Network Manager instance is now created and ready to manage your existing virtual networks within the defined scope. You can proceed to create network groups and configurations to organize and manage your virtual networks.
diff --git a/articles/networking/includes/azure-virtual-network-manager/virtual-network-manager-create-instance-portal.md b/articles/networking/includes/azure-virtual-network-manager/virtual-network-manager-create-instance-portal.md
@@ -0,0 +1,45 @@
+---
+title: include file
+description: include file
+services: virtual-network-manager
+author: mbender-ms
+ms.service: azure-virtual-network-manager
+ms.topic: include
+ms.date: 02/02/2026
+ms.author: mbender
+ms.custom: include file
+---
+
+## Create a Virtual Network Manager instance
+
+Deploy a Virtual Network Manager instance with the defined scope and access that you need using the Azure portal.
+
+1. Sign in to the [Azure portal](https://portal.azure.com/).
+
+1. Select **+ Create a resource** and search for **Network Manager**. Then select **Network Manager** > **Create** to begin setting up Virtual Network Manager.
+
+1. On the **Basics** tab, enter or select the following information:
+
+    | Setting | Value |
+    | ------- | ----- |
+    | **Subscription** | Select the subscription containing your existing virtual networks. |
+    | **Resource group** | Select the existing resource group where you want to deploy Virtual Network Manager. |
+    | **Name** | Enter a name for your Virtual Network Manager instance. |
+    | **Region** | Select a region for your Virtual Network Manager instance. Virtual Network Manager can manage virtual networks in any region. The selected region is where the Virtual Network Manager instance will be deployed. |
+    | **Description** | *(Optional)* Provide a description about this Virtual Network Manager instance and the task it's managing. |
+    | [Features](../../../virtual-network-manager/concept-network-manager-scope.md#features) | Select the features you need from the dropdown list: </br> - **Connectivity**: Enables the creation of a full mesh or hub-and-spoke network topology between virtual networks within the scope. </br> - **Security Admin**: Enables the creation of global network security rules. </br> - **Routing**: Enables the creation and management of user-defined routes at scale. |
+
+1. Select the **Management scope** tab or **Next: Management scope** to continue.
+
+1. On the **Management scope** tab, select **+ Add**.
+
+1. In the **Add scopes** pane, select the subscriptions or management groups containing your existing virtual networks, and choose **Select**.
+
+1. Select **Review + create** to validate your configuration.
+
+1. After validation passes, select **Create** to deploy the Virtual Network Manager instance.
+
+> [!IMPORTANT]
+> Virtual Network Manager requires specific permissions within the defined scope. Ensure you have the necessary [Azure RBAC roles](../../../virtual-network-manager/concept-network-manager-scope.md#permissions) before creating the instance.
+
+The Virtual Network Manager instance is now created and ready to manage your existing virtual networks within the defined scope.
diff --git a/articles/virtual-network-manager/create-virtual-network-manager-portal.md b/articles/virtual-network-manager/create-virtual-network-manager-portal.md
@@ -5,7 +5,7 @@ author: mbender-ms
 ms.author: mbender
 ms.service: azure-virtual-network-manager
 ms.topic: quickstart
-ms.date: 07/11/2025
+ms.date: 03/23/2026
 ms.custom:
   - template-quickstart
   - mode-ui
@@ -26,7 +26,28 @@ In this quickstart, you deploy three virtual networks and use Azure Virtual Netw
 - An Azure account with an active subscription. [Create an account for free](https://azure.microsoft.com/pricing/purchase-options/azure-account?cid=msft_learn).
 - To modify network groups using Azure Policy to conditionally define membership, you must be [granted access through Azure Role-based Access Control (RBAC) role](concept-network-groups.md#network-groups-and-azure-policy) assignment only. Classic Admin or legacy authorization isn't supported.
 
-[!INCLUDE [virtual-network-manager-create-instance](../../includes/virtual-network-manager-create-instance.md)]
+## Sample values
+
+This quickstart uses the following sample values for creating resources. Use these values to follow along, or replace them with your own.
+
+| Resource | Sample value |
+| --- | --- |
+| Resource group | **resource-group** |
+| Network Manager name | **network-manager** |
+| Region | **West US 2** |
+| Virtual networks | **vnet-00**, **vnet-01**, **vnet-02** |
+| VNet address spaces | **10.0.0.0/16**, **10.1.0.0/16**, **10.2.0.0/16** |
+| Network group | **network-group** |
+| Connectivity configuration | **connectivity-configuration** |
+| Azure Policy name | **azure-policy** |
+| Tag | Name: **NetworkType** / Value: **Production** |
+
+[!INCLUDE [create-resource-group](../networking/includes/azure-virtual-network-manager/create-resource-group.md)]
+
+> [!NOTE]
+> For this quickstart, select **Connectivity** from the **Features** dropdown when creating your Virtual Network Manager instance. Use the sample values from the preceding table for the resource group, name, and region fields.
+
+[!INCLUDE [virtual-network-manager-create-instance-portal](../networking/includes/azure-virtual-network-manager/virtual-network-manager-create-instance-portal.md)]
 
 ## Create virtual networks
 
@@ -40,7 +61,7 @@ Create three virtual networks by using the portal. Each virtual network has a `n
     | ------- | ----- |
     | **Subscription** | Select the subscription where you want to deploy this virtual network. |
     | **Resource group** | Select **resource-group**. |
-    | **Virtual network name** | Enter **vnet-000**. |
+    | **Virtual network name** | Enter **vnet-00**. |
     | **Region** | Select **(US) West 2**. |
 
 1. Select the **IP addresses** tab.
@@ -117,13 +138,13 @@ By using [Azure Policy](concept-azure-policy-integration.md), you define a condi
 
     :::image type="content" source="./media/create-virtual-network-manager-portal/network-group-conditional-thumb.png" alt-text="Screenshot of the pane for creating an Azure policy, including criteria for definitions." lightbox="media/create-virtual-network-manager-portal/network-group-conditional.png":::
 
-2. The **Preview resources** pane shows the virtual networks for addition to the network group based on the defined conditions in Azure Policy. When you're ready, select **Close**.
+1. The **Preview resources** pane shows the virtual networks for addition to the network group based on the defined conditions in Azure Policy. When you're ready, select **Close**.
 
     :::image type="content" source="media/create-virtual-network-manager-portal/preview-virtual-networks.png" alt-text="Screenshot of the pane for previewing the virtual networks.":::
 
-3. Select **Save** to deploy the Azure Policy. It can take up to one minute for the policy to take effect and be added to your network group.
+1. Select **Save** to deploy the Azure Policy. It can take up to one minute for the policy to take effect and be added to your network group.
 
-4. On the **Network Group** pane, under **Settings**, select **Group members** to view the membership of the group based on the conditions that you defined in Azure Policy. Confirm the **Source** is listed as **azure-policy - subscriptions/subscription_id**.
+1. On the **Network Group** pane, under **Settings**, select **Group members** to view the membership of the group based on the conditions that you defined in Azure Policy. Confirm the **Source** is listed as **azure-policy - subscriptions/subscription_id**.
 
     :::image type="content" source="media/create-virtual-network-manager-portal/group-members-list.png" alt-text="Screenshot of listed group members with a configured source.":::
 
