Where is the EndPoint setting for VM in new Azure portal?

The endpoint settings in VM allows us to configure the incoming traffic such as remote desktop, custom http ports (Teamcity, OctpusDeploy and etc.) to VM. It was pretty easy to find that setting on old HTML5 azure portal https://manage.windowsazure.com.

VM EndPoint Setting in old Azure portal

But you can’t use the new type of VM with a resource manager on old portal so you have no choice but to use the new Azure portal https://portal.azure.com. The problem (at least for me) came when I wanted to open some ports (endpoints) on new VM via new portal. It took me a while to search for it so I thought I will share it here for those who might have same issue.

Let’s see what you will get when you create a new VM with a resource manager.

Microsoft Azure Resource Group

By default, you will get the following things when you create a VM but of course, you have an option to choose what to create or what to re-use during the setup.

  • Virtual machine
  • Network Interface
  • Network Security Group
  • Public IP Address
  • Virtual network
  • Storage Account

Choose “Network Security Group” then you will see the setting page that looks similar to Windows Advanced Firewall interface on windows server or desktop.



Azure Network Security Group

Click on “Inbound security rules”. This is where you can enable the endpoint of your new VM. Of course, you forget to open the same port in your server OS as well.

Azure VM Firewall

53 Replies to “Where is the EndPoint setting for VM in new Azure portal?”

  1. In this “inbound security rule” i want to give different public port and private port so, where to app public port and where to add private port?

  2. Thank you. You are right that opening end-point in the portal.azure.com is not straight forward. I was searching the portal for few hours and finally your post helped me figure out.

  3. Excellent post. After spending several hours trying to figure it out, your post saved me jumping out the window :-)

  4. Thanks for the tips. I have spend few hours to figure it out. The guy who designed this UI in Microsoft should be fired, seriously. He does not know how much time that users have wasted on this minor issue. This is one of the most of the important feature that Microsoft should put it on very easy to see place.

  5. you forget to open the same port in your server OS as well.

    what do yo mean by OS ????
    what stands for OS ??

  6. Very useful! Working in a cloud for traditional developers can be challenging as there are lot of pieces they haven’t played with and are mostly into frameworks and libraries. I was not able to make my riak installed in Azure VM work over http. The endpoing part helped me gain some fundamentals and resolve the issue too.

  7. I re-iterate a question from a previous comment – where do you specify the public port and the private port?

    I wish to connect to my sql server with the public port specified at the end, e.g.

    server.location.cloudapp.azure.com, 57500

    Very frustrating, especially since the current MS documentation talks about Endpoints, which are now gone.

  8. @Dean Mcmillan: public and private port is now called Source and Destination port. ACL seems to be included here as well since you can specify CIDR block for the incoming and outgoing traffic. It is quite a change with the classic VM’s and this probably makes a lot of sense for network engineers. For “simple” users of Azure resources this change is rather painfull as the old method was a lot easier to configure

  9. I get a gray screen after logging with RDP. Tried to reboot the VM but this didn’t help. Any suggestions?

  10. Thank you! Figured it was somewhere under the “network security group” settings…it’s difficult to follow along with the Azure Fundamentals book with all these changes!

  11. @Hanan – in the portal go to “redeploy” which will associate the correct DNS and IP settings again for the VM. Restart alone will not do this.

  12. Hi, I am trying to ping the VM created in azure from my local system which was failing. It saying that WinRm firewall is not enabled. I have tried to allow all traffic by giving a inbound rule in NSG and assigning that NSG to NIC and Subnet. Even though I am unable to ping the VM from my local.

    Actually, I am trying this command Test-Wsman “my VM’s IP address”.

    So, my question is how to manage system level firewall using azure NSG

  13. Thank you very much for this information, I spent hours trying to find this option by my own but there is not intuitive way to find it, also, Microsoft documentation does not help to much.

    Thank you very much again for taking some time to share this information with us.

  14. Thanks! It really helped, the other documentation were all outdated and rubbish. managed to portforward my unturned server with this

  15. Thanks for the help Michael, I had forgotten where the settings were, great refresher!

  16. Great thanks, very helpfull!

    I tried to set port 80 as both source and destination, but it didn’t work.
    I had to set * as source and only 80 as destination, why?
    Browsers should only need port 80?

  17. Thank you so much. I’ve been looking for this solution for over a week. Everything on the web shows the classic portal/dashboard.

  18. Hi there,

    In classic portal i will add endpoints to particular Vm, But in RM in NSG
    Correct me if i’m wrong In Rm whatever Vm Associated to the NSG the inbound and outbound rules will be applicable….

  19. Thanks mate !
    Does that mean endpoint aren’t useful anymore ? Like they are by default on a VM and SG open them ?

  20. Bạn muốn đầu tư vào phòng trọ Việc tiếp theo chính là lập dự toán chi phí xây dựng nhà ở để xác định nguồn vốn tài chính
    mà gia chủ mang đi đầu tư..… hiệu quả nhất theo tiêu chuẩn xây dựng nhà ở của bộ xây dựng Cty xây dựng Nguyên Bước thứ 3 cũng là bước cuối cùng trong trình tự xây nhà
    là thi công và hoàn công. Hầu hết việc này được giao cho đơn vị nhà thầu hoàn tất……
    Cà Mau những lời nói xuôi tai và chắc như đinh đóng cột nhưng sau đó là khiến bạn mất thời gian và tiền bạc do thiếu
    tính minh bạch và rõ ràng ngay từ lúc ký kết.,.… công ty thiết kế xây
    dựng hcm

  21. Hi there,I log on to your blogs named “Where is the EndPoint setting for VM in new Azure portal? – Michael Sync” daily.Your humoristic style is awesome, keep doing what you’re doing! And you can look our website about free anonymous proxies.

  22. I see you don’t monetize your site, don’t waste your
    traffic, you can earn extra cash every month because you’ve got hi quality content.

    If you want to know how to make extra bucks, search for: best adsense alternative Wrastain’s tools

Leave a Reply