Edit

Create a community in the Azure portal

Communities are isolated hub networks that securely and logically group multiple enclaves for governance, management, and security. A community owner can enable connectivity to other communities or on-premises networks through transit hubs or endpoints.

Prerequisites

To access Azure Enclave, you need an Azure subscription. If you don't already have one, create a free account, and then sign in to the Azure portal.

Create community

  1. Enter Azure Enclave in the search.

  2. Under Services, select Azure Enclave. You're directed to the Azure Enclave homepage.

    Screenshot showing the Azure portal homepage for Azure Enclave with the Create a community button.

  3. Select the Create a community button. The community deployment can take several minutes to complete.

  4. Enter details for your community on the Basics tab:

    • Subscription: Select an Azure subscription.
    • Resource group: Create a new resource group or select an existing one.
    • Community name: Enter a community name, such as My-Community.
    • Region: Select the Azure region where the community is created.
    • Community address space: Enter the community IP address space, such as 10.0.0.0/16.

    Note

    192.168.0.0/16 is reserved as the platform-managed enclave range. Don't create communities with any address space that overlaps or includes this range, such as 192.0.0.0/8 or 192.128.0.0/9, because it creates conflicts with platform-managed enclave management IP ranges.

    Screenshot showing the community basics settings page during community creation in the portal.

  5. Select Next. On the Azure firewall tab, decide if you want to use a different firewall type for your community Virtual WAN secure hubs.

    Screenshot showing the community firewall settings page during community creation in the portal.

  6. Select Next. On the Dedicated hubs tab, create any dedicated hubs you need.

    Screenshot showing the community dedicated hub settings page during community creation in the portal.

  7. Select Next. On the Approvals tab, decide which approval settings to apply to your community and enclaves.

    Screenshot showing the community approvals settings page during community creation in the portal.

  8. Select Next. On the Policy management tab, and customize your settings as needed.

    Screenshot showing the community policy management settings page during community creation in the portal.

    Note

    For community governance, you can configure the following settings for each service:

    • Enforcement: Determines whether rules for a service are actively enforced.
    • Audit Only: Monitors services without actively enforcing rules. Use audit-only mode to understand the effect of potential governance policies before enforcement.
    • Options: Sets the service policy behavior:
      • Allow: The service is allowed.
      • Deny: The service isn't allowed.
      • ExceptionOnly: The service isn't allowed by default, but manual policy exemptions can be made.
  9. Select Next. On the Monitoring tab, and configure monitoring for your community.

    Screenshot showing the community monitoring settings page during community creation in the portal.

  10. Select Next. On the Community administration tab, select the users and groups that should receive Azure role assignments on the community managed resource group.

    Screenshot showing the community administration settings page during community creation in the portal.

  11. Select Next. On the Maintenance mode tab, choose whether maintenance mode is turned on after the community is created. Community maintenance mode allows changes to managed resources that are critical to the security of the community, making it easier to modify community resources quickly after community creation. Learn more about maintenance mode.

    Screenshot showing the community maintenance mode settings page during community creation in the portal.

  12. Select Next, and then enter any tags for your community.

  13. Select Next and then Review + create, validate that the details for your enclave are correct, and then select Create.

    Screenshot showing created community on its overview page.

References