Update virtual-network-tap-overview.md

AvirupCha · web-flow · commit b51600fda37b · 2025-04-21T13:35:11.000-07:00
diff --git a/articles/virtual-network/virtual-network-tap-overview.md b/articles/virtual-network/virtual-network-tap-overview.md
@@ -1,78 +1,68 @@
 ---
-title: Azure virtual network TAP overview
-description: Learn about virtual network TAP. Virtual network TAP provides you with a copy of virtual machine network traffic that can be streamed to a packet collector.
-author: asudbring
+title: Create, change, or delete a virtual network TAP - Azure portal
+description: Learn how to create, change, or delete a virtual network TAP using the Azure portal.
+services: virtual-network
+author: avirupcha
 ms.service: azure-virtual-network
-ms.topic: concept-article
-ms.date: 03/28/2023
-ms.author: allensu
+ms.topic: how-to
+ms.date: 04/21/2025
+ms.author: avirupcha
 ---
 
-# Virtual network TAP
+# Work with a virtual network TAP using the Azure portal
 
-> [!IMPORTANT]
-> Virtual network TAP Preview is currently in Private Preview in select Azure regions. You can sign up for our Previews using the sign form (https://forms.office.com/r/EWqbgLGNcV) and we will notify you when you are selected. In the interim, you can use agent based or NVA solutions that provide TAP/Network Visibility functionality through our [Packet Broker partner solutions](#virtual-network-tap-partner-solutions) available in [Azure Marketplace Offerings](https://azuremarketplace.microsoft.com/marketplace/apps/category/networking?page=1&subcategories=appliances%3Ball&search=Network%20Traffic&filters=partners).
-
-Azure virtual network TAP (Terminal Access Point) allows you to continuously stream your virtual machine network traffic to a network packet collector or analytics tool. The collector or analytics tool is provided by a [network virtual appliance](https://azure.microsoft.com/solutions/network-appliances/) partner. For a list of partner solutions that are validated to work with virtual network TAP, see [partner solutions](#virtual-network-tap-partner-solutions).
-
-The following diagram shows how virtual network TAP works. You can add a TAP configuration on a [network interface](virtual-network-network-interface.md) that is attached to a virtual machine deployed in your virtual network. The destination is a virtual network IP address in the same virtual network as the monitored network interface or a [peered virtual](virtual-network-peering-overview.md) network. The collector solution for virtual network TAP can be deployed behind an Azure Internal Load balancer for high availability.
-
-:::image type="content" source="./media/virtual-network-tap/architecture.png" alt-text="Diagram of how virtual network TAP works.":::
-
-## Prerequisites
-
-Before you can create a virtual network TAP, ensure you've received the confirmation email that you're enrolled in the preview. You must have one or more virtual machines created with [Azure Resource Manager](../azure-resource-manager/management/overview.md?toc=%2fazure%2fvirtual-network%2ftoc.json) and a partner solution for aggregating the TAP traffic in the same Azure region. If you don't have a  partner solution in your virtual network, see [partner solutions](#virtual-network-tap-partner-solutions) to deploy one. 
+Azure virtual network TAP (Terminal Access Point) allows you to continuously stream your virtual machine network traffic to a network packet collector or analytics tool. The collector or analytics tool is provided by a [network virtual appliance](https://azure.microsoft.com/solutions/network-appliances/) partner. For a list of partner solutions that are validated to work with virtual network TAP, see [partner solutions](virtual-network-tap-overview.md#virtual-network-tap-partner-solutions).
 
-You can use the same virtual network TAP resource to aggregate traffic from multiple network interfaces in the same or different subscriptions. If the monitored network interfaces are in different subscriptions, the subscriptions must be associated to the same Microsoft Entra tenant. Additionally, the monitored network interfaces and the destination endpoint for aggregating the TAP traffic can be in peered virtual networks in the same region. If you're using this deployment model, ensure that the [virtual network peering](virtual-network-peering-overview.md) is enabled before you configure virtual network TAP.
-
-## Permissions
-
-The accounts you use to apply TAP configuration on network interfaces must be assigned to the [network contributor](../role-based-access-control/built-in-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json#network-contributor) role or a [custom role](../role-based-access-control/custom-roles.md?toc=%2fazure%2fvirtual-network%2ftoc.json) that is assigned the necessary actions from the following table:
-
-| Action | Name |
-|---|---|
-| Microsoft.Network/virtualNetworkTaps/* | Required to create, update, read and delete a virtual network TAP resource |
-| Microsoft.Network/networkInterfaces/read | Required to read the network interface resource on which the TAP is configured |
-| Microsoft.Network/tapConfigurations/* | Required to create, update, read and delete the TAP configuration on a network interface |
-
-## Virtual network TAP partner solutions
+> [!IMPORTANT]
+> Virtual network TAP is now in Public Preview. For more information, see the [Overview](virtual-network-tap-overview.md) article.
 
-### Network packet brokers
+## Before you begin
 
-- [GigaVUE Cloud Suite for Azure](https://www.gigamon.com/solutions/cloud/public-cloud/gigavue-cloud-suite-azure.html)
+Before you create a virtual network TAP resource, review the following items:
 
-- [Ixia CloudLens](https://www.ixiacom.com/cloudlens/cloudlens-azure)
+* Read the [prerequisites](virtual-network-tap-overview.md#prerequisites) in the Overview article before you create a virtual network TAP resource.
+* You must sign in to Azure with an account that has the appropriate [permissions](virtual-network-tap-overview.md#permissions).
 
-- [cPacket Cloud Visibility](https://www.cpacket.com/cloud)
+## Create a virtual network TAP resource
 
-- [Big Switch Big Monitoring Fabric](https://www.arista.com/en/bigswitch)
+The following steps show you how to create a virtual network TAP resource using the Azure portal.
 
-### Security analytics, network/application performance management
+In the portal, search for and select **Virtual network access points** to open the Virtual network terminal access points page.
 
-- [Awake Security](https://www.arista.com/partner/technology-partners)
+:::image type="content" source="./media/virtual-network-tap/portal-tutorial-create.png" alt-text="Create a virtual network TAP resource." lightbox="./media/virtual-network-tap/portal-tutorial-create.png":::
 
-- [Cisco Stealthwatch Cloud](https://blogs.cisco.com/security/cisco-stealthwatch-cloud-and-microsoft-azure-reliable-cloud-infrastructure-meets-comprehensive-cloud-security)
+1. Select your subscription ID.
+1. Select the Resource Group for your virtual network TAP resource.
+1. Give your virtual network TAP resource a name.
+1. Select the Azure region for your virtual network TAP resource. The destination and source resource must be in the same region as your virtual network TAP resource.
+1. Next, click **Select destination resource** to open the **Add a destination** page.
 
-- [Darktrace](https://www.darktrace.com)
+### Add a destination resource
 
-- [Fidelis Cybersecurity](https://fidelissecurity.com/)
+A virtual network TAP resource can only have a single destination resource and it must be in the same region as the virtual network TAP resource.
 
-- [Flowmon](https://www.flowmon.com/en/blog/azure-vtap)
+:::image type="content" source="./media/virtual-network-tap/portal-tutorial-add-destination.png" alt-text="Add destination resource for mirrored traffic" lightbox="./media/virtual-network-tap/portal-tutorial-add-destination.png":::
 
-- [NetFort LANGuardian](https://www.netfort.com/languardian/solutions/visibility-in-azure-network-tap/)
+Use the following steps to add a destination resource.
 
-- [Netscout vSTREAM](https://www.netscout.com/technology-partners/microsoft-azure)
+1. Select between network interface or a load balancer.
+1. Filter for your desired destination resource. You can filter by using the search bar.
+1. Select your destination resource.
+1. After you specify your destination resource, click **Select** to open the **Add source network interfaces** page.
 
-- [Noname Security](https://nonamesecurity.com/)
+### Add a source resource
 
-- [Riverbed SteelCentral AppResponse]( https://www.riverbed.com/products/steelcentral/steelcentral-appresponse-11.html)
+You can have multiple sources per virtual network resource. If you have multiple sources, traffic is mirrored to the same destination resource. Sources must be in the same region as the virtual network TAP resource.
 
-- [RSA NetWitness&reg; Platform](https://community.netwitness.com/t5/netwitness-platform-integrations/ixia-cloudlens-rsa-netwitness-packets-implementation-guide/ta-p/564238)
+:::image type="content" source="./media/virtual-network-tap/portal-tutorial-add-source.png" alt-text="Add mirrored traffic source" lightbox="./media/virtual-network-tap/portal-tutorial-add-source.png":::
 
-- [Vectra Cognito](https://www.vectra.ai/products/cognito-platform)
+Configure the following settings to add a source resource:
 
-- [Corelight, Inc.](https://corelight.com/)
+1. Filter for your desired source network interface.
+1. Select the source network interface.
+1. Click **Add**.
+1. Click **Review and Create** to deploy your virtual network TAP resource.
 
 ## Next steps
 
-- Learn how to [Create a virtual network TAP](tutorial-tap-virtual-network-cli.md).
+Learn how to [Create a virtual network TAP](tutorial-tap-virtual-network-cli.md) using CLI.
