Static Public Source IP in Azure with Network Address Translation (NAT) Gateway

NAT Gateway Icon

In this video, we configure an Azure Network Address Translation (NAT) Gateway.  A NAT Gateway provides a static source public IP or IP range for resources in an Azure VNet.  It can be used for controlling the source IP for sites that may restrict access by a whitelist, or as an exclusion in MFA Conditional Access policies.  The video walks through an example of using a NAT Gateway for a Windows Virtual Desktop (WVD) deployment so users bypass MFA when logging in from a WVD Session Host.

EDIT 10/5/2020: Please see this link for potential issues using WVD and the NAT Gateway https://techcommunity.microsoft.com/t5/windows-virtual-desktop/consistent-thin-client-disconnection-from-wvd-pool/m-p/1599343/highlight/false#

2 thoughts on “Static Public Source IP in Azure with Network Address Translation (NAT) Gateway

  1. Hi Travis. Found this concept of using a NAT Gateway to get a static IP assigned to our WVD pool interesting but had already accomplished the same result using a basic Azure Load Balancer feature. Its also lest costly since the load balancer does not cost anything, only the static IP. We are running “classic” WVD scenario and have not any issues with this setup. Hope it helps.

    See these for reference:
    https://github.com/MicrosoftDocs/azure-docs/issues/33988

    https://help.nerdio.net/hc/en-us/articles/360030938932-How-do-I-assign-a-static-outbound-IP-to-RDS-collections-or-WVD-pools-

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.