Standard public ips associated with VPN gateways with az VPN skus must have Zones configured

If you are using the Basic SKU for public IP addresses in Azure, you will have to upgrade them to use the Standard SKU before September 30th, 2025.

Indeed, starting September 30th, 2025 the Basic SKU for Public IP address in Azure will be retired.

NOTE as Basic SKU does not offer Availability Zone support, upgraded Basic IP address will continue to have no availability zone, meaning it can not be associated with a resource that is either zone-redundant.

To upgrade your Basic Public IP, connect to your Azure portal (https://portal.azure.com/) to access your Public IP addresses

Then either search for the Public IP(‘s) using the Basic SKU (if you know) or add a filter to the list view to display only the Basic IP addresses

Then click on the IP address to access its configuration page; you will see in the Overview blade a purple banner notifying you to upgrade to Standard, just click on it

NOTE your Basic Public IP must have a static assignment; if you have a dynamic assignment you will get notified; meaning there is a chance for service disruption as you may not be able to change the configuration from Dynamic to Static

NOTE if you are using a Basic Public IP for your Site-to-Site VPN connection (hopefully not), you will have to delete the connection (from the Local Area Gateway and delete the VPN Gateway – you will need to use any SKU other than Basic) before doing the upgrade and then re-create the connection

If your Basic Public IP can be upgraded, you will then get requested to confirm the upgrade (which can not be reverted)

NOTE if you are using System Center Configuration Manager and have configured the Cloud Management Gateway I would recommend to wait for now as the Azure resources deployed for the Cloud Management Gateway are managed by the SCCM; it will definitively be updated with potential guidance to perform the upgrade if necessary.

Azure public IP addresses now support the ability to be upgraded from Basic to Standard SKU.  Additionally, any Basic Public Load Balancer can now be upgraded to a Standard Public Load Balancer, while retaining the same public IP address.  So what could be the reason to change the SKU.

First the Difference and the price between Standard and basic

Standard

Standard SKU public IP addresses:

• Always use static allocation method.
• Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
• Secure by default and closed to inbound traffic. Allow list inbound traffic with a network security group.
• Assigned to network interfaces, standard public load balancers, or Application Gateways. For more information about Standard load balancer, see Azure Standard Load Balancer.
• Can be zone-redundant (advertized from all 3 zones) or zonal (can be created zonal and guaranteed in a specific availability zone). To learn more about availability zones, see Availability zones overview and Standard Load Balancer and Availability Zones. Zone redundant IPs can only be created in regions where 3 availability zones are live. IPs created before zones are live will not be zone redundant.
• Can be used as anycast frontend IPs for cross-region load balancers (preview functionality).

Cost of single IP Sample

Basic

All public IP addresses created before the introduction of SKUs are Basic SKU public IP addresses.

With the introduction of SKUs, specify which SKU you would like the public IP address to be.

Basic SKU addresses:

• Assigned with the static or dynamic allocation method.
• Have an adjustable inbound originated flow idle timeout of 4-30 minutes, with a default of 4 minutes, and fixed outbound originated flow idle timeout of 4 minutes.
• Are open by default. Network security groups are recommended but optional for restricting inbound or outbound traffic.
• Assigned to any Azure resource that can be assigned a public IP address, such as:
  • Network interfaces
  • VPN Gateways
  • Application Gateways
  • Public load balancers
• Don’t support Availability Zone scenarios. Use Standard SKU public IP for Availability Zone scenarios. To learn more about availability zones, see Availability zones overview and Standard Load Balancer and Availability Zones.

Cost of single IP Sample

With this Standard seems to have more and better options but is 1 euro more expensive So you could think Always use standard But A public IP address is assigned to the VPN Gateway to enable communication with the remote network. You can only assign a dynamic basic public IP address to a VPN gateway.

So it really depends on what you want to use, suppose you start with basic and need standard you can change this now with PowerShell or cli but not in the GUI

Limitations

• In order to upgrade a Basic Public IP, it cannot be associated with any Azure resource. Please review this page for more information on how to disassociate public IPs. Similarly, in order to migrate a Reserved IP, it cannot be associated with any Cloud Service. Please review this page for more information on how to disassociate reserved IPs.
• Public IPs upgraded from Basic to Standard SKU will continue to have no availability zones and therefore cannot be associated with an Azure resource that is either zone-redundant or zonal. Note this only applies to regions that offer availability zones.
• You cannot downgrade from Standard to Basic.

In my fresh created IP called demo We change this to a standard IP address

Using the portal to run some powershell commands.

## Variables for the command ##
$rg =”rg-demo-weu-01”
$name = “demo”
$newsku = ‘Standard’
$pubIP = Get-AzPublicIpAddress -name $name -ResourceGroupName $rg

basic resource group and IP address name

## This section is only needed if the Basic IP is not already set to Static ##
$pubIP.PublicIpAllocationMethod = ‘Static’
Set-AzPublicIpAddress -PublicIpAddress $pubIP

## This section is for conversion to Standard ##
$pubIP.Sku.Name = $newsku
Set-AzPublicIpAddress -PublicIpAddress $pubIP

Fixed IP address SKU changed from Basic to Standard.  Remember there is no option to undo this.

Now testing with an used IP and connected to an VM. ( this VM is currently deallocated) as these changes can only be done offline.

With this the resource changed from basic to Standard.

Try to undo this then the following message is there

Set-AzPublicIpAddress -PublicIpAddress $pubIP

Set-AzPublicIpAddress: Sku property is set at creation time and cannot be changed from Standard to Basic on resource update for resource

Changing the SKU is a nice option, that way you can keep the IP and lift the needed options with zero downtime.

Follow Me on Twitter @ClusterMVP

Follow My blog https://robertsmit.wordpress.com

Linkedin Profile Robert Smit MVP Linkedin profile

Google  : Robert Smit MVP profile

Robert Smit is Senior Technical Evangelist and is a current Microsoft MVP in Clustering as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals who are trying to address real concerns around business continuity, disaster recovery and regulatory compliance issues. Robert holds the following certifications: MCT - Microsoft Certified Trainer, MCTS - Windows Server Virtualization, MCSE, MCSA and MCPS. He is an active participant in the Microsoft newsgroup community and is currently focused on Hyper-V, Failover Clustering, SQL Server, Azure and all things related to Cloud Computing and Infrastructure Optimalization. Follow Robert on Twitter @ClusterMVP Or follow his blog https://robertsmit.wordpress.com Linkedin Profile Http://nl.linkedin.com/in/robertsmit Robert is also capable of transferring his knowledge to others which is a rare feature in the field of IT. He makes a point of not only solving issues but also of giving on the job training of his colleagues. A customer says " Robert has been a big influence on our technical staff and I have to come to know him as a brilliant specialist concerning Microsoft Products. He was Capable with his in-depth knowledge of Microsoft products to troubleshoot problems and develop our infrastructure to a higher level. I would certainly hire him again in the future. " Details of the Recommendation: "I have been coordinating with Robert implementing a very complex system. Although he was primarily a Microsoft infrastructure specialist; he was able to understand and debug .Net based complext Windows applications and websites. His input to improve performance of applications proved very helpful for the success of our project View all posts by Robert Smit [MVP]