Is there a way to activate Azure VM's using KMS, without Internet connectivity?

Hi Bill Gray,

Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

Yes, it is possible to activate Azure VMs running Windows Server without direct Internet connectivity. Below are the solutions available:

Using Azure's Built-In KMS Service with Forced Tunneling

Azure provides a built-in KMS service at azkms.core.windows.net:1688 for activating Windows Server VMs. For environments with no direct internet access:

• Configure forced tunneling to route traffic destined for azkms.core.windows.net through your on-premises environment.
• Ensure your network allows connectivity to the Azure KMS endpoint over port 1688.

https://zcusa.951200.xyz/en-us/troubleshoot/azure/virtual-machines/windows/custom-routes-enable-kms-activation

Deploy Your Own KMS Server

You can set up a KMS server in your secure Tier 0 environment.

• Install and configure the KMS host using your Microsoft Volume Licensing keys.
• Point your VMs to this KMS server by running:

slmgr.vbs /skms <Your_KMS_Server_IP>:1688
slmgr.vbs /ato

• The KMS server will activate the VMs entirely within the isolated environment.

Active Directory-Based Activation

If Active Directory is deployed in your Tier 0 environment, configure ADBA for activation:

• Install a KMS Host Key on your AD and associate it with your Windows Server VMs.
• This allows the VMs to activate without internet or external connectivity.

Activate using Active Directory-based activation

For more details, please refer to the below documentation:
Key Management Services (KMS) client activation and product keys
Volume activation for Windows, Use the Volume Activation Management Tool

If an answer has been helpful, please consider accept the "Answer" and "Upvote" to help increase visibility of this question for other members of the Microsoft Q&A community.