How can I migrate from listening tentacles to polling tentacles in Octopus Deploy?

I’m going to be moving my Octopus Deploy server from an on-premise VM to a VM hosted in Azure. Our security people would prefer if we switched from listening tentacles (requiring a VPN or inbound port open) to polling tentacles. How can I accomplish that?

The answer to this question has been migrated to: