Microsoft Learn

Azure Virtual Networks

Azure Virtual Network (VNet) is the fundamental building block for your private network in Azure. It enables you to create your own private network in the cloud, giving you control over IP addressing, routes, and network security.

Key Concepts

Subnets: A VNet is divided into smaller segments called subnets. You can allocate a portion of the virtual network's address space to a subnet, containing a range of IP addresses.

IP Addressing: Virtual machines and other Azure resources are assigned private IP addresses from the VNet's address space.

Network Security Groups (NSGs): NSGs act as a virtual firewall, allowing or denying network traffic to Azure resources.

Routing: Azure automatically creates routes for your subnets. You can also create custom routes to control traffic flow.

Service Endpoints and Private Endpoints: Enhance security and connectivity to Azure services.

Getting Started

Create your first Virtual Network using the Azure portal, Azure CLI, or PowerShell.

# Example: Creating a VNet using Azure CLI
az network vnet create \
    --resource-group MyResourceGroup \
    --name MyVNet \
    --address-prefix 10.0.0.0/16 \
    --subnet-name MySubnet \
    --subnet-prefix 10.0.0.0/24

Common Scenarios

  • Connecting Azure resources to each other.
  • Connecting on-premises networks to Azure (hybrid connectivity).
  • Isolating network traffic for security.
  • Deploying multi-tier applications.
Important: Ensure your VNet address space does not overlap with your on-premises network address space if you plan to establish hybrid connectivity.

Virtual Network Peering

Connect two Azure Virtual Networks privately through the Azure backbone network. This allows resources in each virtual network to communicate with each other as if they were within the same network.

  • Peering is non-transitive.
  • No downtime or latency for workloads.

Network Security Groups (NSGs)

NSGs contain security rules that allow or deny network traffic to resources connected to Azure Virtual Networks. You can associate NSGs with subnets and/or individual network interfaces.

Security rules specify:

  • Source and destination IP address ranges
  • Source and destination ports
  • Protocol (TCP, UDP, Any)
  • Priority (lower numbers are processed first)
  • Action (Allow or Deny)
Tip: Start with the principle of least privilege by denying all traffic by default and only allowing specific traffic that is required.

Learn More

Explore detailed documentation and tutorials on advanced VNet features such as Network Watcher, IP Address Management (IPAM), and DNS integration.