DEMO: Provisioning a Virtual Network
Start course
1h 5m

This course explores Azure Virtual Networks, how to create them, and how to connect them. It begins with a vNet overview, where you'll learn about basic Azure Virtual Network concepts and about some key best practices. We'll cover communications topics, filtering, routing, and integration, before working through a demo that shows you how to deploy a virtual network in Microsoft Azure.

After covering the basics of Azure Virtual Networks in the first half of this course, we'll use the second half to dive into VPNs, where you'll learn about site-to-site VPNs, point-to-site VPNs, ExpressRoute, and vNet peering. You'll also watch a demonstration from the Azure platform that shows you how to peer two vNets in Azure. 

If you have any feedback relating to this course, feel free to contact us at

Learning Objectives

  • Obtain a foundational understanding of Azure Virtual Networks including key concepts, best practices, communications, filtering, routing, and integration
  • Provision a virtual network
  • Understand what the Azure VPN Gateway is and what it does
  • Build a site-to-site VPN
  • Learn how to connect a single client computer to a virtual network using a point-to-site VPN gateway
  • Learn how to connect your on-premises network to Azure using ExpressRoute
  • Learn how to peer two Azure Virtual Networks

Intended Audience

This course is intended for anyone who wants to learn about Azure Virtual Networks, how to create them, and how to connect them.


To get the most out of this course, you should have a basic understanding of the Azure platform and networking in general.


Hello, and welcome back. What we're going to do here in this brief demonstration is work through the process of creating a basic vanilla virtual network in the Microsoft Azure portal. On the screen here, you can see I'm actually showing my vNetDemos Resource Group here, which is where I'm going to deploy my virtual network. I currently have nothing deployed in this resource group.

So, this virtual network that we deploy is going to be the first resource that we put in here. To create my virtual network, what I'm going to do is click the hamburger up here in the left-hand corner. And then I'm going to click Create a resource here.

Now from the Marketplace here, I have two options. I can either browse to the virtual network from the Networking category under Azure Marketplace. Or what I can do is search for virtual network. So what we'll do is we'll create our virtual network, and then you'll see here, we have a couple of different tabs we can work through. We have a Basics tab, an IP Addresses tab, a Security tab, Tags, and then Review and create.

In this Basics tab here, we need to provide some basic information about the virtual network we're going to deploy. We need to tell Azure what subscription we want to deploy to, which resource group will host our new virtual network, and then information about the virtual network itself, which includes the name of the network and the region we want to deploy to. We're going to deploy into our lab subscription here, and in the dropdown I'm going to select the vNetDemos Resource Group I already have.

Now, I could also create a new resource group here, but we'll go ahead and select vNetDemos. And then what we'll do is we'll give our virtual network a name and we'll just call it MyVnet. And we'll deploy into Central US. This drop-down allows us to select any of the existing regions that are available. We'll just leave it at Central US.

Now, if I click Review and create here, what Azure is going to do is it's going to create the virtual network without giving me any kind of ability to specify the address space for that network. I don't wanna do that here, so what we'll do is we'll click Next for IP Addresses.

Now, in the IP Addresses tab here, we see we already have a default subnet that Azure is going to give us, and it's giving us a default address space for the virtual network. Now, what I could do is click next here for security to move on. But what we'll do here is we'll edit this address space. And instead of using 10.1.00/16, we'll go with 192.168.00/16. The green check mark tells me it's a valid address space, but now what Azure is telling me here is we don't have any subnets to find. So we need to have a subnet.

So we'll go ahead and click Add a subnet. And over here we need to name our, what is called really the default subnet, but we'll just call this MySubnet. Now, the address range for the subnets, or not only this subnet, but any subnet that we define within this virtual network, the address range needs to fall within the address space that's been defined for the virtual network itself. So I can't give the subnet here an address range of 10.000, when the address space for the entire virtual network is 192.168.

So consider the address space of the virtual network as the umbrella, and any address range for any subnet within that virtual network needs to fall within that umbrella. So what we'll do here is we'll give my subnet an address range of And then when we do that, Azure is telling me how many usable addresses I have with that range.

Now, this service endpoints option here allows us to define service endpoints, and what these service endpoints do is allow us to send traffic to specific Azure resources from the virtual network over whatever our defined service endpoints are. If we select the dropdown here, we can see all of the different services that are available when we wanna create service endpoints.

Now we're not going to do any service endpoints here. So we'll close outta that and we'll add our subnet. So now we have the address space of the virtual network as 192.168.00/16. And then we have the subnet, which is a piece of that complete address space configured at So we'll go ahead and click Next for Security.

Now in this Security tab, we have some security options that we can configure here. We can configure Bastion Host, DDoS protection, and Azure Firewall. Now, if we hover over the icon next to Bastion Host here, we can see that the Azure Bastion service is a fully platform-managed platform as a service service that you can provision inside the virtual network. You can use the Bastion Host service to essentially connect to your virtual machines in the Azure portal over SSL.

Now, you can connect to them via RDP in the case of Windows machines and via SSH for your Linux machines. The purpose of this Bastion Host service is to allow you to remote to your virtual machines over the internet, without needing to give them public IP addresses, because that's always been a big no-no when you deploy a VM. You put a VM out on the public internet with a public IP, the only thing you have protecting your VM from the bad guys is a username and password, which can be brute-forced.

So, Bastion Host allows you to access those VMs without giving them public IP addresses. We're not going to do anything with Bastion Host here, but I do wanna hover over here for DDoS protection. And this DDoS protection comes in two flavors, Basic and Standard. The Basic protection is built into the Azure platform by default, and incurs no costs. However, the Standard flavor of Azure DDoS protection is a premium service and it can get quite expensive quickly. And that's because it offers lots of enhanced mitigation capabilities.

As you see here in this pop-up, you've got adaptive tuning, attack notification, and all kinds of telemetry to protect against different DDoS attacks. For this demonstration, we'll just leave this at its Basic option. And then if we hover over Firewall here, we can see that Azure Firewall is really a managed Cloud-based network security service that you use to protect virtual network resources.

Now, if I click Enabled here for Firewall, we can see, I can give my firewall a name, and then I can specify the subnet address space for the firewall, which is separate from the actual virtual network we're creating. And then of course, I need to give my firewall a public IP address. For this demonstration, we are not going to enable firewall. So we'll disable this, we'll click Next for Tags. And here is where we can provide tags for our resources that we're deploying here. We're not going to do any tagging here, so we can go ahead and click Review and create.

Now, what this does is provide us with the information that we've provided for our setup here. And what we can do here is validate that everything looks like it should. What Azure does here is validate that all of my options are valid. So we're going to create my VNet with an address space of 192.168.00/16, and then we have our subnet here.

Bastion Host is disabled. The DDoS protection plan was left at Basic, and we did not enable firewall. So we'll go ahead and create the new virtual network. The creation of a virtual network takes just a few moments and we can see it's already been completed. So we'll go ahead and click Go to resource here. And we're now in MyVNet.

If we click on Address space under Settings here, we can see we have the address space defined. Connected devices tells us what devices are connected. We haven't deployed anything, so we don't have anything connected. And then we can see what subnets are defined here. And then we could even add another subnet.

This option here for Gateway subnet we'll get to later. This is used when you're creating a VPN connection, and I'll show you what this does later on. And of course, we have the DDoS protection, Firewall and Security, DNS servers that are assigned to this. By default new virtual networks get the Azure provided DNS servers assigned to them. And then we can look at any service endpoints, peerings, properties. And of course, you got the Monitoring options down here.

So with that, you now know how to deploy a pretty basic virtual network in Microsoft Azure.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.