Azure Virtual Networks
Azure Virtual Networks
1h 26m

This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



The Azure virtual network, or VNET, is the key piece of Azure security services. A virtual network is really just a logical isolation of Azure's cloud network that's been carved out and dedicated to your specific subscription. Virtual networks allow you to securely connect many different Azure resources to one another and VNETs can also be connected to physical on-prem networks over the internet via site-to-site VPNs.

Microsoft Azure also supports dedicated WAN link connectivity from Azure VNETs to on-prem networks through Azure's ExpressEoute offering. With ExpressRoute, the connection between Azure and the on-prem site uses a dedicated connection that does not ride over the public internet. This creates a more secure and more robust connection between an Azure virtual network and the physical on-prem network.

It's important to note that a virtual network is scoped to a single Azure region, which is a set of datacenters deployed within a latency-defined parameter. Each virtual network consists of one or more subnets, which is a range of IP addresses within the virtual network itself. Subnets, just like the virtual networks they're a part of, are also scoped to a single Azure region. 

It's also important to note that each virtual network is isolated from other virtual networks. When you create a virtual network, you can specify a private IP address space for it using both public and private addresses. Azure then assigns resources in the virtual network a private IP address from the address space that you assign. By using subnets, you can subnet the virtual network which allocates just a portion of the virtual network's address space to each subnet. You can even configure a virtual network to use a custom DNS server for name resolution instead of using the default Azure provided name resolution.

In the next lesson, we'll talk a little bit more in detail about IP addresses and subnets.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.