Implement virtual networking

5 of 14 guides | 16 minutes to complete | Last Updated: February 2025

This guide is the first of three guides that focuses on virtual networking. In this guide, you learn the basics of virtual networking and subnetting. You learn how to protect your network with network security groups and application security groups. You also learn about DNS zones and records.

Get Reimbursed

About this guide

Scenario

Your global organization plans to implement virtual networks. The immediate goal is to accommodate all the existing resources. However, the organization is in a growth phase and wants to ensure there is additional capacity for the growth.

The CoreServicesVnet virtual network has the largest number of resources. A large amount of growth is anticipated, so a large address space is necessary for this virtual network.

The ManufacturingVnet virtual network contains systems for the operations of the manufacturing facilities. The organization is anticipating a large number of internal connected devices for their systems to retrieve data from.

Job Skills

Task 1: Create a virtual network with subnets using the Azure portal
Task 2: Create a virtual network and subnets using a template
Task 3: Create and configure communication between an Application Security Group and a Network Security Group
Task 4: Configure public and private Azure DNS zones

As organizations around the world migrate solutions to the cloud, the ability to implement, manage, and monitor cloud-based solutions is highly valued in numerous industries.

Architecture Diagram

Key Takeaways:

A virtual network is a representation of your own network in the cloud.
When designing virtual networks it is a good practice to avoid overlapping IP address ranges. This will reduce issues and simplify troubleshooting.
A subnet is a range of IP addresses in the virtual network. You can divide a virtual network into multiple subnets for organization and security.
A network security group contains security rules that allow or deny network traffic. There are default incoming and outgoing rules which you can customize to your needs.
Application security groups are used to protect groups of servers with a common function, such as web servers or database servers.
Azure DNS is a hosting service for DNS domains that provides name resolution. You can configure Azure DNS to resolve host names in your public domain. You can also use private DNS zones to assign DNS names to virtual machines (VMs) in your Azure virtual networks.
Bicep provides concise syntax, reliable type safety, and support for code reuse. Bicep offers a first-class authoring experience for your infrastructure-as-code solutions in Azure.

Career Connections

With the increasing demand for expertise in cloud-based administration, professionals with the skills from this series can pursue job prospects in roles such as Azure Administrator, Cloud Engineer, Systems Administrator (Cloud Focus), DevOps Engineer, and Cloud Support Engineer.

As of 2025, average cloud-related salaries in the United States range from $68,215 for entry-level Azure Administrators to $130,000 for mid-career DevOps Engineers, with Cloud Engineers, Systems Administrators, and Cloud Support Engineers earning competitive pay based on experience and role demands. Please note that these figures are approximate, derived from online sources, and can vary based on factors such as location, industry, and company size.

AZ-104: Azure Administrator Series