{
	"id": "2cee9c84-3dba-46b8-9af4-7f31757a0ddc",
	"created_at": "2026-04-06T00:21:01.93262Z",
	"updated_at": "2026-04-10T13:11:43.0769Z",
	"deleted_at": null,
	"sha1_hash": "91c8a14e819c5675d0b44ef18764f47fd8e4062c",
	"title": "What is Azure Virtual Network?",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 55594,
	"plain_text": "What is Azure Virtual Network?\r\nBy asudbring\r\nArchived: 2026-04-05 21:56:06 UTC\r\nAzure Virtual Network provides the fundamental building block for your private network in Azure. This service\r\nenables Azure resources like virtual machines (VMs) to securely communicate with each other, the internet, and\r\non-premises networks. Virtual networks deliver the scale, availability, and isolation benefits of Azure\r\ninfrastructure while maintaining the familiar networking concepts you use in traditional datacenters.\r\nNote\r\nAzure Virtual Network is one of the services that make up the Network Foundations category in Azure. Other\r\nservices in this category include Azure DNS and Azure Private Link. Each service has its own unique features and\r\nuse cases. For more information on this service category, see Network Foundations.\r\nKey scenarios that you can accomplish with a virtual network include:\r\nCommunication of Azure resources with the internet.\r\nCommunication between Azure resources.\r\nCommunication with on-premises resources.\r\nFiltering of network traffic.\r\nRouting of network traffic.\r\nIntegration with Azure services.\r\nAll resources in a virtual network can communicate outbound with the internet, by default. You can also use a\r\npublic IP address, NAT gateway, or public load balancer to manage your outbound connections. You can\r\ncommunicate inbound with a resource by assigning a public IP address or a public load balancer.\r\nWhen you're using only an internal standard load balancer, outbound connectivity isn't available until you define\r\nhow you want outbound connections to work with an instance-level public IP address or a public load balancer.\r\nAzure resources communicate securely with each other in one of the following ways:\r\nVirtual network: You can deploy VMs and other types of Azure resources in a virtual network. Examples\r\nof resources include App Service Environments, Azure Kubernetes Service (AKS), and Azure Virtual\r\nMachine Scale Sets. To view a complete list of Azure resources that you can deploy in a virtual network,\r\nsee Deploy dedicated Azure services into virtual networks.\r\nNote\r\nhttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview\r\nPage 1 of 3\n\nTo move a virtual machine from one virtual network to another, you must delete and recreate the virtual machine\r\nin the new virtual network. The virtual machine's disks can be retained for use in the new virtual machine.\r\nVirtual network service endpoint: You can extend your virtual network's private address space and the\r\nidentity of your virtual network to Azure service resources over a direct connection. Examples of resources\r\ninclude Azure Storage accounts and Azure SQL Database. Service endpoints allow you to secure your\r\ncritical Azure service resources to only a virtual network. To learn more, see Virtual network service\r\nendpoints.\r\nVirtual network peering: You can connect virtual networks to each other by using virtual peering. The\r\nresources in either virtual network can then communicate with each other. The virtual networks that you\r\nconnect can be in the same, or different, Azure regions. To learn more, see Virtual network peering.\r\nYou can connect your on-premises computers and networks to a virtual network by using any of the following\r\noptions:\r\nPoint-to-site virtual private network (VPN): Established between a virtual network and a single\r\ncomputer in your network. Each computer that wants to establish connectivity with a virtual network must\r\nconfigure its connection. This connection type is useful if you're just getting started with Azure, or for\r\ndevelopers, because it requires few or no changes to an existing network. The communication between\r\nyour computer and a virtual network is sent through an encrypted tunnel over the internet. To learn more,\r\nsee About point-to-site VPN.\r\nSite-to-site VPN: Established between your on-premises VPN device and an Azure VPN gateway\r\ndeployed in a virtual network. This connection type enables any on-premises resource that you authorize to\r\naccess a virtual network. The communication between your on-premises VPN device and an Azure VPN\r\ngateway is sent through an encrypted tunnel over the internet. To learn more, see Site-to-site VPN.\r\nAzure ExpressRoute: Established between your network and Azure, through an ExpressRoute partner.\r\nThis connection is private. Traffic doesn't go over the internet. To learn more, see What is Azure\r\nExpressRoute?\r\nYou can filter network traffic between subnets by using either or both of the following options:\r\nNetwork security groups: Network security groups and application security groups can contain multiple\r\ninbound and outbound security rules. These rules enable you to filter traffic to and from resources by\r\nsource and destination IP address, port, and protocol. To learn more, see Network security groups and\r\nApplication security groups.\r\nNetwork virtual appliances: A network virtual appliance is a virtual machine that performs a network\r\nfunction, such as a firewall or WAN optimization. To view a list of available network virtual appliances\r\nthat you can deploy in a virtual network, go to Azure Marketplace.\r\nAzure routes traffic between subnets, connected virtual networks, on-premises networks, and the internet, by\r\ndefault. You can implement either or both of the following options to override the default routes that Azure\r\ncreates:\r\nhttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview\r\nPage 2 of 3\n\nRoute tables: You can create custom route tables that control where traffic is routed to for each subnet.\r\nBorder gateway protocol (BGP) routes: If you connect your virtual network to your on-premises network\r\nby using an Azure VPN gateway or an ExpressRoute connection, you can propagate your on-premises BGP\r\nroutes to your virtual networks.\r\nIntegrating Azure services with an Azure virtual network enables private access to the service from virtual\r\nmachines or compute resources in the virtual network. You can use the following options for this integration:\r\nDeploy dedicated instances of the service into a virtual network. The services can then be privately\r\naccessed within the virtual network and from on-premises networks.\r\nUse Azure Private Link to privately access a specific instance of the service from your virtual network and\r\nfrom on-premises networks.\r\nAccess the service over public endpoints by extending a virtual network to the service, through service\r\nendpoints. Service endpoints allow service resources to be secured to the virtual network.\r\nThere are limits to the number of Azure resources that you can deploy. Most Azure networking limits are at the\r\nmaximum values. However, you can increase certain networking limits. For more information, see Networking\r\nlimits.\r\nVirtual networks and subnets span all availability zones in a region. You don't need to divide them by availability\r\nzones to accommodate zonal resources. For example, if you configure a zonal VM, you don't have to take into\r\nconsideration the virtual network when selecting the availability zone for the VM. The same is true for other zonal\r\nresources.\r\nThere's no charge for using Azure Virtual Network. It's free of cost. Standard charges apply for resources, such as\r\nVMs and other products. To learn more, see Virtual Network pricing and the Azure pricing calculator.\r\nLearn about Azure Virtual Network concepts and best practices\r\nGet started with using a virtual network by creating one, deploying a few VMs to it, and communicating\r\nbetween the VMs. To learn how, see the Use the Azure portal to create a virtual network quickstart.\r\nFollow a training module on designing and implementing core Azure networking infrastructure, including\r\nvirtual networks: Introduction to Azure virtual networks.\r\nSource: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview\r\nhttps://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview"
	],
	"report_names": [
		"virtual-networks-overview"
	],
	"threat_actors": [],
	"ts_created_at": 1775434861,
	"ts_updated_at": 1775826703,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/91c8a14e819c5675d0b44ef18764f47fd8e4062c.pdf",
		"text": "https://archive.orkl.eu/91c8a14e819c5675d0b44ef18764f47fd8e4062c.txt",
		"img": "https://archive.orkl.eu/91c8a14e819c5675d0b44ef18764f47fd8e4062c.jpg"
	}
}