Explore how Azure networking works, from subscription and resource groups to the Azure Global Network, regions, data centers and points of presence, including virtualized infrastructure and availability zones.

Explore Azure virtual networks and subnets, with DHCP-assigned IPs and CIDR address blocks, secured by network security groups. See how virtual machines attach to subnets and use multiple NICs.

Explore CIDR block notation and how slash masks define IPv4 address ranges in Azure networking, from /8 to /24, with octets, binary masking, and practical subnet design.

Explore subnet delegation in Azure networking, enabling a service such as Kubernetes or SQL managed instances to control a subnet, boosting automation, optimization, scalability, and isolation to prevent resource conflicts.

Compare shared and dedicated subnets, noting shared subnets host services while dedicated subnets offer security; gateway, firewall, and bastion require dedicated subnets, and delegated subnets differ from dedicated ones.

Understand Azure private IP addresses and RFC 1918 ranges like 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. Know they are not internet routable, plus reserved and overlap considerations for future network planning.

Explore Azure private DNS and the Azure private DNS resolver, enabling private name resolution across virtual networks and on-premises, with conditional forwarding, high availability, and seamless hybrid connectivity.

Create a standalone Azure virtual network in the portal, select a region, and review security options, IP space, and CIDR notation to avoid overlapping addresses.

Learn how to select private Azure network address spaces such as 10.0.0.0/8, 172.16–31, and 192.168/16, avoid public ranges, and configure subnets with reserved addresses in IPv4 and IPv6.

Learn to create an Azure virtual network quickly, define address space like 10.0.0.0/16, add subnets such as default and front end, and apply network security groups, routing, and private endpoints.

Demonstrates adding a virtual machine to an existing Azure virtual network, attaching to a subnet, configuring NICs, public IP, and essential network security settings for remote access.

Turn a Windows VM into a web server by installing IIS, opening port 80 and 443, and testing access via http from a browser using the VM's public IP.

Configure a public IP prefix in Azure to reserve a predictable four-address block within Northern Europe, enabling whitelisting and faster firewall access while supporting a DNS label.

Demonstrates creating a new public IP address from an existing prefix, then swapping it onto the VM's network interface to update the DNS name.

Add secondary ip configurations to a vm's network interface to support multiple private addresses and public ips. Choose dynamic or static private addresses and restart the vm to apply changes.

Learn to configure site-to-site VPNs by linking your corporate network to an Azure virtual network via gateway devices and gateway subnets, with encrypted traffic over the public internet.

Explore virtual network gateway SKUs and VPN types, comparing policy-based (static) and route-based (dynamic) routing, and how basic to generation 2 SKUs affect site-to-site and point-to-site connections, tunnels, and pricing.

Create a local network gateway to represent your on-premises vpn device, assign a non overlapping on-prem address range, and configure a site-to-site vpn with a pre-shared key.

Extend an on-premises subnet into Azure by deploying two Windows Server 2019 virtual appliances connected through Windows Admin Center. Create a tunnel that merges on-premises and Azure networks.

Explore point-to-site vpns by configuring a virtual network gateway for hybrid networking, and generate root and client certificates in PowerShell to enable client connectivity to the Azure network.

Upgrade from the basic SKU to standard to unlock modern tunnel options. Select IKEv2, OpenVPN, or certificate-based plus Radius or Azure AD authentication for secure point-to-site access.

Connect on-premises networks to Azure region via ExpressRoute through edge locations using private or Microsoft peering connections, with redundant links and scalable speeds up to 10 Gbps.

Learn to create an express route gateway, choosing standard, high-performance, or ultra SKUs, matching region to your office, and plan circuits, public IPs, and pricing for up to 16 circuits.

Explore how private IP addressing and subnets subdivide a virtual network to separate front-end, mid-tier, and database components, enforce security with security group rules, and support Azure services like Bastion.

Delete the default subnet, then create frontend, mid tier, and data tier subnets with 64 addresses each in the expanded 10.0.0.0 to 10.0.1.255 range, and plan security groups for traffic.

Resources attach to subnets, not the virtual network, so VMs reside in a subnet. Open ports 80 and 443 and review the network security group on the network interface.

Launch two virtual machines in the same subnet, connect via remote desktop protocol to verify on-subnet private communication using private ip addresses with no network security group.

Demonstrate that resources on different subnets can communicate without NSGs. Then show that enabling NSGs blocks traffic by default and requires whitelisting rules; also consider stopping VMs to save costs.

Plan subnetting by reserving dedicated Azure firewall and application gateway subnets, route traffic through the firewall for inbound and outbound flows, and leave address space for future expansion.

Azure service endpoints connect platform services to a virtual network, creating a private bridge for access to storage and other services without public internet exposure.

Delegate a subnet to a service, dedicating it to Microsoft SQL managed instances, which then modifies NSG, security groups, routing, and policies, preventing other resources from using it.

Explore public and private dns zones in Azure and learn how a public dns zone acts as the authoritative name server for a domain, and link it to a registrar.

Configure a public dns zone by setting registrar name servers, creating an a record and a www cname, then verify propagation and domain resolution with azure hosting.

Create and link a private dns zone to an Azure virtual network to enable name resolution for private resources, using A records and CNAME records, with auto-registration of new resources.

Compare VNet peering and VPN gateway for Azure networking, highlighting private backbone data transfer, regional vs global connectivity, and cost considerations for bandwidth and gateway pricing.

Learn to create and peer two virtual networks in the same region using azure networking, with non overlapping address spaces, two way vnet peering, and private DNS zone integration.

Explore the Azure virtual WAN hub and its hub-and-spoke model, centralizing site-to-site, point-to-site, express route, and VNet connectivity for hybrid networks, with basic and standard pricing.

Explore configuring a virtual WAN hub to support site-to-site VPNs, linking on-premises devices to a hub-and-spoke network and connecting virtual networks with a pre shared key and routing.

Learn how Azure routing works by default with system routes in a virtual network, and how to create custom route tables to override defaults and shape traffic between subnets.

Create a custom route table, add a route from 10.0.0.68 to 10.0.0.4 then 10.0.0.5, attach to the mid tier subnet, enable ip forwarding, and verify with ping and trace route.

Explore forced tunneling in Azure networking, routing all outbound traffic through a site-to-site VPN using PowerShell in Cloud Shell, and configure virtual networks, subnets, route tables, and gateways.

Create a site-to-site vpn in PowerShell by provisioning a dynamic public IP, configuring the gateway subnet, and building a vpngw1 route-based vpn gateway in West US.

Set the default site of the Azure virtual network gateway to headquarters, enabling force tunneling that routes all traffic through the corporate network via IPsec connections.