Creating Virtual Network

Step 1 — Start the VNet creation wizard
Step 2 — Choose subscription, resource group, name, and region
Step 3 — Review optional security features
Step 4 — Define address space and subnets (IP addresses)
Step 5 — Review and create

This guide walks you, step-by-step, through creating an Azure Virtual Network (VNet) in the Azure portal. It covers core planning concepts, the portal workflow, IP addressing and subnets, and post-creation tasks so you can deploy a secure, well-structured network. Key concepts to understand before you begin:

Regions: VNets are deployed into a specific Azure region (for example, West Europe, East US). Choose a region close to your users to reduce latency.
Subscriptions and resource groups: Every Azure resource lives inside a subscription. Use resource groups to organize related resources (for example: development, testing, production).
Global networking and peering: Virtual network peering connects VNets across regions and/or subscriptions for private, low-latency connectivity.

A presentation slide titled "Azure Regions and Subscriptions" showing a stylized world map with marked Azure data center locations and network routes. Three teal callouts on the right read "Region-Specific Deployment", "Subscription-Level Scope", and "Global Network with Peering."

Why these concepts matter

Region determines data residency and latency.
Subscriptions control billing, quotas, and access boundaries.
Peering and global networking design affect addressing, security, and operational complexity.

Quick reference — when to use each resource:

Resource Type	Purpose	Example use
Region	Place resources close to users	Deploy VMs in West Europe for EU users
Subscription	Billing & isolation	Separate production vs. dev billing
Resource group	Logical grouping	Group a web app and its database
VNet peering	Private connectivity across VNets	Connect dev and test VNets without public endpoints

Useful links and references:

Step 1 — Start the VNet creation wizard

Sign in to the Azure portal (portal.azure.com).
Search for “Virtual Network” and open the Virtual Networks service.
Click Create (or Create + Add) to start the guided setup where you’ll supply subscription, region, resource group, and instance details.

Step 2 — Choose subscription, resource group, name, and region

Select the subscription that will be billed.
Create or select a resource group (for example: az700-first-VNet).
Give the VNet a clear name (for example: VNet-az700-demo).
Choose the Azure region to host the VNet (for example: West Europe).

A screenshot of the Microsoft Azure "Create virtual network" page showing Project details and Instance details fields. The Region dropdown is open with various Azure regions listed and action buttons like "Next: Security" and "Review + create" visible.

Tip: Use a naming convention that identifies environment, region, and role (for example: VNet-prod-weu-01).

Step 3 — Review optional security features

On the Security tab you can opt into managed services such as:

Azure Bastion (secure browser-based RDP/SSH to VMs)
Azure Firewall
Azure DDoS Protection

These features are optional at creation and can be added later, but some managed services require specific subnet names (for example, GatewaySubnet) or minimum sizes. Plan subnets accordingly if you enable those services now.

A screenshot of the Microsoft Azure portal showing the "Create virtual network" page on the Security tab with options to enable Azure Bastion, Azure Firewall, and Azure DDoS Network Protection. The top navigation bar and bottom navigation buttons (Previous, Next: IP addresses, Review + create) are also visible.

Some Azure services require specific subnet names (for example, GatewaySubnet for VPN/ExpressRoute gateways) and minimum prefix sizes. If you plan to enable managed gateways or firewall services, reserve appropriately sized subnets and correct names up front to avoid migration complexity later.

Step 4 — Define address space and subnets (IP addresses)

Open the IP addresses tab to set the VNet address space and internal subnets.
The portal often suggests a default address space (10.0.0.0/16). Replace or extend it to match your IP plan (for example 192.168.0.0/16).
A VNet can have multiple CIDR blocks (add additional address spaces later if needed). Avoid overlaps if you plan to peer or connect to on-premises networks.

A screenshot of the Microsoft Azure portal’s "Create virtual network" page on the IP addresses tab, showing a 10.0.0.0/16 address space and a default 10.0.0.0/24 subnet. The page includes controls for adding subnets, deleting the address space, and a "Review + create" button.

Subnet examples and planning:

Click Add subnet to create subnets inside your VNet address space.
Example subnets:
- SNET-web-servers → 192.168.0.0/27 (32 addresses)
- SNET-DB → 192.168.0.32/28 (16 addresses)

Important IP reservation note:

Azure reserves 5 IP addresses per subnet for platform use (the first four IPs and the last IP in each subnet). When planning capacity, subtract 5 from the subnet’s total addresses to determine usable IPs.

Subnet size quick reference:

Prefix	Total addresses	Usable addresses (Azure)
/24	256	251
/27	32	27
/28	16	11
/29	8	3

Notes:

You can add more IPv4 address spaces to a VNet later; VNets are not limited to a single CIDR block.
Always plan for growth and avoid address overlaps when peering or connecting to on-premises networks.

Step 5 — Review and create

Click Review + create to validate your configuration.
Azure will run validation checks; if validation passes, click Create to deploy the VNet.

After creation

Click Go to resource to open the VNet blade.
Under Subnets you’ll see each subnet and available IP addresses (usable = total − 5 reserved).
From the VNet blade you can later configure:
- Network Security Groups (NSGs) for subnet- or NIC-level filtering
- User-defined route tables
- Service endpoints and private endpoints
- Virtual network peering
- Bastion host, Azure Firewall, DDoS protection, and gateway subnets

Best practices checklist

Choose region and subscription based on latency and billing.
Use consistent naming conventions for VNet and subnets.
Reserve appropriately sized subnets for managed services (GatewaySubnet, Azure Firewall).
Plan IP addressing to avoid overlaps with on-premises networks or other VNets you will peer.
Apply NSGs and route tables to control traffic flow and enforce least privilege.

Further learning

Connected devices, Bastion hosts, DDoS Protection, Azure Firewall, and peering each deserve deeper coverage — explore those topics individually as your networking requirements evolve.

Watch Video

Capabilities of Azure Virtual Networks

Virtual Network Address Space and Subnets

Introduction

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

Creating Virtual Network

Step 1 — Start the VNet creation wizard

Step 2 — Choose subscription, resource group, name, and region

Step 3 — Review optional security features

Step 4 — Define address space and subnets (IP addresses)

Step 5 — Review and create

Watch Video

Introduction

Configure Internet Access with Azure Virtual NAT

Configure Peering for an Express Route Deployment

Configure Public IP Addresses

Connect Devices to Networks with Point to Site VPN Connections

Connect Networks with Site to Site VPN Connections

Connect Remote Resources by using Azure Virtual WA Ns

Create a Network Virtual Appliance NVA in a Virtual Hub

Deploy Azure D Do S Protection

Deploy and configure Network Security Groups

Design Azure Application Gateway

Design Azure Front Door

Design Name Resolution for Azure Virtual Network

Design an Express Route deployment

Design and Implement Azure Firewall

Design and Implement Azure Load Balancer

Design and Implement Azure VPN Gateway

Design and implement Azure Bastion

Enable Cross V Net Connectivity

Explain Virtual Network Service Endpoints

Explore Azure Express Route

Explore Azure Traffic Manager

Explore Azure Virtual Networks

Explore Load Balancing Options in the Azure

Express Route Advanced Features

Get Network Security Recommendations with Microsoft Defender for Cloud

Implement Virtual Network Traffic Routing

Implement a Web Application Firewall

Monitor your networks using Azure Monitor

Monitor your networks using Azure Network Watcher

Private Link Services and Private Endpoints

Troubleshooting Express Route Connections

Working with Azure Firewall Manager

​Step 1 — Start the VNet creation wizard

​Step 2 — Choose subscription, resource group, name, and region

​Step 3 — Review optional security features

​Step 4 — Define address space and subnets (IP addresses)

​Step 5 — Review and create

Watch Video

Step 1 — Start the VNet creation wizard

Step 2 — Choose subscription, resource group, name, and region

Step 3 — Review optional security features

Step 4 — Define address space and subnets (IP addresses)

Step 5 — Review and create