- Azure VNets and secure traffic control between resources.
- CIDR-based IP planning for scalable address allocation.
- Subnetting to organize services and apply security boundaries.
- Private IP addressing behavior (static vs dynamic).
- Region and subscription design for performance, compliance, and governance.

Azure assigns private IPs via an internal DHCP service. A
dynamic private IP is allocated to the network interface and typically persists for the interface lifetime. To guarantee a persistent address (for example, a database endpoint), configure a static private IP.
Subnetting helps you enforce boundaries and policies in a predictable way:
- Place public-facing web servers in a subnet with outbound NAT (NAT Gateway) or assign a public IP to the load balancer.
- Keep databases in a restricted subnet with no direct Internet access and strict Network Security Group (NSG) rules.
- Use a separate management subnet for administrative access and bastion hosts.
- Deploy VNets in regions that minimize latency for users and satisfy data-residency laws.
- Separate subscriptions to isolate billing, access control, and environments (production, development, testing).

- Azure Virtual Network documentation
- AZ-700: Designing and Implementing Microsoft Azure Networking Solutions (course)
- CIDR notation overview