Azure virtual network (Azure VNet) is created in two cases, when you create a new VNet or when you create a new Azure virtual machine. Options are similar in both cases, but I recommend creating Azure VNet in advance and joining virtual machines to an existing VNet because this gives you a few more options.

To create a new Azure Vnet, open the Azure portal, select Create a resource and choose Virtual network in Networking services (or search for Virtual network in the search bar), as shown in the following screenshot:

You need parameters for your virtual network. The resource name must be unique on the resource group level and must be one string, with no spaces allowed. My resource Name is PacktVNet, but it could be Packt_VNet if I wanted to separate the words. The next parameter we need to provide is Address space. This will define how many IP addresses will be available in this VNet and uses CIDR format. The biggest address space is /8 and smallest is /29. In this case, I'll use /16, which will give me plenty of address space to use. We need to select the subscription where we want to place our resource (only if we have multiple subscriptions; one will be selected by default in the case of a single subscription). Two options are available for Resource group name, either a new one or to select an existing resource group. As I usually configure virtual network prior to any other resource, a new resource group is created along with VNet. The next step is to select the region where we want to create the resource. I recommend to select the Azure data center closest to you geographically, as this will provide the least network latency in the future. If you selected an existing resource group, this option will be preselected as the same region in which the resource group is located. You need to name the default subnet and provide an address space for that subnet. The address range for the subnet must be inside the address range of your VNet address space.

Basic DDoS protection is provided by default for free, but you can select the standard tier, which is charged separately. We will discuss DDoS further when we reach Chapter 9, Azure Security and Administration. Examples of the information needed for virtual network deployment are shown in the following screenshot:

The final option is related to service endpoints. If we enable this, new windows will be shown, as in the following screenshot. This option enables you to attach PaaS services to your VNet. You can select between Azure Cosmos DB, event hub, key vault, service bus, SQL, and storage, or you can select all of them. At this time, I'll disable endpoints and we'll discuss them later:

The last step is to confirm options and start the process of creating a resource. Azure virtual network works relatively fast and a resource should be created in less than a minute. This can depend on data center workload and the number of requests but should be completed relatively quickly, even in high-demand situations. 

Azure virtual network represents your own network in the cloud. It has similar features to your local network, such as IP address range and subnets. If you're familiar with networking in on-premises scenarios, it will be very easy to understand Azure networking.