Here is a Azure tenant starter template for NSG’s, Resource Groups, and subnets. I’m providing this as a “quick start” to diagraming or creating an Azure subscription. I created this template using Microsoft best practice to meet PCI-DSS v3.2.1 compliance. I highly recommend utilizing Azure Blueprints when creating any new subscriptions that require a level of compliance.
- Utilized 10.0.0.0/16 (You cannot use multicast, broadcast, loopback, local, or internet addresses in Azure)
- Multi Region using Global VNET peer over Microsoft backbone
- Utilized Microsoft Best Practice Naming Standards
- 7 tier model to isolate Application, Data, Gateway, Identity, Management, Web, and Windows Virtual Desktops.
- Utilized Express Route for region local data centers
- Utilized both Legacy On-Prem IaaS Active Directory servers and Azure Active Directory Domain Services. 99.9% of applications work with AADDS and you can even use GPO’s and extend to on-prem servers. Microsoft Endpoint Manager + Azure AD takes care of the workstations so why utilize Legacy AD?? That 1 vendor that says their application is not certified with AADDS…
Hope this helps and again use Azure Blue Prints. You can create a subscription in minutes that meets a variety of industry compliant standards beyond what an ARM template can do.