Azure Infrastructure Starter PDF


Here is a Azure tenant starter template for NSG’s, Resource Groups, and subnets.  I’m providing this as a “quick start” to diagraming or creating an Azure subscription.  I created this template using Microsoft best practice to meet PCI-DSS v3.2.1 compliance.  I highly recommend utilizing Azure Blueprints when creating any new subscriptions that require a level of compliance.


  • Utilized (You cannot use multicast, broadcast, loopback, local, or internet addresses in Azure)
  • Multi Region using Global VNET peer over Microsoft backbone
  • Utilized Microsoft Best Practice Naming Standards
  • 7 tier model to isolate Application, Data, Gateway, Identity, Management, Web, and Windows Virtual Desktops.
  • Utilized Express Route for region local data centers
  • Utilized both Legacy On-Prem IaaS Active Directory servers and Azure Active Directory Domain Services.  99.9% of applications work with AADDS and you can even use GPO’s and extend to on-prem servers.  Microsoft Endpoint Manager + Azure AD takes care of the workstations so why utilize Legacy AD??  That 1 vendor that says their application is not certified with AADDS…


Hope this helps and again use Azure Blue Prints.  You can create a subscription in minutes that meets a variety of industry compliant standards beyond what an ARM template can do.

Visio Link