Overview of Azure Network Connectivity Services
The network services in Azure offers a variety of networking capabilities that can be used together or separately. This include:
- Connectivity services: Firstly, this service is for connecting Azure resources and on-premises resources with any networking services in Azure – Virtual Network (VNet), Virtual WAN, ExpressRoute, VPN Gateway, etc.
- Application protection services: This protects applications using any or a combination of these networking services in Azure – Private Link, DDoS protection, Firewall, Network Security Groups, etc.
- Application delivery services: This delivers applications in the Azure network using any or a combination of these networking services in Azure – Content Delivery Network (CDN), Azure Front Door Service, etc.
- Network monitoring: This service is for monitoring your network resources by using networking services in Azure like Network Watcher, ExpressRoute Monitor, Azure Monitor, or VNet Terminal Access Point (TAP).
Connectivity services
This services provides connectivity between Azure resources, connectivity from an on-premises network to Azure resources and other services that include:
Virtual network
Azure Virtual Network (VNet) refers to the fundamental building block for your private network in Azure. This can be used for:
- Firstly, for communication between Azure resources, you can deploy VMs, and several other types of Azure resources to a virtual network like Azure App Service Environments and the Azure Kubernetes Service (AKS).
- Secondly, for communication between each other in which you can connect virtual networks to each other, enabling resources in either virtual network to communicate with each other, using virtual network peering.
- Thirdly, for communicating to the internet in which all resources in a VNet can communicate outbound to the internet, by default. Moreover, you can communicate inbound to a resource by assigning a public IP address or a public Load Balancer.
- Lastly, for communicating with on-premises networks in which you can connect your on-premises computers and networks to a virtual network using VPN Gateway or ExpressRoute.
ExpressRoute
ExpressRoute is for extending your on-premises networks into the Microsoft cloud over a private connection facilitated by a connectivity provider. However, traffic does not go over the internet. Moreover, With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure, Office 365, and Dynamics 365.
VPN Gateway
VPN Gateway helps in developing encrypted cross-premises connections for your virtual network in on-premises locations. Moreover, you can create encrypted connections between VNets. In this, there are different configurations available for VPN Gateway connections like site-to-site, point-to-site, or VNet to VNet. The diagram below illustrates multiple site-to-site VPN connections to the same virtual network.

Virtual WAN
Azure Virtual WAN refers to a networking service that provides optimized and automated branch connectivity to, and through, Azure. However, the Azure regions serve as hubs that you can choose to connect your branches to. In this, you can leverage the Azure backbone to also connect branches and enjoy branch-to-VNet connectivity.
Azure DNS
Azure DNS refers to a hosting service for DNS domains that provides name resolution by using Microsoft Azure infrastructure. However, by hosting your domains in Azure, you can manage your DNS records using APIs, tools, and billing as your other Azure services.
Azure Bastion
The Azure Bastion service is a new fully platform-manageable PaaS service that you provision inside your virtual network. Moreover, it provides secure and seamless RDP/SSH connectivity to your virtual machines directly in the Azure portal over TLS.
Virtual network NAT Gateway
Virtual Network NAT clarifies the outbound-only Internet connectivity for virtual networks. However, when configured on a subnet, all outbound connectivity uses your specified static public IP addresses.
Azure Peering Service
Azure Peering service improves customer connectivity for Microsoft cloud services like Office 365, Dynamics 365, SaaS, Azure. Or it can be any Microsoft service that is accessible via the public internet.
Reference: Microsoft Documentation


