Protect resources using Network Security Groups or Azure Firewall on your Virtual Network
Ensure that all Virtual Network subnet deployments have a Network Security Group applied with network access controls specific to your application's trusted ports and sources. Use Azure Services with Private Link enabled, deploy the service inside your Vnet, or connect privately using Private Endpoints. For service specific requirements, please refer to the security recommendation for that specific service.
Alternatively, if you have a specific use case, requirements can be met by implementing Azure Firewall.
General Information on Private Link:
How to create a Virtual Network:
How to create an NSG with a security configuration:
How to deploy and configure Azure Firewall: