The network is one of the most critical services for a cloud provider and cloud customers. Without a network, the cloud can't work. Microsoft is currently the second largest network service provider globally, and with the following services, Microsoft allows customers to leverage and connect to their backbone:

• Virtual networks: Azure virtual networks are private networks in Azure that have full control over IPs, DNS, security rules, and traffic. You can connect a virtual network to an on-premises network by leveraging a VPN tunnel or using ExpressRoute for a private connection, via Ethernet or MPLS.
• Load balancers: Azure load balancers distribute public (internet) and private network traffic among different service instances in cloud services or virtual machines, in a load balancer group.
• VPN Gateway: The Azure VPN Gateway establishes cross-premises connections between virtual networks within Azure and on-premises IT infrastructures, using IPsec security standards. 
• Azure DNS: Azure DNS allows for hosting DNS domains alongside your Azure apps and managing DNS records by using an Azure subscription. Azure DNS allows you to manage public and private DNS zones. 
• Content delivery network: This allows for the delivery of high bandwidth content to users around the globe, with low latency and high availability, via a robust network of global data centers leveraging the Microsoft Edge site and peering at the global internet exchanges.
• ExpressRoute: Azure ExpressRoute allows for creating private connections between Azure data centers and customers on-premises, or colocation infrastructures, by leveraging last mile networks from connectivity providers like Level 3, euNetworks, Interxion, Equinix, or AT&T. 
• Azure DDoS Protection: Azure DDoS Protection enables always-on monitoring and automatic network attack mitigation for an Azure-based infrastructure. 
• Network Watcher: Network Watcher is a service to monitor and diagnose conditions at the network level. Network diagnostics and visualizations with Network Watcher will take packet captures on a VM, if an IP flow is allowed or denied on a virtual machine. It monitors and reports how the packet is routed from a VM, and gives insights into an Azure network topology.