new azure tenant creation with multiple projects

-> What is the preferable VNET address space?

There is no definitive answer to this question, as it depends on your specific needs and preferences. However, some general guidelines are:

Choose a private IP address space that does not overlap with your on-premises network or any other networks that you need to connect to.
Use a large enough address space to accommodate your current and future needs, but not too large to waste IP addresses or cause management overhead.
Consider using a /16 address space for each virtual network, as this allows for 65,536 IP addresses and is the recommended size by Microsoft1.
If you need to connect multiple virtual networks, either in the same or different regions, use virtual network peering and ensure that the address spaces of the peered virtual networks do not overlap2.
-> How to manage DNS for all those 10 projects (Example, all 10 projects use same domain name)

There are different options for managing DNS for your Azure resources, depending on your requirements and preferences. Some possible options are:

Use Azure DNS Public to host your domain name in Azure and manage DNS records using the same credentials, APIs, tools, and billing as your other Azure services3.
Use Azure DNS Private Zones to host a private DNS zone within your virtual network and resolve names for your Azure resources using a custom domain name instead of the Azure-provided names4.
Use Azure Private Link to enable private access to services that are hosted on the Azure platform while keeping your data on the Microsoft network. You can use private endpoints and private DNS zones to resolve the names of the services without exposing them to the internet5.
Use Azure DNS Private Resolver service in conjunction with Azure Private DNS Zones for cross-premises name resolution. You can use DNS forwarding rulesets to route DNS requests for specific domains to specific DNS servers, such as on-premises or internet6.
-> How to implement security between this networks or from external network?

There are different ways to implement security for your Azure networks, depending on your needs and preferences. Some possible ways are:

Use Network Security Groups (NSGs) to filter network traffic between Azure resources in an Azure virtual network. NSGs contain security rules that allow or deny inbound or outbound traffic based on source and destination, port, and protocol7.
Use Application Security Groups (ASGs) to group network interfaces that have similar security requirements and apply NSG rules to them. ASGs simplify the management of NSG rules by reducing the number of explicit IP addresses that you need to specify8.
Use Azure Firewall to provide protection for your Azure Virtual Network resources. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It’s a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability9.
Use Azure VPN Gateway or ExpressRoute to establish secure cross-premises connectivity between your on-premises network and your Azure virtual network. VPN Gateway uses IPsec/IKE protocols to create an encrypted tunnel over the internet, while ExpressRoute uses a dedicated private connection through a connectivity provider1011.
-> Is there any prefer guidelines before implementing above requirements?

There are some general guidelines and best practices that you can follow before implementing your Azure networking solution, such as:

Review the Azure Well-Architected Framework, which is a set of guiding tenets based on five pillars that you can use to improve the quality of your architectures12.
Review the Cloud Adoption Framework, which is a collection of documentation, implementation guidance, best practices, and tools that are designed to accelerate your cloud adoption13.
Review the Networking architecture design article, which provides information about sample architectures, solutions, and guides that can help you explore networking in Azure14.