I have a use case for Azure VMs to separate management and application traffic. So in effect, one NIC for management and another for application. The application VMs would reside on VNET-A and the management network would reside on VNet-B.
My understanding is that Azure VMs can have multiple NICs but they need to belong to the same VNet. The rational behind this is most likely how the existing application is implemented in a traditional data center, however my understanding is that in public cloud there is no IP layer 2 functionality. Therefore I was wondering how we overcome such a requirement in respect to security?