Hello  Kjell
权力， 

是的，您可以使用两个子网。想法是将WAP保持在不同的子网中，将ADFS和ADDS保持在不同的子网中，在我们内部部署的DMZ网络结构中隔离WAP。但是，在Azure中，我们建议始终配置NSG /
NSG规则以保护您的网络。你对增加管理和管理是对的。因此，如果您不需要具有多个服务器的大型环境来处理具有数千个用户的请求，则基于服务器角色的这种分段
网络可能不是***选择。所以你肯定可以使用2个子网，它应该是绝对正常的。只需确保您有适当的NSG规则和与天蓝网络/子网相关联的NSG。 

Yes you can use two subnets . The Idea is to keep WAP in a different subnet and ADFS and ADDS in different subnet segregating WAP within a DMZ like network structure that we have on-premise. However while in Azure we would recommend to always configure NSG/ NSG rules in order to protect your network. And you are right about increased management and administration . hence if you do not have need for large environment with multiple servers servicing requests with several thousand users , this kind of segmentation of network based on server roles may not be the best idea. So you can surely go with 2 subnets and it should be absolutely alright . Just make sure you have proper NSG rules and the NSG associated with the azure networks/subnets. 

希望此信息有所帮助。 

Hope this information helps. 

>