You need to limit the amount of inbound traffic to all the Azure virtual networks.
What should you create?
Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It's a fully stateful firewall-as-a-service with built-in high availability and unrestricted cloud scalability. You can centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks.
Capabilities supported in Azure Firewall:
Stateful firewall as a service
Built-in high availability with unrestricted cloud scalability
Network traffic filtering rules
Outbound SNAT support
Inbound DNAT support
Centrally create, enforce, and log application and network connectivity policies across Azure subscriptions and VNETs
Fully integrated with Azure Monitor for logging and analytics