diff --git a/infra/app/app-env.bicep b/infra/app/app-env.bicep
index d3d0ffa..2b711cc 100644
--- a/infra/app/app-env.bicep
+++ b/infra/app/app-env.bicep
@@ -4,6 +4,8 @@ param location string
 param logAnalyticsWorkspaceName string
 param applicationInsightsName string
 param daprEnabled bool
+param vnetInernal bool
+param vnetName string
 
 // Container apps host (including container registry)
 module containerApps '../core/host/container-apps.bicep' = {
@@ -16,6 +18,8 @@ module containerApps '../core/host/container-apps.bicep' = {
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     applicationInsightsName: applicationInsightsName
     daprEnabled: daprEnabled
+    vnetName: vnetName
+    vnetInternal: vnetInernal
   }
 }
 
diff --git a/infra/core/host/container-apps-environment.bicep b/infra/core/host/container-apps-environment.bicep
index 8c1dc87..4a730a0 100644
--- a/infra/core/host/container-apps-environment.bicep
+++ b/infra/core/host/container-apps-environment.bicep
@@ -5,6 +5,10 @@ param tags object = {}
 param logAnalyticsWorkspaceName string
 param applicationInsightsName string = ''
 param daprEnabled bool = false
+param vnetInternal bool = true
+
+@description('Name of the Vnet')
+param vnetName string
 
 resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2022-03-01' = {
   name: name
@@ -19,9 +23,17 @@ resource containerAppsEnvironment 'Microsoft.App/managedEnvironments@2022-03-01'
       }
     }
     daprAIInstrumentationKey: daprEnabled && applicationInsightsName != '' ? applicationInsights.properties.InstrumentationKey : ''
+    vnetConfiguration: {
+      infrastructureSubnetId: vnet.properties.subnets[0].id
+      internal: vnetInternal
+    }
   }
 }
 
+resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' existing = {
+  name: vnetName
+}
+
 resource logAnalyticsWorkspace 'Microsoft.OperationalInsights/workspaces@2022-10-01' existing = {
   name: logAnalyticsWorkspaceName
 }
diff --git a/infra/core/host/container-apps.bicep b/infra/core/host/container-apps.bicep
index f51aecb..ec04e0f 100644
--- a/infra/core/host/container-apps.bicep
+++ b/infra/core/host/container-apps.bicep
@@ -7,6 +7,8 @@ param containerRegistryName string = ''
 param logAnalyticsWorkspaceName string = ''
 param applicationInsightsName string = ''
 param daprEnabled bool = false
+param vnetName string
+param vnetInternal bool = true
 
 module containerAppsEnvironment 'container-apps-environment.bicep' = {
   name: '${name}-container-apps-environment'
@@ -17,6 +19,8 @@ module containerAppsEnvironment 'container-apps-environment.bicep' = {
     logAnalyticsWorkspaceName: logAnalyticsWorkspaceName
     applicationInsightsName: applicationInsightsName
     daprEnabled: daprEnabled
+    vnetName: vnetName
+    vnetInternal: vnetInternal
   }
 }
 
diff --git a/infra/core/networking/vnet.bicep b/infra/core/networking/vnet.bicep
new file mode 100644
index 0000000..7845dbb
--- /dev/null
+++ b/infra/core/networking/vnet.bicep
@@ -0,0 +1,30 @@
+param location string 
+param vnetName string 
+param vnetPrefix string 
+param subnets array
+
+resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
+  name: vnetName
+  location: location
+  properties: {
+    addressSpace: {
+      addressPrefixes: [
+        vnetPrefix
+      ]
+    }
+    subnets: subnets
+  }
+}
+
+@batchSize(1)
+resource vnetSubnets 'Microsoft.Network/virtualNetworks/subnets@2020-08-01' = [ for subnet in subnets: {
+  parent: vnet
+  name: '${subnet.name}'
+  properties: {
+    addressPrefix: subnet.properties.addressPrefix
+    privateEndpointNetworkPolicies: 'Disabled'
+    privateLinkServiceNetworkPolicies: 'Enabled'
+  }
+}]
+
+output vnetName string = vnet.name
diff --git a/infra/main.bicep b/infra/main.bicep
index dc6d147..657070b 100644
--- a/infra/main.bicep
+++ b/infra/main.bicep
@@ -39,6 +39,9 @@ param workerImageName string = ''
 var abbrs = loadJsonContent('./abbreviations.json')
 var resourceToken = toLower(uniqueString(subscription().id, environmentName, location))
 var tags = { 'azd-env-name': environmentName }
+param vnetName string = 'vnet-ca'
+param vnetInternal bool = true
+param vnetPrefix string = '10.0.0.0/16'
 
 // Organize resources in a resource group
 resource rg 'Microsoft.Resources/resourceGroups@2021-04-01' = {
@@ -58,6 +61,30 @@ module appEnv './app/app-env.bicep' = {
     logAnalyticsWorkspaceName: monitoring.outputs.logAnalyticsWorkspaceName
     applicationInsightsName: monitoring.outputs.applicationInsightsName
     daprEnabled: true
+    vnetName: vnet.outputs.vnetName
+    vnetInernal: vnetInternal 
+  }
+}
+var containerAppsSubnet = {
+  name: 'ContainerAppsSubnet'
+  properties: {
+    addressPrefix: '10.0.0.0/23'
+  }
+}
+
+var subnets = [
+  containerAppsSubnet
+]
+
+// Deploy an Azure Virtual Network 
+module vnet 'core/networking/vnet.bicep' = {
+  name: '${deployment().name}--vnet'
+  scope: rg
+  params: {
+    location: location
+    vnetName: vnetName
+    vnetPrefix: vnetPrefix
+    subnets: subnets
   }
 }