Hello Shane DT!
Welcome to Microsoft QnA!
I understand you need to rollover chnages made to VNET Settings on Azure and how to lock down changes
Of course you are aware of Rbac and IAM i assume from the Security Group reference
One way is to apply Resource Write/Delete Locks but for rollover the IaC deployements come into play
Adopt an IaC strategy and you will find out that deloyements are always a click away and major changes are easy to revert in a matter of minutes if not seconds
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!