Hello Shane DT!
Welcome to Microsoft QnA!
I understand you need to rollover chnages made to VNET Settings on Azure and how to lock down changes
Of course you are aware of Rbac and IAM i assume from the Security Group reference
https://learn.microsoft.com/en-us/azure/role-based-access-control/overview
One way is to apply Resource Write/Delete Locks but for rollover the IaC deployements come into play
Adopt an IaC strategy and you will find out that deloyements are always a click away and major changes are easy to revert in a matter of minutes if not seconds
https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/lock-resources
https://thomasthornton.cloud/2021/03/08/why-infrastructure-as-code-iac/
I hope this helps!
Kindly mark the answer as Accepted and Upvote in case it helped!
Regards