The best way to do this would be to create a Hyper-V switch with type 'External' and set the attached NIC to your External one.
This will mean your VMs can connect to other devices in Azure and the internet without connecting to the host or VMs on another switch. You should not need to use Hyper-V NAT in this scenario and will not be able to segregate the traffic properly in Azure as all traffic will be coming from the host IP address:
"Network Address Translation (NAT) gives a virtual machine access to your computer's network by combining the host computer's IP address with a port through an internal Hyper-V Virtual Switch."
In your situation I would recommend:
- Create External Hyper-V switch, link it to our external NIC and attach it to your VMs. Do not allow the management operating system to share the network adapter.
- Create a Network Security group and attach it to the External NIC in Azure
- Configure rules on the NSG so that it can only talk to the required networks, Subnets within a VNet can always communicate by default in Azure
This should mean your VMs can communicate to 192.168.169.16/28 without having any connection to the host or other subnets in your VNet.
If you have any follow up questions please let me know and I can try to help.