Implementing Cisco CSR router into Azure turned out to be quite a learning curve. Originally there was multiple images available on the Azure marketplace, and there was multiple versions of conflicting documentation around the features/capabilities on what was supported.
Luckily, this looks like its being sorted out. There are now 2 images available on the marketplace, one of which is for the DMVPN transit VNETs.
When building the CSR, we assigned an entire /24 within the subnet from our /20 VNET. We did this just to separate the traffic which we could then lockdown access to remove any unnecessary changes.
IMPORTANT – Something that I forgot to do and it took alot of faffing around to get our traffic forwarding through the CSR.
On your Network interface card for the CSR > Go to IP Configurations
Here you would add additional IPs if required
But you also have the option for IP Forwarding Settings > Enable this, I think it requires a reboot if I remember correctly. and then you should be able to get traffic from one side of the interface to another