VM deployments in Azure Cloud

We need to deploy App connector VM for application access, NSS VM as well as Data Connector VM (Used for integration with Azure sentinel) in Azure cloud. Can someone please provide and share inputs on below points

  1. From functioning and VM deployment perspective is it possible to provisioning all VM’s within same Resource group ?

  2. Is it possible to deploy all these VM’s in same vNet sitting behind a dedicate Azure Firewall instance for internet connectivity? Plan is to NAT traffic from all these VM’s for internet access and outbound connectivity to a single public IP?

Or Should I keep all NSS , data connector VM in separate RG and vNet along with App connector VM in a separate RG and vNet?