Azure Network Security Groups Protect Systems

Azure Network Security Groups (NSGs), which are built into Azure’s software-defined networking layer, allow organizations to control the traffic to and from Azure virtual machines (VMs) within segments of a network and between the network and other Azure services. Optimal configuration and use of NSGs could help with compliance and risk management processes. Although the technology is free to implement and use, if implemented incorrectly it could lead to issues or system incompatibilities that are hard to diagnose.

Understanding Network Security Groups

NSGs are a packet inspection technology that exists within an Azure virtual network (VNet), the software-defined networking infrastructure of Azure. Like a firewall in a conventional TCP/IP network, it can be used to control the flow of traffic into or out of a virtual network, or resources in that network, including subnets, servers, or network controllers. Rules can allow and deny traffic based on source or destination IP address and protocol (TCP or UDP). Priorities allow one rule to override another.