Skip to main content
Deploy and configure Network Security Groups (NSGs) in Azure to control traffic flow to and from resources connected to Virtual Networks. NSGs are a fundamental building block for network security in Azure—think of them as traffic controllers that evaluate and permit or deny traffic based on rules you define. What you’ll learn in this lesson:
  • The core concept of NSGs and why they are critical for cloud network access control.
  • The default inbound and outbound rules that come with every NSG and the rationale behind them.
  • How Azure determines the final, effective rule set when NSGs are applied at both subnet and NIC (network interface) levels.
  • How to author custom rules to enforce specific security requirements.
  • How service tags simplify rule creation for Azure-managed IP ranges.
  • How Application Security Groups (ASGs) let you group VMs logically and use those groups within NSG rules.
The image is a slide titled "Learning Objectives" with three main points: understanding NSGs and network access control, identifying default NSG rules, and learning how effective rules are calculated at subnet and NIC levels.
Before you start: familiarity with Azure Virtual Networks, subnets, and basic VM networking concepts will help you apply NSGs effectively. For detailed platform documentation, see the Azure Network Security Groups overview.
Why this matters for security and operations:
  • NSGs provide fine-grained control over traffic at the subnet and NIC level, enabling least-privilege network access.
  • Default rules provide safety and connectivity out of the box but may not meet your security posture—understanding them prevents accidental exposure.
  • Combining NSGs with service tags and ASGs improves manageability and scalability as your environment grows.
Topics at a glance By the end of this lesson you’ll understand NSGs both conceptually and practically, and you will be ready to design and deploy NSGs that meet your security requirements while keeping operational overhead manageable.

Watch Video