Introduction

Welcome back! In this lesson, we continue our comprehensive exploration of network security as part of the broader defense-in-depth strategy. Previously, we discussed how Microsoft manages physical security in their data centers, while Azure AD handles identity and access management—including conditional access, identity management, and multi-factor authentication. In an earlier lesson, we examined perimeter security through DDoS protection, Azure Firewall, and the hub-spoke network strategy. Now, we shift our focus specifically to network security. The key topics covered in this lesson include:

Network Security Groups (NSGs)
Application Security Groups (ASGs)
Enabling and configuring service endpoints
Deploying private links
Implementing Azure Application Gateway
Deploying a Web Application Firewall (WAF)
Configuring and managing Azure Front Door
Reviewing ExpressRoute

Even if you have a firewall in place, using Network Security Groups (NSGs) provides an additional layer of micro-segmentation at the virtual network level, ensuring granular control over network traffic.

Below is a diagram that summarizes the essential network security tasks, including deploying NSGs, creating application security groups, and configuring various Azure network services.

The image is a diagram listing various network security tasks, such as deploying network security groups, creating application security groups, and configuring Azure services. Each task is accompanied by a relevant icon.

Let’s begin by taking an in-depth look at Network Security Groups (NSGs).

Secure Azure solution with Azure Active Directory

Hybrid Identity

Identity Protection

Azure AD Privileged Identity Management

Enterprise Governance

Perimeter Security

Network Security

Host Security

Container Security

Key Vault

App Security

Storage Security

Database Security

Azure Monitor

Microsoft Defender for Cloud

Microsoft Sentinel

Introduction

Watch Video