Skip to main content

Documentation Index

Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt

Use this file to discover all available pages before exploring further.

Welcome back! In this lesson, we continue our comprehensive exploration of network security as part of the broader defense-in-depth strategy. Previously, we discussed how Microsoft manages physical security in their data centers, while Azure AD handles identity and access management—including conditional access, identity management, and multi-factor authentication. In an earlier lesson, we examined perimeter security through DDoS protection, Azure Firewall, and the hub-spoke network strategy. Now, we shift our focus specifically to network security. The key topics covered in this lesson include:
  • Network Security Groups (NSGs)
  • Application Security Groups (ASGs)
  • Enabling and configuring service endpoints
  • Deploying private links
  • Implementing Azure Application Gateway
  • Deploying a Web Application Firewall (WAF)
  • Configuring and managing Azure Front Door
  • Reviewing ExpressRoute
Even if you have a firewall in place, using Network Security Groups (NSGs) provides an additional layer of micro-segmentation at the virtual network level, ensuring granular control over network traffic.
Below is a diagram that summarizes the essential network security tasks, including deploying NSGs, creating application security groups, and configuring various Azure network services.
The image is a diagram listing various network security tasks, such as deploying network security groups, creating application security groups, and configuring Azure services. Each task is accompanied by a relevant icon.
Let’s begin by taking an in-depth look at Network Security Groups (NSGs).

Watch Video