Configuring Security Rules in an NSG
Start course
1h 26m

This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



Hi, everyone, and welcome back. In this lesson, I'm going to show you how to configure network security rules within a network security group.

To get started, I'm going to click on the network security group that we just created. We'll add a security rule to it. For this exercise, I'm going to add an inbound security rule.

Now, to do so, I simply choose Inbound security rules option under Settings. I could also create outbound security rules as well. This pane here shows all of the existing configured inbound and outbound security rules that are configured for this network security group. You'll see these default rules shown here since a collection of rules is automatically created when the network security group is created.

So what I'll do is click on inbound security rules here and what I'm going to do here is create my new rule by clicking Add. I'm going to open up port 80 from anywhere using this rule.

So what this is going to do is allow anything on the internet to hit whatever is protected by this network security group over port 80. Now, since I'm opening 80 up from anywhere, I'm going to choose Any as my source. I'll enter port 80 here in the Source port ranges field and then, selecting Any in the destination field allows port 80 to anything this network security group is applied to. And then, what I'll do is I'll change my destination port range from 8080 to straight 80 and I'll leave the protocol selection set to Any and the Action option to Allow. We're allowing this traffic. I'll just accept the default priority and I'll call my rule allow_port_80.

Now, we'll see at the bottom here, we get a notification that the recommended value for source port ranges is * because port filtering is mainly used with the destination port. So what we're going to do, if we change this back to the recommended value, I just wanted to show you how this affects things, we then see the warning go away. So what that means is you typically perform your filtering on the destination rather than the source.

Now, I'm not worried about a description here, so I'll just leave this blank. And what I'll do here is click Add to add my rule and I'll go ahead and refresh my screen here. And we can see allow_port_80 is now listed in the inbound security rules of MyNSG.

So at this point, I can associate my network security group with a subnet that it should protect. Now, to do this, I would simply select Subnets here under the Settings option and then, from here, I can click Associate. And then, what I'll do here is I'll select a virtual network that I wanna protect, select my subnet, and we'll OK it. So at this point, any resources that are connected to or will be connected to my protected subnet will now be reachable on port 80.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.