Creating an Application Security Group
Start course
1h 26m

This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



Hi everyone, and welcome back. In this lesson, I'm going to show you how to create an application security group. So let's jump right in.

To get started, I need to click Create A Resource up here in the left corner of the portal. What I'll do here is search for Application Security Group. And then I'll select Application Security Group from the results. When I click Create here, the Create an Application Security Group blade appears.

From here, I need to specify a new or existing resource group for my application security group. So I'll put this in my DemoRG. I need to name my security group. So what I'll do here is call it MyAppSecurityGroup. And what I'll do here is deploy into the Central US region. Now what's important to know about this region is that the application security group needs to be in the same region as any VMs that you plan to protect. So if you have VMs in the East region, then you would select the East region. I'm just going to select Central US here.

Now, from here, I can click either Next to do any tagging that I wanna do or I can simply do the Review and Create and begin the process. So we'll go ahead and click Review and Create. And what it does here is validate my settings. And I can click Create to create my application security group.

So now that we have our deployment complete, we'll go to our resource here. And we can see we have our application security group. Now you'll notice there's not a whole lot of configuration that can be done here. And that's because an application security group is really just a logical collection of virtual machines, or really the NICs that are attached to those virtual machines. What you do is join virtual machines to the application security group and then use the application security group as a source or destination in network security group rules.

Now, I'm going to bounce out to my DemoRG here. And take a look at one of my virtual machines here. If we look at the Networking blade of my VM here, we see that there's an option here for application security groups.

Now, this option here is related to the network interface of the VM. Clicking this option allows me to select which application security group that this virtual machine's NIC should join. So if I click the Configure the application security groups button here, I can then select the dropdown and select my application security group and save it.

Now, with my settings saved and committed here, I can see that under our network interface for the PROD01 virtual machine, I now have my app security group listed as one of the application security groups.

Now, with my application security group created, what I could now do, if I go back to my DemoRG here, is I can create a network security group. And what I'm going to do is show you where I could create some rules that would allow me to specify my new application security group. I'll just call this testnsg. And we'll deploy into Central.

So let's go to our resource here. And now I'm in my network security group. If I select, let's say, for example, inbound security rules. If I create a new rule, I can now select a source here, specify application security group, and now I have my application security group listed.

Now, what this does, in turn, is configure the network security group rule to apply to any associated virtual machine NICs that are a part of this application security group. So that's how you do it. There's not a whole lot involved in creating and configuring an application security group. And hopefully, after watching this video, you now have an idea of all that's involved.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.