Intro to Application Security Groups
Start course
1h 26m

This course covers how to implement Azure network security. Through a combination of both theory and practical demonstrations, you will learn how to create and configure a range of Azure services designed to keep your network secure.

This includes topics such as virtual network connectivity, the Azure Front Door Service, NSG configuration, Azure firewall configuration, and application security groups. The course then moves on to the configuration of remote access management via just-in-time access and tools that are used to configure baselines.

We’d love to get your feedback on this course, so please give it a rating when you’re finished. If you have any queries or suggestions, please contact us at

Learning Objectives

  • Understand how to implement Azure network security
  • Learn about the various Azure services and methodologies available to secure your network

Intended Audience

This course is intended for IT professionals who are interested in earning Azure certification and for those who work with Microsoft Azure on a daily basis.


To get the most from this course, you should have at least a basic understanding of Azure network resources such as virtual networks, Azure firewalls, and network security groups.



Hi, everyone. Welcome to Application Security Groups. Before I get into showing you how to create and configure application security groups, I just wanted to give you a brief overview of what they are and what they do. 

So what exactly are application security groups? An application security group is a grouping of virtual network interfaces that is used to configure network security for the virtual machines that the NICs are attached to. Using an application security group allows you to define network security policies based on the group that you define. You can even reuse your defined security policy at scale without the need to manually maintain a list of included IP addresses.

While application security groups offer a more streamlined way to secure applications running on VMs, they do come with some constraints.

For example, you are limited to 30,000 application security groups that can be defined within a subscription. In addition, you can specify only one application security group as the source and destination when configuring a security rule. You are not allowed to specify multiple application security groups in either the source or destination.

Also, when configuring an application security group, all network interfaces that are assigned to the group must exist within the same virtual network as the first network interface that is assigned to the application security group. For example, if you create an application security group and the first NIC that you assign to is connected to vNet1, all subsequent NICs assigned to the group must also be connected to vNet1. You can't add NICs from different virtual networks to the same application security group.

Lastly, if you specify an application security group as the source and destination in a security rule, the NICs in both groups must exist within the same virtual network. So, for example, if you define a group called Group1 that contains NICs from VNet1 and then, you define another group called Group2 that contains NICs from VNet2, you can't assign Group1 as the source and Group2 as the destination in a rule that you define because all NICs for both the source and destination application security groups need to exist in the same virtual network.

In the next lesson, I'll show you how to create an application security group.

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.