Attaching an Application Security Group to an Azure VM Running Web Server

Application Security Groups (ASGs) are a new feature from Azure that allows you to define network security as a group rather than as individual endpoints. This helps to simplify network security group (NSG) management, reduce the number of NSGs, and limit the rules that you need to create.

Companies often have multiple applications running on a single virtual machine. In such cases, you can use ASGs to define the inbound traffic flows based on the application. The ASG can be attached to the virtual machine, and the security group rules can be defined based on the ASG.

In this lab, you will learn the basics of Application Security Groups (ASGs) and how to use them to secure network traffic to a virtual machine.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

• Understand the concept of Application Security Groups
• Create an Application Security Group resource
• Attach an Application Security Group to a virtual machine
• Update the inbound port rule to restrict the traffic to the web server to only the application security group

Intended audience

• Candidates for Azure Administrator Associate (AZ-104) certification
• Cloud Architects
• Data Engineers
• DevOps Engineers
• Software Engineers

Prerequisites

Familiarity with the following will be beneficial but is not required:

• Azure Virtual Machines
• Network Security Groups

The following content can be used to fulfill the prerequisites:

• Azure Virtual Networks, Virtual Machines & Network Security Groups