hands-on lab

Attaching an Application Security Group to an Azure VM Running Web Server

Up to 1h
Get guided in a real environmentPractice with a step-by-step scenario in a real, provisioned environment.
Learn and validateUse validations to check your solutions every step of the way.
See resultsTrack your knowledge and monitor your progress.


Application Security Groups (ASGs) are a new feature from Azure that allows you to define network security as a group rather than as individual endpoints. This helps to simplify network security group (NSG) management, reduce the number of NSGs, and limit the rules that you need to create.

Companies often have multiple applications running on a single virtual machine. In such cases, you can use ASGs to define the inbound traffic flows based on the application. The ASG can be attached to the virtual machine, and the security group rules can be defined based on the ASG.

In this lab, you will learn the basics of Application Security Groups (ASGs) and how to use them to secure network traffic to a virtual machine.

Learning objectives

Upon completion of this beginner-level lab, you will be able to:

  • Understand the concept of Application Security Groups
  • Create an Application Security Group resource
  • Attach an Application Security Group to a virtual machine
  • Update the inbound port rule to restrict the traffic to the web server to only the application security group

Intended audience

  • Candidates for Azure Administrator Associate (AZ-104) certification
  • Cloud Architects
  • Data Engineers
  • DevOps Engineers
  • Software Engineers


Familiarity with the following will be beneficial but is not required:

  • Azure Virtual Machines
  • Network Security Groups

The following content can be used to fulfill the prerequisites:

Environment before

Environment after

About the author

Learning paths

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics

Lab steps

Logging in to the Microsoft Azure Portal
Deploying an Application Security Group Resource Using Azure Portal
Attaching ASG to Azure VM