video-thumbnail

Network Security Groups and Application Security Groups

View all guides in series
2 of 11 guides |  13 minutes to complete  |  Last Updated: February 2025
View first guide free
The time-saving guides in this series can help you pursue a certification or advance your career by increasing insights into Azure’s built-in security features, threat detection, and incident response capabilities.
Subscribe
Get Reimbursed

About this guide

Lab Scenario

You have been asked to implement your organization’s virtual networking infrastructure and test to ensure it is working correctly. In particular:

  • The organization has two groups of servers: Web Servers and Management Servers.
  • Each group of servers should be in its own Application Security Group.
  • You should be able to RDP into the Management Servers, but not the Web Servers.
  • The Web Servers should display the IIS web page when accessed from the internet.
  • Network security group rules should be used to control network access.

Lab Objectives

Exercise 1: Create the virtual networking infrastructure

  • Task 1: Create a virtual network with one subnet
  • Task 2: Create two application security groups
  • Task 3: Create a network security group and associate it with the virtual network subnet
  • Task 4: Create inbound NSG security rules to all traffic to web servers and RDP to the management servers

Exercise 2: Deploy virtual machines and test the network filters

  • Task 1: Create a virtual machine to use as a web server
  • Task 2: Create a virtual machine to use as a management server
  • Task 3: Associate each virtual machines network interface to its application security group
  • Task 4: Test the network traffic filtering

Network and Application Security Groups Diagram

Job Skills

The Cloudguides in this series help IT professionals gain practical skills related to making Microsoft Azure environments more secure, including how to implement security controls, manage identity and access, protect data and applications, monitor for threats, and maintain a secure posture across various Azure services.

Career Connections

With the increasing demand for cybersecurity expertise, professionals with the skills from this series can pursue job prospects in roles such as Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager.

As of 2025, average U.S. salaries range from $103,197 to $143,002 for entry-level roles and $120,201 to $203,652 for professionals with 5 years' experience across positions like Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager. Please note that these figures are approximate, derived from online sources, and can vary based on factors such as location, industry, and company size.

AZ-500: Microsoft Azure Security Technologies Series
Thumbnail
Guide 1:
Role-Based Access Control
12 minutes to complete
Thumbnail
Guide 2:
Network Security Groups and Application Security Groups
13 minutes to complete
Thumbnail
Guide 3:
Azure Firewall
13 minutes to complete
Thumbnail
Guide 4:
Configuring and Securing ACR and AKS
13 minutes to complete
Thumbnail
Guide 5:
Securing Azure SQL Database
9 minutes to complete
Thumbnail
Guide 6:
Service Endpoints and Securing Storage
20 minutes to complete
Thumbnail
Guide 7:
Key Vault (Implementing Secure Data by setting up Always Encrypted)
19 minutes to complete
Thumbnail
Guide 8:
Create a Log Analytics Workspace, Azure Storage Account, and Data Collection Rule (DCR)
7 minutes to complete
Thumbnail
Guide 9:
Configuring Microsoft Defender for Cloud Enhanced Security Features for Servers
3 minutes to complete
Thumbnail
Guide 10:
Enable Just-in-Time Access on VMs
4 minutes to complete
Thumbnail
Guide 11:
Microsoft Sentinel
14 minutes to complete