Network Security Group

By default traffic to internet from virtual machine is allowed and traffic from internet to VM allowed if vm have public IP.

In corporate environment its risky to allow anything to and from internet.

To control inbound/outbound traffic we can apply Network Security Group

NSG Rules

incoming

Source   Destination    Port        Rule
internet   VM              3389     Allow
internet   VM              80        Deny

outgoing


By default 6 NSG rules will be created

3 inbound      3 outbound

Allow vnet inbound:     By default VM subnet 1  can access VM subnet 2 within vnet you can access anything.