I already use Endpoint ACLs on my VM endpoints, can I also use Network Security Groups?

• No, you can use only either of Endpoint ACLs or Network Security Groups. You can remove the endpoint ACLs from the VM and associate the VM to a Network Security Group.

I have multiple NICs in my VM, will the Network Security Group rules apply to traffic on all the NICs?

• No, the Network Security Group rules apply only to the traffic in primary NIC. In future we will add capability to associate a Network Security Group to a NIC directly.

I created a Network Security Group, what are my next steps?

After you have created a Network Security group, look at the default rules by running the command:

• Get-AzureNetworkSecurityGroup -Name "MyVNetSG" -Detailed

This shows you the default rules. As a next step associate the Network Security group to a VM or subnet. Add more rules to control the network traffic on the entity. Watch the rules to take effect within a few minutes (it is usually seconds).

I have defined RDP endpoint for my VM and I am using a Network Security Group do I need  a Access control rule to connect to the RDP port from Internet?

• Yes, the default rules in Network Security Group does not allow access to any port from Internet, the users have to create a specific rule to allow RDP traffic.

The post NGS in Azure appeared first on Anuj Varma, Hands-On Technology Architect, Clean Air Activist.