 
                Network Security Groups and Application Security Groups
About this guide
Lab Scenario
You have been asked to implement your organization’s virtual networking infrastructure and test to ensure it is working correctly. In particular:
- The organization has two groups of servers: Web Servers and Management Servers.
- Each group of servers should be in its own Application Security Group.
- You should be able to RDP into the Management Servers, but not the Web Servers.
- The Web Servers should display the IIS web page when accessed from the internet.
- Network security group rules should be used to control network access.
Lab Objectives
Exercise 1: Create the virtual networking infrastructure
- Task 1: Create a virtual network with one subnet
- Task 2: Create two application security groups
- Task 3: Create a network security group and associate it with the virtual network subnet
- Task 4: Create inbound NSG security rules to all traffic to web servers and RDP to the management servers
Exercise 2: Deploy virtual machines and test the network filters
- Task 1: Create a virtual machine to use as a web server
- Task 2: Create a virtual machine to use as a management server
- Task 3: Associate each virtual machines network interface to its application security group
- Task 4: Test the network traffic filtering
Network and Application Security Groups Diagram
Job Skills
The Cloudguides in this series help IT professionals gain practical skills related to making Microsoft Azure environments more secure, including how to implement security controls, manage identity and access, protect data and applications, monitor for threats, and maintain a secure posture across various Azure services.
Career Connections
With the increasing demand for cybersecurity expertise, professionals with the skills from this series can pursue job prospects in roles such as Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager.
As of 2025, average U.S. salaries range from $103,197 to $143,002 for entry-level roles and $120,201 to $203,652 for professionals with 5 years' experience across positions like Cloud Security Engineer, Security Analyst, Azure Security Consultant, Security Administrator, and Compliance Manager. Please note that these figures are approximate, derived from online sources, and can vary based on factors such as location, industry, and company size.
 
                
 
                             
                             
                             
                             
                            /Key%20Vault%20(Implementing%20Secure%20Data%20by%20setting%20up%20Always%20Encrypted).jpg) 
                            /Create%20a%20Log%20Analytics%20Workspace%2C%20Azure%20Storage%20Account%2C%20and%20Data%20Collection%20Rule%20(DCR).jpg) 
                             
                             
                            