NSGs just got an upgrade!

Page content

Augmented rules for Network Security Groups (NSGs) has gone GA!


Having used NSGs extensively since I started working in Azure, I know augmented security rules will make NSGs much easier to build out and manage.  You now have the capability to create a single rule with multiple source IPs, destination IPs, and ports, something that previously would have required multiple rules.

Take the following example, I want to permit my source machine ( to talk to 2 web servers ( & over http and https, before augmented rules this would have required 4 rules as shown below:

NSGs Rules

Network Security Group

With augmented rules now available this can be consolidated into a single rule:

Single Rule

Creating augmented rules can be completed by using the Azure Portal, PowerShell, CLI or JSON.  The example below shows just how simple this process is in the Azure Portal by using commas to separate values!

New Rule

Time to start tidying up NSGs!!

I’ll write soon about Application Security Groups and what they bring to enhance NSG usability further in a future post.

More information on augmented rules can be found here (https://docs.microsoft.com/en-us/azure/virtual-network/security-overview#augmented-security-rules)