Configure a Network Security Group in a Virtual Network

The “Configure a Network Security Group in a Virtual Network” IT Pro Challenge virtual lab will teach you how to work with virtual networks on the Azure platform. You will learn how to use network security groups to filter network traffic and keep your assets safe. After this lab, you will be comfortable enabling network security on Azure.

45 minutes
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

This Learn On Demand Pro Series is part of a Career Path: Become a Network Engineer

Azure is a public cloud computing platform. Azure can be used for many purposes, such as analytics, virtual computing, and networking. In particular, Azure provides a powerful tool for creating virtual networks. As a network or system administrator, you can control who and what comes into and out of your Azure virtual network by using network security groups (NSGs). Given its powerful toolset and rising popularity, It is prudent for modern IT workers to be comfortable working with Azure.

Azure network security groups (NSGs) contain rules that filter inbound and outbound network traffic for Azure assets. In essence, a NSG is a group of rules that function as a simple firewall. NSGs are used for securing both Azure virtual machines (VMs) and subnets. The NSG can be managed at the application level, making creating and maintaining a NSG a simple task. Furthermore, NSGs are limited to only IP addresses within your business, making their configuration even easier.

To get the most from you Azure virtual network and VMs, you need to know how to create network security groups in Azure to keep them safe. This virtual lab will give you hands-on experience working with Azure and creating NSGs, making you more comfortable working on the Azure platform.

Understand the scenario: You're an Azure administrator assigned to create and configure an application security group for a network interface and a network security group for a subnet in an existing virtual network in Azure. You need to allow secure shell (SSH) connections to the virtual machine.

Understand your environment: You are using an Azure resource group that contains an existing storage account for use with Cloud Shell, a virtual network, and a virtual machine.

Create security groups:

The first step in this virtual lab is to create your security groups. You will sign in to the Azure portal using given credentials. Once signed in, you will use the Azure portal to create both an application security group and a network security group.

Associate security groups:

Next, you will associate the application security group with your network interface and the network security group with a subnet. To do this, you will use the Azure bash to create a new file share and observe the security rules in action.

Create an inbound security rule to allow SSH:

For the final step in this real-world exercise, you will create NSG rules. In this case, you will create a rule to filter inbound traffic. You will create this rule, associate it with the virtual network, and use SSH to connect to the virtual network.


In this lab, you will:

  • Create an application security group.
  • Create a network security group.
  • Create rules to filter inbound traffic using the NSG.
  • Test the NSG via SSH into a virtual network.

In the modern IT environment, familiarity with the Azure platform will provide you with a competitive edge. Azure is ideal in many ways, as it lets companies move as much of their business to the cloud as their needs dictate. Azure lets its users add cloud capabilities to their existing network and/or move all of their capabilities to Microsoft data centers, in addition to hosting shared VMs, file shares, and virtual networks.

This guided challenge lets you develop skills in using NSGs and virtual networks on the Azure platform. By completing this lab, you will gain valuable experience in keeping your company’s Azure assets safe. This lab is helpful to students in many career paths, such as Cyber Defense Forensics Analyst, Cyber Instructor, Law Enforcement / Counterintelligence Forensics Analyst, Security Control Assessor, and System Administrator work roles.

Other IT Pro Challenges in this series:

  • GUIDED CHALLENGE: Configure Route Tables in a Virtual Network
  • GUIDED CHALLENGE: Configure Global VNet Peering


Follow A Path

Deciphering the essentials to enter a new career is hard, so we did it for you!

Focus on building your skills and take this learn on demand pro series in a guided Career Path.

Learning Partner
Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.