🔧 Part 2: Azure Management Tasks - Hands-On Guided Project

📝 Overview

After deploying the environment in Part 1, the next phase focused on managing and governing Azure resources.

Cloud engineering doesn’t stop at deployment,proper administration ensures security, efficiency, and operational stability.

In this multi-part series (Part 2 – Part 6), I’ll be covering:

•Updating the Virtual Network

•Managing Virtual Machines

•Controlling Storage Access

•Managing Tags and Resource Locks

In this article (Part 2), I’ll focus specifically on Updating the Virtual Network, with an emphasis on improving network segmentation for tighter security control.

🌐 Updating the Virtual Network: Securing SFTP Traffic with a Dedicated Subnet

When managing cloud environments, security and structure go hand in hand.
As part of my Azure Management Tasks guided project, I needed to improve the network design by creating a dedicated subnet specifically for SFTP traffic.

Instead of allowing traffic to mix within the main subnet,I segmented the network and applied tighter security controls using a Network Security Group (NSG).

Here’s how I did it 👇

🎯 The Goal

•Create a new subnet inside an existing Virtual Network

•Restrict traffic using a Network Security Group

•Allow only secure SFTP (SSH – Port 22) traffic

•Associate the NSG with the subnet

This ensures better isolation, tighter access control, and improved security posture.

🛠️ Step 1: Creating a Dedicated Subnet

I logged into the Azure Portal and navigated to Virtual Networks.

Inside my existing VNet (guided-project-vnet), I:
•Opened Subnets
•Clicked + Subnet

•Named it ftpSubnet
•Left the remaining settings as default
•Selected Add

Just like that, the new subnet was created.
This subnet will only handle SFTP traffic, separating it from other workloads in the environment.

🔐 Step 2: Creating a Network Security Group

Next, I needed to control what traffic could reach this subnet.

From the Azure portal:
•I searched for Network Security Groups from the virtual network section
•Clicked + Create

•Selected my resource group (guided-project-rg)
•Named the NSG ftpNSG

•Reviewed and deployed it

Once deployment was complete, I opened the resource to configure inbound rules.

🚦 Step 3: Allowing Secure SFTP Traffic

Inside the NSG:
•I navigated to Inbound security rules
•Clicked + Add

•Changed the destination port from 8080 to 22
•Selected TCP
•Named the rule ftpInbound
•Clicked Add

Now, only SSH/SFTP traffic on Port 22 is allowed inbound.
No unnecessary open ports. No over-permissive rules.

🔗 Step 4: Associating the NSG with the Subnet

Finally, I needed to enforce the rule.
I went back to:
•Virtual Network

•Selected guided-project-vnet
•Opened Subnets
•Selected ftpSubnet

•Attached ftpNSG under the Security section
•Saved the configuration

Now the subnet is officially protected.

📊 The Outcome

By the end of this task:

•A new subnet was created for SFTP traffic

•A Network Security Group was deployed

•Port 22 was securely configured

•The NSG was successfully associated with the subnet

⚙️ Conclusion

The environment is now more segmented, controlled, and secure.
This is the kind of practical Azure management task that strengthens real-world cloud engineering skills not just theory, but actual infrastructure design decisions.