Azure Networking Fundamentals: How to Create and Secure Subnets with Network Security Groups

Introduction

Network segmentation and access control are critical components of a secure cloud environment. In Microsoft Azure, subnets help organize resources within a virtual network, while Network Security Groups (NSGs) provide granular control over inbound and outbound traffic.

In this guide, I will walk through the process of creating a dedicated subnet, configuring a Network Security Group, defining an inbound security rule, and associating the NSG with the subnet. These steps demonstrate how to strengthen network security and establish controlled access to resources within an Azure Virtual Network.

• From the Azure portal home page, in the search box, enter virtual networks.

• Select the guided-project-vnet virtual network.

• From the guided-project-vnet blade, under settings, select Subnets.

• For Subnet purpose leave it as Default.
  

• For Name enter: ftpSubnet

• Leave the rest of the settings alone and select Add.

Create a network security group

• From the Azure portal home page, in the search box, enter virtual networks.

• Select virtual networks under services

• Select Network security groups.

• Select + Create.

• Verify the subscription is correct.

• Select the guided-project-rg resource group.

• Enter ftpNSG for the network security group name.

• Select Review + create.

• Once the validation is complete, select Create.

• Wait for the screen to refresh and display Your deployment is complete.

• Select Go to resource.

Create an inbound security rule

• Under settings, select Inbound security rules.

• Select + Add.

• Change the Destination port ranges from 8080 to 22.

• Select TCP for the protocol.

• Set the name to ftpInbound.

• Select Add.

Associate a network security group to a subnet

• From the Azure portal home page, in the search box, enter virtual networks.

• Select virtual networks under services.

• Select the guided-project-vnet virtual network.

• Under settings, select Subnets.

• Select the ftpSubnet you created.

• On the Edit subnet page, under the Security section heading, update the Network security group field to ftpNSG.

• Select Save.

Conclusion

By completing these configurations, you have successfully created a dedicated subnet, deployed a Network Security Group, configured an inbound security rule, and associated the NSG with the subnet. This setup enhances the security posture of your Azure environment by allowing only authorized traffic to reach resources within the network.

Understanding and implementing network segmentation and security controls are essential cloud administration skills. As you continue your Azure journey, these foundational concepts will help you design more secure, scalable, and resilient cloud infrastructures.