Links

Microsoft Network NetworkSecurityGroups

Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes

Asset Inventory

Design Guidance:

Microsoft.Network/networkSecurityGroups

Microsoft.Network/networkSecurityGroups/securityRules


Design for Minimum Necessary Information Flows

Design Guidance:

Microsoft.Network/networkSecurityGroups/securityRules

Protocol
Terraform
Source Address Prefix
Terraform
Source Address Prefixes
Terraform
Source Application Security Groups-Id
Terraform
Destination Address Prefix
Terraform
Destination Address Prefixes
Terraform
Destination Application Security Groups-Id
Terraform
Access
Terraform
Priority
Terraform
Direction
Terraform

Deny-all Communications and Only Allow-by-Exception

Design Guidance:

Microsoft.Network/networkSecurityGroups/securityRules

Source Port Range
Terraform
Destination Port Range
Terraform
Source Port Ranges
Terraform
Destination Port Ranges
Terraform