Microsoft has announced the following features for network security groups (NSGs) which are in public preview:
- Application Security Groups,
- Service Tags,
- Augmented Security Rules
Application Security Groups:
We can use application security groups to configure network security as natural extension of an application’s structure, by arbitrarily grouping VMs and defining network security policies based on those groups. You can reuse your security policy and scale without manual maintenance of explicit IP addresses. The platform handles the complexity of explicit IP addresses and multiple rule sets, so you can focus on your business logic. For more information, see the documentation.
Service tags for NSGs:
Service Tags simplify security for Azure Virtual Machines and Azure Virtual Networks by enabling you to easily restrict network access to just the Azure services that you use. You can use service tags in your NSG rules to allow or deny traffic to a specific Azure service globally or per Azure region. Azure provides the maintenance of IP addresses underlying each tag. This preview includes Storage, Sql, and AzureTrafficManager tags. For more information, see the documentation.
Augmented security rules for NSGs:
Augmented rules for NSGs simplify the security definition for Virtual Networks, so you can define larger, more complex network security policies with fewer rules. Multiple ports, multiple explicit IP addresses, service tags, and application security groups can all be combined into a single, easily understood security rule. For more information, see the documentation.
Application security groups is in-preview in US West Central.
Service Tags and Augmented Security Rules are in preview in the following regions:
- US West Central
- US East
- US West
- US West 2
- Australia East
- Australia Southeast
- UK South