A network security group works like an internal firewall. You can associate zero or more network security groups to each virtual network subnet and network interface in a virtual machine. Each network security group contains rules that allow or deny traffic based on source or destination IP address, port, and protocol.
