What Are The 3 Azure Network Security (NSG) Rules Are

Today, I will explain the 3 default security rules that come with every Azure Network Security Group (NSG) that you have probably seen in your VM’s NSG.

Network Security (NSG) Rules

By default, every Azure Virtual MAchine comes with a pre-configured Network Security Group (NSG).

NSG acts as a virtual firewall whose job is to protect your VM from malicious and unauthorized access.

Network Security (NSG)

To make the VM secure and also available to other hosts inside the Vnet, Azure has designed every NSG to have 3 default rules that allow internal connectivity but also protection from external sources.

What Are The 3 Azure Network Security (NSG) Rules Are

The table below lists the three default rules that come with every NSG in Microsoft Azure.

Rule Name
Default rules table

The screenshot below shows the three rules in the Azure NSG console, and I will explain each one of them.


  • AllowVnetInBound – This rule permits all the hosts inside the virtual network (including subnets) to communicate with each other without any blocks.
  • AllowAzureLoadBalancerInBound – This rule allows an Azure load balancer to communicate with your VM and send heartbeats.
  • DenyAllInBound – This is the deny all rule that blocks any inbound traffic to the VM by default and protect the VM from malicious access outside the Azure Vnet.

Success! You're on the list.

1 thought on “What Are The 3 Azure Network Security (NSG) Rules Are”

Comments are closed.