I need some insight on how to connect a VM in a separate resource group to apps in another resource group that is fire-walled off with a public ip. Is it as simple as creating rules on the firewall to allow inbound traffic from the VM's public IP? or is there a better more secure way to accomplish this? the fire-walled off resource group houses are intranet web page and few databases the vms will need access to.