Introduction

Imagine you are the solution architect for a manufacturing company. Your company has several sites, and users throughout the company will need to use an enterprise resource planning (ERP) app to migrate to Azure. The company will only consider moving key systems onto the platform if stringent security requirements can be met, including tight control over which computers have network access to the servers running the app. You want to secure both virtual machine (VM) networking and Azure services networking as part of your company's network security strategy. Your goal is to prevent unwanted or unsecured network traffic from being able to reach key systems.

You'll use network security groups to secure network traffic for VMs running on Azure. You'll learn to use virtual network service endpoints to control network traffic to and from Azure services, such as storage or database services.

Learning objectives

In this module, you will:

  • Identify the capabilities and features of network security groups.
  • Identify the capabilities and features of virtual network service endpoints.
  • Use network security groups to restrict network connectivity.
  • Use virtual network service endpoints to control network traffic to and from Azure services.

Prerequisites

  • Knowledge of basic networking concepts, including subnets and IP addressing.
  • Basic familiarity with Azure services, specifically Azure SQL Database and Azure Storage.
  • Familiarity with Azure virtual machines and virtual networking.