建立、變更或刪除網路安全性群組Create, change, or delete a network security group

網路安全性群組中的安全性規則能讓您篩選可在虛擬網路子網路及網路介面中流入和流出的網路流量類型。Security rules in network security groups enable you to filter the type of network traffic that can flow in and out of virtual network subnets and network interfaces. 如果您不熟悉網路安全性群組,請參閱網路安全性群組概觀以深入了解安全性群組,並完成篩選網路流量教學課程以獲得一些網路安全性群組相關經驗。If you're not familiar with network security groups, see Network security group overview to learn more about them and complete the Filter network traffic tutorial to gain some experience with network security groups.

開始之前Before you begin

注意

本文已更新為使用新的 Azure PowerShell Az 模組。This article has been updated to use the new Azure PowerShell Az module. AzureRM 模組在至少 2020 年 12 月之前都還會持續收到錯誤 (Bug) 修正,因此您仍然可以持續使用。You can still use the AzureRM module, which will continue to receive bug fixes until at least December 2020. 若要深入了解新的 Az 模組和 AzureRM 的相容性,請參閱新的 Azure PowerShell Az 模組簡介To learn more about the new Az module and AzureRM compatibility, see Introducing the new Azure PowerShell Az module. 如需 Az 模組安裝指示,請參閱安裝 Azure PowerShellFor Az module installation instructions, see Install Azure PowerShell.

在完成本文任一節的步驟之前,請先完成下列工作︰Complete the following tasks before completing steps in any section of this article:

  • 如果您還沒有 Azure 帳戶,請註冊免費試用帳戶If you don't already have an Azure account, sign up for a free trial account.
  • 如果使用入口網站,請開啟 https://portal.azure.com ,並使用您的 Azure 帳戶來登入。If using the portal, open https://portal.azure.com, and log in with your Azure account.
  • 如果使用 PowerShell 命令來完成這篇文章中的工作,請在 Azure Cloud Shell (英文) 中執行命令,或從您的電腦執行 PowerShell。If using PowerShell commands to complete tasks in this article, either run the commands in the Azure Cloud Shell, or by running PowerShell from your computer. Azure Cloud Shell 是免費的互動式 Shell,可讓您用來執行本文中的步驟。The Azure Cloud Shell is a free interactive shell that you can use to run the steps in this article. 它具有預先安裝和設定的共用 Azure 工具,可與您的帳戶搭配使用。It has common Azure tools preinstalled and configured to use with your account. 本教學課程需要 Azure PowerShell 模組 1.0.0 版或更新版本。This tutorial requires the Azure PowerShell module version 1.0.0 or later. 執行 Get-Module -ListAvailable Az 來了解安裝的版本。Run Get-Module -ListAvailable Az to find the installed version. 如果您需要升級,請參閱安裝 Azure PowerShell 模組If you need to upgrade, see Install Azure PowerShell module. 如果您在本機執行 PowerShell,則也需要執行 Connect-AzAccount 以建立與 Azure 的連線。If you are running PowerShell locally, you also need to run Connect-AzAccount to create a connection with Azure.
  • 如果使用命令列介面 (CLI) 命令來完成這篇文章中的工作,請在 Azure Cloud Shell (英文) 中執行命令,或從您的電腦執行 CLI。If using Azure Command-line interface (CLI) commands to complete tasks in this article, either run the commands in the Azure Cloud Shell, or by running the CLI from your computer. 本教學課程需要 Azure CLI 2.0.28 版或更新版本。This tutorial requires the Azure CLI version 2.0.28 or later. 執行 az --version 來了解安裝的版本。Run az --version to find the installed version. 如果您需要安裝或升級,請參閱安裝 Azure CLIIf you need to install or upgrade, see Install Azure CLI. 如果您在本機執行 Azure CLI,則也需要執行 az login 以建立與 Azure 的連線。If you are running the Azure CLI locally, you also need to run az login to create a connection with Azure.

您登入或連線到 Azure 的帳戶必須指派為網路參與者角色,或為已指派權限中所列適當動作的自訂角色The account you log into, or connect to Azure with must be assigned to the network contributor role or to a custom role that is assigned the appropriate actions listed in Permissions.

使用網路安全性群組Work with network security groups

您可以建立網路安全性群組、檢視所有網路安全性群組檢視網路安全性群組的詳細資料,以及變更刪除網路安全性群組。You can create, view all, view details of, change, and delete a network security group. 您也可以讓網路安全性群組與網路介面或子網路建立關聯或中斷關聯You can also associate or dissociate a network security group from a network interface or subnet.

建立網路安全性群組Create a network security group

每個 Azure 位置和訂用帳戶可以建立的網路安全性群組數目有所限制。There is a limit to how many network security groups you can create per Azure location and subscription. 如需詳細資訊,請參閱 Azure 限制For details, see Azure limits.

  1. 在入口網站的左上角,選取 [+ 建立資源] 。In the top-left corner of the portal, select + Create a resource.
  2. 選取 [網路] ,然後選取 [網路安全性群組] 。Select Networking, then select network security group.
  3. 輸入網路安全性群組的 [名稱] 選取您的 [訂用帳戶] 建立新的 [資源群組] 或選取現有的資源群組、選取 [位置] ,然後選取 [建立] 。Enter a Name for the network security group, select your Subscription, create a new Resource group, or select an existing resource group, select a Location, and then select Create.

命令Commands

檢視所有網路安全性群組View all network security groups

在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it. 列出的是存在於您訂用帳戶中的網路安全性群組。The network security groups that exist in your subscription are listed.

命令Commands

檢視網路安全性群組的詳細資料View details of a network security group

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.
  2. 選取清單中您想要檢視其詳細資料的網路安全性群組。Select the network security group in the list that you want to view details for. 在 [設定] 底下,您可以檢視網路安全性群組所關聯的 [輸入安全性規則] 和 [輸出安全性規則] 、[網路介面] 和 [子網路] 。Under SETTINGS you can view the Inbound security rules and Outbound security rules, the Network interfaces and Subnets the network security group is associated to. 您也可以啟用或停用 [診斷記錄] ,以及檢視 [有效的安全性規則] 。You can also enable or disable Diagnostic logs and view Effective security rules. 若要深入了解,請參閱診斷記錄檢視有效的安全性規則To learn more, see Diagnostic logs and View effective security rules.
  3. 若要深入了解列出的一般 Azure 設定,請參閱下列文章:To learn more about the common Azure settings listed, see the following articles:

命令Commands

變更網路安全性群組Change a network security group

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups in the search box. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.
  2. 選取您想要變更的網路安全性群組。Select the network security group you want to change. 最常見的變更是新增移除安全性規則,以及讓網路安全性群組與子網路或網路介面建立關聯或中斷關聯The most common changes are adding or removing security rules and Associating or dissociating a network security group to or from a subnet or network interface.

命令Commands

讓網路安全性群組與子網路或網路介面建立關聯或中斷關聯Associate or dissociate a network security group to or from a subnet or network interface

若要讓網路安全性群組與網路介面建立關聯或中斷關聯,請參閱讓網路安全性群組與網路介面建立關聯或中斷關聯To associate a network security group to, or dissociate a network security group from a network interface, see Associate a network security group to, or dissociate a network security group from a network interface. 若要讓網路安全性群組與子網路建立關聯或中斷關聯,請參閱變更子網路設定To associate a network security group to, or dissociate a network security group from a subnet, see Change subnet settings.

刪除網路安全性群組Delete a network security group

如果網路安全性群組與任何子網路或網路介面關聯,便無法刪除它。If a network security group is associated to any subnets or network interfaces, it cannot be deleted. 請先將網路安全性群組與所有子網路和網路介面中斷關聯,再嘗試刪除它。Dissociate a network security group from all subnets and network interfaces before attempting to delete it.

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups in the search box. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.
  2. 從清單中選取您想要刪除的網路安全性群組。Select the network security group you want to delete from the list.
  3. 選取 [刪除] ,然後選取 [是] 。Select Delete, and then select Yes.

命令Commands

使用安全性規則Work with security rules

網路安全性群組包含零個或多個安全性規則。A network security group contains zero or more security rules. 您可以建立安全性規則、檢視所有安全性規則檢視安全性規則的詳細資料,以及變更刪除安全性規則。You can create, view all, view details of, change, and delete a security rule.

建立安全性規則Create a security rule

每個 Azure 位置和訂用帳戶的每個網路安全性群組可以建立的規則數目有所限制。There is a limit to how many rules per network security group can create per Azure location and subscription. 如需詳細資訊,請參閱 Azure 限制For details, see Azure limits.

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups in the search box. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.

  2. 從清單中選取您想要為其新增安全性規則的網路安全性群組。Select the network security group from the list that you want to add a security rule to.

  3. 在 [設定] 底下,選取 [輸入安全性規則] 。Select Inbound security rules under SETTINGS. 這會列出數個現有的規則。Several existing rules are listed. 有些規則可能您並未新增。Some of the rules you may not have added. 建立網路安全性群組時,會在該群組中建立數個預設安全性規則。When a network security group is created, several default security rules are created in it. 若要深入了解,請參閱預設安全性規則To learn more, see default security rules. 您無法刪除預設安全性規則,但是可以使用優先順序較高的規則來覆寫它們。You can't delete default security rules, but you can override them with rules that have a higher priority.

  4. 選取 [+ 新增] 。Select + Add. 選取或新增下列設定的值,然後選取 [確定] :Select or add values for the following settings and then select OK:

    設定Setting Value 詳細資料Details
    SourceSource 針對輸入安全性規則,選取 [任何] 、[應用程式安全性群組] 、[IP 位址] 或 [服務標籤] 。Select Any, Application security group, IP Addresses, or Service Tag for inbound security rules. 如果您建立輸出安全性規則,則選項會與針對 [目的地] 所列的選項相同。If you're creating an outbound security rule, the options are the same as options listed for Destination. 如果您選取 [應用程式安全性群組] ,請選取與網路介面相同之區域中的一或多個現有應用程式安全性群組。If you select Application security group, then select one or more existing application security groups that exist in the same region as the network interface. 了解如何建立應用程式安全性群組Learn how to create an application security group. 如果您針對 [來源] 和 [目的地] 選取 [應用程式安全性群組] ,則兩個應用程式安全性群組內的網路介面都必須在相同的虛擬網路中。If you select Application security group for both the Source and Destination, the network interfaces within both application security groups must be in the same virtual network. 如果您選取 [IP 位址] ,請指定 [來源 IP 位址/CIDR 範圍] 。If you select IP Addresses, then specify Source IP addresses/CIDR ranges. 您可以指定單一值或以逗號分隔的多值清單。You can specify a single value or comma-separated list of multiple values. 多值範例:10.0.0.0/16, 192.188.1.1。An example of multiple values is 10.0.0.0/16, 192.188.1.1. 您可以指定的值數目有所限制。There are limits to the number of values you can specify. 如需詳細資訊,請參閱 Azure 限制See Azure limits for details. 如果您選取 [服務標籤] ,請選取一個服務標籤。If you select Service Tag, then select one service tag. 服務標籤是為 IP 位址類別預先定義的識別碼。A service tag is a predefined identifier for a category of IP addresses. 若要深入了解可用的服務標籤,以及每個標籤所代表的意義,請參閱服務標籤To learn more about available service tags, and what each tag represents, see Service tags. 如果您將指定的 IP 位址指派給 Azure 虛擬機器,請確定您指定私人 IP 位址,而不是指派給虛擬機器的公用 IP 位址。If the IP address you specify is assigned to an Azure virtual machine, ensure that you specify the private IP, not the public IP address assigned to the virtual machine. 在 Azure 針對輸入安全性規則將公用 IP 位址轉譯為私人 IP 位址之後,和 Azure 針對輸出規則將私人 IP 位址轉譯為公用 IP 位址之前,安全性規則會進行處理。Security rules are processed after Azure translates the public IP address to a private IP address for inbound security rules, and before Azure translates a private IP address to a public IP address for outbound rules. 若要深入了解 Azure 中的公用和私人 IP 位址,請參閱 IP 位址類型To learn more about public and private IP addresses in Azure, see IP address types.
    Source port rangesSource port ranges 指定單一連接埠 (例如 80)、連接埠範圍 (例如 1024-65535),或是單一連接埠和/或連接埠範圍的逗號分隔清單 (例如 80, 1024-65535)。Specify a single port, such as 80, a range of ports, such as 1024-65535, or a comma-separated list of single ports and/or port ranges, such as 80, 1024-65535. 輸入星號可以允許任何連接埠上的流量。Enter an asterisk to allow traffic on any port. 連接埠和範圍指定規則將允許或拒絕哪些連接埠流量。The ports and ranges specify which ports traffic is allowed or denied by the rule. 您可以指定的連接埠數目有所限制。There are limits to the number of ports you can specify. 如需詳細資訊,請參閱 Azure 限制See Azure limits for details.
    目的地Destination 針對輸出安全性規則選取 [任何]、[應用程式安全性群組]、[ IP 位址] 或 [虛擬網路]。Select Any, Application security group, IP addresses, or Virtual Network for outbound security rules. 如果您要建立輸入安全性規則, 選項會與針對 [來源] 所列的選項相同。If you're creating an inbound security rule, the options are the same as options listed for Source. 如果您選取 [應用程式安全性群組] ,則必須選取與網路介面相同之區域中的一或多個現有應用程式安全性群組。If you select Application security group you must then select one or more existing application security groups that exist in the same region as the network interface. 了解如何建立應用程式安全性群組Learn how to create an application security group. 如果您選取 [應用程式安全性群組] ,請選取與網路介面相同之區域中的一個現有應用程式安全性群組。If you select Application security group, then select one existing application security group that exists in the same region as the network interface. 如果您選取 [IP 位址] ,請指定 [目的地 IP 位址/CIDR 範圍] 。If you select IP addresses, then specify Destination IP addresses/CIDR ranges. 與 [來源] 和 [來源 IP 位址/CIDR 範圍] 類似,您可以指定單一或多個位址或範圍,且您可以指定的數目有所限制。Similar to Source and Source IP addresses/CIDR ranges, you can specify a single, or multiple addresses or ranges, and there are limits to the number you can specify. 選取 [虛擬網路] (服務標籤) 即表示允許流量連至虛擬網路位址空間內的所有 IP 位址。Selecting Virtual network, which is a service tag, means that traffic is allowed to all IP addresses within the address space of the virtual network. 如果您將指定的 IP 位址指派給 Azure 虛擬機器,請確定您指定私人 IP 位址,而不是指派給虛擬機器的公用 IP 位址。If the IP address you specify is assigned to an Azure virtual machine, ensure that you specify the private IP, not the public IP address assigned to the virtual machine. 在 Azure 針對輸入安全性規則將公用 IP 位址轉譯為私人 IP 位址之後,和 Azure 針對輸出規則將私人 IP 位址轉譯為公用 IP 位址之前,安全性規則會進行處理。Security rules are processed after Azure translates the public IP address to a private IP address for inbound security rules, and before Azure translates a private IP address to a public IP address for outbound rules. 若要深入了解 Azure 中的公用和私人 IP 位址,請參閱 IP 位址類型To learn more about public and private IP addresses in Azure, see IP address types.
    目的地連接埠範圍Destination port ranges 指定單一值或以逗號分隔的值清單。Specify a single value, or comma-separated list of values. 與 [來源連接埠範圍] 類似,您可以指定單一或多個位址和範圍,且您可以指定的數目有所限制。Similar to Source port ranges, you can specify a single, or multiple ports and ranges, and there are limits to the number you can specify.
    ProtocolProtocol 選取 [任何]、[ TCP]、[ UDP ] 或 [ ICMP]。Select Any, TCP, UDP or ICMP.
    ActionAction 選取 [允許] 或 [拒絕] 。Select Allow or Deny.
    PriorityPriority 輸入一個介於 100 到 4096 且對網路安全性群組內的所有安全性規則而言具唯一性的值。Enter a value between 100-4096 that is unique for all security rules within the network security group. 規則會依照優先順序進行處理。Rules are processed in priority order. 編號愈低,優先順序愈高。The lower the number, the higher the priority. 建議您在建立規則時,於優先順序編號之間保留間距,例如 100、200、300。It's recommended that you leave a gap between priority numbers when creating rules, such as 100, 200, 300. 保留間距可方便您未來新增比現有規則優先順序更高或更低的規則。Leaving gaps makes it easier to add rules in the future that you may need to make higher or lower than existing rules.
    名稱Name 網路安全性群組內規則的唯一名稱。A unique name for the rule within the network security group. 此名稱最多可有 80 個字元。The name can be up to 80 characters. 它必須以字母或數字為開頭、以字母、數字或底線為結尾,且只能包含字母、數字、底線、句點或連字號。It must begin with a letter or number, end with a letter, number, or underscore, and may contain only letters, numbers, underscores, periods, or hyphens.
    描述Description 選擇性的描述。An optional description.

命令Commands

檢視所有安全性規則View all security rules

網路安全性群組包含零個或多個規則。A network security group contains zero or multiple rules. 若要深入了解檢視規則時列出的資訊,請參閱網路安全性群組概觀To learn more about the information listed when viewing rules, see Network security group overview.

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.
  2. 從清單中選取您想要檢視其規則的網路安全性群組。Select the network security group from the list that you want to view rules for.
  3. 在 [設定] 底下,選取 [輸入安全性規則] 或 [輸出安全性規則] 。Select Inbound security rules or Outbound security rules under SETTINGS.

此清單包含您已建立的所有規則,以及網路安全性群組預設安全性規則The list contains any rules you have created and the network security group default security rules.

命令Commands

檢視安全性規則的詳細資料View details of a security rule

  1. 在入口網站頂端的搜尋方塊中,輸入「網路安全性群組」 。In the search box at the top of the portal, enter network security groups. 網路安全性群組出現在搜尋結果中時,請選取它。When network security groups appear in the search results, select it.
  2. 選取您想要檢視其安全性規則詳細資料的網路安全性群組。Select the network security group you want to view details of a security rule for.
  3. 在 [設定] 底下,選取 [輸入安全性規則] 或 [輸出安全性規則] 。Select Inbound security rules or Outbound security rules under SETTINGS.
  4. 選取您想要檢視其詳細資料的規則。Select the rule you want to view details for. 如需所有設定的詳細說明,請參閱安全性規則設定For a detailed explanation of all settings, see security rule settings.

命令Commands

變更安全性規則Change a security rule

  1. 完成檢視安全性規則的詳細資料中的步驟。Complete the steps in View details of a security rule.
  2. 視需要變更設定,然後選取 [儲存] 。Change the settings as desired, and then select Save. 如需所有設定的詳細說明,請參閱安全性規則設定For a detailed explanation of all settings, see security rule settings.

命令Commands

刪除安全性規則Delete a security rule

  1. 完成檢視安全性規則的詳細資料中的步驟。Complete the steps in View details of a security rule.
  2. 選取 [刪除] ,然後選取 [是] 。Select Delete, and then select Yes.

命令Commands

使用應用程式安全性群組Work with application security groups

應用程式安全性群組包含零個或多個網路介面。An application security group contains zero or more network interfaces. 若要深入了解,請參閱應用程式安全性群組To learn more, see application security groups. 應用程式安全性群組內的所有網路介面都必須存在於相同的虛擬網路中。All network interfaces in an application security group must exist in the same virtual network. 若要了解如何將網路介面新增至應用程式安全性群組,請參閱將網路介面新增至應用程式安全性群組To learn how to add a network interface to an application security group, see Add a network interface to an application security group.

建立應用程式安全性群組Create an application security group

  1. 選取 Azure 入口網站左上角的 [+ 建立資源] 。Select + Create a resource on the upper, left corner of the Azure portal.

  2. 在 [搜尋 Marketplace] 方塊中,輸入「應用程式安全性群組」 。In the Search the Marketplace box, enter Application security group. 當搜尋結果中出現 [應用程式安全性群組] 時,請加以選取,在 [所有項目] 下再次選取 [應用程式安全性群組] ,然後選取 [建立] 。When Application security group appears in the search results, select it, select Application security group again under Everything, and then select Create.

  3. 輸入或選取下列資訊,然後選取 [建立] ︰Enter, or select, the following information, and then select Create:

    設定Setting Value
    名稱Name 名稱在資源群組內必須是唯一的。The name must be unique within a resource group.
    SubscriptionSubscription 選取您的訂用帳戶。Select your subscription.
    Resource groupResource group 選取現有資源群組或建立新群組。Select an existing resource group, or create a new one.
    LocationLocation 選取位置Select a location

命令Commands

檢視所有應用程式安全性群組View all application security groups

  1. 在 Azure 入口網站的左上角,選取 [所有服務] 。Select All services on the upper, left corner of the Azure portal.
  2. 在 [所有服務篩選] 方塊中輸入「應用程式安全性群組」 ,然後當 [應用程式安全性群組] 出現在搜尋結果時加以選取。Enter application security groups in the All services Filter box, and then select Application security groups when it appears in the search results.

命令Commands

檢視特定應用程式安全性群組的詳細資料View details of a specific application security group

  1. 在 Azure 入口網站的左上角,選取 [所有服務] 。Select All services on the upper, left corner of the Azure portal.
  2. 在 [所有服務篩選] 方塊中輸入「應用程式安全性群組」 ,然後當 [應用程式安全性群組] 出現在搜尋結果時加以選取。Enter application security groups in the All services Filter box, and then select Application security groups when it appears in the search results.
  3. 選取您想要檢視其詳細資料的應用程式安全性群組。Select the application security group that you want to view the details of.

命令Commands

變更應用程式安全性群組Change an application security group

  1. 在 Azure 入口網站的左上角,選取 [所有服務] 。Select All services on the upper, left corner of the Azure portal.
  2. 在 [所有服務篩選] 方塊中輸入「應用程式安全性群組」 ,然後當 [應用程式安全性群組] 出現在搜尋結果時加以選取。Enter application security groups in the All services Filter box, and then select Application security groups when it appears in the search results.
  3. 選取您想要變更其設定的應用程式安全性群組。Select the application security group that you want to change settings for. 您可以新增或移除標記,或是指派或移除應用程式安全性群組的權限。You can add or remove tags, or assign or remove permissions to the application security group.

刪除應用程式安全性群組Delete an application security group

如果應用程式安全性群組內有網路介面,您便無法刪除該群組。You cannot delete an application security group if it has any network interfaces in it. 藉由變更網路介面設定或刪除網路介面,從應用程式安全性群組移除所有網路介面。Remove all network interfaces from the application security group by either changing network interface settings, or deleting the network interfaces. 如需詳細資料,請參閱在應用程式安全性群組新增或移除網路介面刪除網路介面For details, see Add to or remove a network interface from application security groups or delete a network interface.

  1. 在 Azure 入口網站的左上角,選取 [所有服務] 。Select All services on the upper, left corner of the Azure portal.
  2. 在 [所有服務篩選] 方塊中輸入「應用程式安全性群組」 ,然後當 [應用程式安全性群組] 出現在搜尋結果時加以選取。Enter application security groups in the All services Filter box, and then select Application security groups when it appears in the search results.
  3. 選取您想要刪除的應用程式安全性群組。Select the application security group that you want to delete.
  4. 選取 [刪除] ,然後選取 [是] 刪除應用程式安全性群組。Select Delete, and then select Yes to delete the application security group.

命令Commands

PermissionsPermissions

若要針對網路安全性群組、安全性規則及應用程式安全性群組執行工作,您的帳戶必須指派為網路參與者角色,或為已指派下表所列適當權限的自訂角色To perform tasks on network security groups, security rules, and application security groups, your account must be assigned to the network contributor role or to a custom role that is assigned the appropriate permissions listed in the following tables:

網路安全性群組Network security group

ActionAction 名稱Name
Microsoft.Network/networkSecurityGroups/readMicrosoft.Network/networkSecurityGroups/read 取得網路安全性群組Get network security group
Microsoft.Network/networkSecurityGroups/writeMicrosoft.Network/networkSecurityGroups/write 建立或更新網路安全性群組Create or update network security group
Microsoft.Network/networkSecurityGroups/deleteMicrosoft.Network/networkSecurityGroups/delete 刪除網路安全性群組Delete network security group
Microsoft.Network/networkSecurityGroups/join/actionMicrosoft.Network/networkSecurityGroups/join/action 將網路安全性群組與子網路或網路介面建立關聯Associate a network security group to a subnet or network interface

網路安全性群組規則Network security group rule

ActionAction 名稱Name
Microsoft.Network/networkSecurityGroups/rules/readMicrosoft.Network/networkSecurityGroups/rules/read 取得規則Get rule
Microsoft.Network/networkSecurityGroups/rules/writeMicrosoft.Network/networkSecurityGroups/rules/write 建立或更新規則Create or update rule
Microsoft.Network/networkSecurityGroups/rules/deleteMicrosoft.Network/networkSecurityGroups/rules/delete 刪除規則Delete rule

應用程式安全性群組Application security group

ActionAction 名稱Name
Microsoft.Network/applicationSecurityGroups/joinIpConfiguration/actionMicrosoft.Network/applicationSecurityGroups/joinIpConfiguration/action 將 IP 設定加入至應用程式安全性群組Join an IP configuration to an application security group
Microsoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/actionMicrosoft.Network/applicationSecurityGroups/joinNetworkSecurityRule/action 將安全性規則加入至應用程式安全性群組Join a security rule to an application security group
Microsoft.Network/applicationSecurityGroups/readMicrosoft.Network/applicationSecurityGroups/read 取得應用程式安全性群組Get an application security group
Microsoft.Network/applicationSecurityGroups/writeMicrosoft.Network/applicationSecurityGroups/write 建立或更新應用程式安全性群組Create or update an application security group
Microsoft.Network/applicationSecurityGroups/deleteMicrosoft.Network/applicationSecurityGroups/delete 刪除應用程式安全性群組Delete an application security group

後續步驟Next steps