An Azure Network Security Group (NSG) is a core component of Microsoft Azure’s security fabric. Leveraging an NSG, you can filter traffic to and from Azure resources that you have commissioned on an Azure Virtual Network (VNet).
At its core, an NSG provides access control rules you assign to an Azure resource. It inspects inbound and outbound traffic and uses these rules, grouped into inbound and outbound, to determine whether it should grant or deny access to a particular network packet.
Azure NSGs control access and manage communication between individual workloads, connectivity between on-premises environments and Azure, and connections to and from the Internet. A standard Azure subscription can have up to 5,000 NSGs, and each NSG can have a maximum of 1,000 rules.
Although Azure NSGs offer adequate security, they do have some limitations. Microsoft offers Azure Firewall, a highly available, managed service providing additional security features relevant to some use cases.
To learn more about how this works, and the impact to your cloud costs, check out the Microsoft Azure NSG article in our Guide to Azure Cost Optimization.