Copyright (c) 2026 MindMesh Academy. All rights reserved. This content is proprietary and may not be reproduced or distributed without permission.

6.1.2. Application Security Groups

ASGs enable grouping VMs logically for security rules, regardless of IP address.

Without ASGs:
Rule: Allow 10.0.1.5, 10.0.1.6, 10.0.1.7 → 10.0.2.10, 10.0.2.11 on port 443
With ASGs:
Rule: Allow WebServers → DatabaseServers on port 443
Benefits:
  • IP-independent rules (VMs can change IPs)
  • Self-documenting (names describe purpose)
  • Scale without rule modification
Creating ASG-based Rules:
  1. Create ASG (e.g., "WebServers", "DatabaseServers")
  2. Associate VM NICs with ASGs
  3. Reference ASGs in NSG rules
Alvin Varughese
Written byAlvin Varughese
Founder15 professional certifications