Forum Discussion
MS Guidance on NSGs on NICs vs on Subnets
I'm looking for any MS best practices around NSGs on network cards and I can't seem to find any. I've found the NSG best practices but I haven't found any on if it's best practice to have NSGs on just the subnet or the subnet and the NIC. I'm leaning toward just the subnet. Thoughts?
Here is what I've found so far
https://docs.microsoft.com/en-us/azure/security/fundamentals/network-best-practices
1 Reply
- In my view NSG on subnet rather than NIC is more preferable from both security and managibility perspective. In some special cases you can use NSG on NIC where a particular vm needs to be protected further. However, I would prefer to have multiple small subnets in a vnet and manage security on subnet level.
