Network Security Group microsoft.network/networksecuritygroups Azure Resource type

Network Security Group - Microsoft Azure Resource type
microsoft.network/networksecuritygroups

Resource provider (RP) - Microsoft Network [Microsoft.Network]
RP	Microsoft.Network
RP display name	Microsoft Network
RP Resource types	Resource types: 428
RP aliases	RP aliases: 19503
RP Azure Policy	Azure Policy definitions: 427 • if: 379 • then.deployment: 180 • then.details: 2 • then.existenceCondition: 57 • then.operations: 0
RP RBAC operations	RP RBAC operations: 1014 • RP RBAC operationType action: 265 • RP RBAC operationType delete: 183 • RP RBAC operationType read: 361 • RP RBAC operationType write: 205
RP RBAC Roles & Operation actions	Unique RBAC Roles: 72 • RBAC Roles with action operationType: 40 • RBAC Roles with delete operationType: 23 • RBAC Roles with read operationType: 65 • RBAC Roles with write operationType: 40
RP related 1st party Service Principals	RP related 1st party Service Principals: 15 • NFV Resource Provider (appId: 328fd23b-de6e-462c-9433-e207470a5727) [ JSON;CSV] • NetworkVerifier (Microsoft Azure Vnet Verifier) (appId: 6e02f8e9-db9b-4eb5-aa5a-7c8968375f68) [ JSON;CSV] • NetworkTrafficAnalyticsService (appId: 1e3e4475-288f-4018-a376-df66fd7fac5f) [ JSON;CSV] • Networking-MNC (AzureVirtualNetworkManager) (appId: 6d057c82-a784-47ae-8d12-ca7b38cf06b4) [ JSON;CSV] • networkcopilotRP (appId: d66e9e8e-53a4-420c-866d-5bb39aaea675) [ JSON;CSV] • Network Watcher (appId: 7c33bfcb-8d33-48d6-8e60-dc6404003489) [ JSON;CSV] • Microsoft Azure Network Copilot (appId: 40c49ff3-c6ae-436d-b28e-b8e268841980) [ JSON;CSV] • IpAddressManager (Microsoft Azure IPAM) (appId: 60b2e7d5-a27f-426d-a6b1-acced0846fdf) [ JSON;CSV] • GatewayRP (appId: 486c78bf-a0f7-45f1-92fd-37215929e116) [ JSON;CSV] • AzureDnsFrontendApp (appId: a0be0c72-870e-46f0-9c49-c98333a996f7) [ JSON;CSV] • Azure Traffic Manager and DNS (appId: 2cf9eb86-36b5-49dc-86ae-9a63135dfa8c) [ JSON;CSV] • Azure Support - Network Watcher (appId: 341b7f3d-69b3-47f9-9ce7-5b7f4945fdbd) [ JSON;CSV] • Azure DNS Managed Resolver (appId: b4ca0290-4e73-4e31-ade0-c82ecfaabf6a) [ JSON;CSV] • Azure DNS (appId: 19947cfd-0303-466c-ac3c-fcc19a7a1570) [ JSON;CSV] • Azure Bastion (appId: 79d7fb34-4bef-4417-8184-ff713af7a679) [ JSON;CSV]
All Azure RPs	• Microsoft Learn • AzResourceTypesAdvertizer (Microsoft only)

Resource provider (RP) - Microsoft Network [Microsoft.Network]

Microsoft.Network

RP display name

Microsoft Network

RP Resource types

Resource types: 428

RP aliases

RP aliases: 19503

RP Azure Policy

Azure Policy definitions: 427
• if: 379
• then.deployment: 180
• then.details: 2
• then.existenceCondition: 57
• then.operations: 0

RP RBAC operations

RP RBAC operations: 1014
• RP RBAC operationType action: 265
• RP RBAC operationType delete: 183
• RP RBAC operationType read: 361
• RP RBAC operationType write: 205

RP RBAC Roles & Operation actions

Unique RBAC Roles: 72
• RBAC Roles with action operationType: 40
• RBAC Roles with delete operationType: 23
• RBAC Roles with read operationType: 65
• RBAC Roles with write operationType: 40

RP related 1st party Service Principals

RP related 1st party Service Principals: 15

• NFV Resource Provider (appId: 328fd23b-de6e-462c-9433-e207470a5727) [ JSON;CSV]
• NetworkVerifier (Microsoft Azure Vnet Verifier) (appId: 6e02f8e9-db9b-4eb5-aa5a-7c8968375f68) [ JSON;CSV]
• NetworkTrafficAnalyticsService (appId: 1e3e4475-288f-4018-a376-df66fd7fac5f) [ JSON;CSV]
• Networking-MNC (AzureVirtualNetworkManager) (appId: 6d057c82-a784-47ae-8d12-ca7b38cf06b4) [ JSON;CSV]
• networkcopilotRP (appId: d66e9e8e-53a4-420c-866d-5bb39aaea675) [ JSON;CSV]
• Network Watcher (appId: 7c33bfcb-8d33-48d6-8e60-dc6404003489) [ JSON;CSV]
• Microsoft Azure Network Copilot (appId: 40c49ff3-c6ae-436d-b28e-b8e268841980) [ JSON;CSV]
• IpAddressManager (Microsoft Azure IPAM) (appId: 60b2e7d5-a27f-426d-a6b1-acced0846fdf) [ JSON;CSV]
• GatewayRP (appId: 486c78bf-a0f7-45f1-92fd-37215929e116) [ JSON;CSV]
• AzureDnsFrontendApp (appId: a0be0c72-870e-46f0-9c49-c98333a996f7) [ JSON;CSV]
• Azure Traffic Manager and DNS (appId: 2cf9eb86-36b5-49dc-86ae-9a63135dfa8c) [ JSON;CSV]
• Azure Support - Network Watcher (appId: 341b7f3d-69b3-47f9-9ce7-5b7f4945fdbd) [ JSON;CSV]
• Azure DNS Managed Resolver (appId: b4ca0290-4e73-4e31-ade0-c82ecfaabf6a) [ JSON;CSV]
• Azure DNS (appId: 19947cfd-0303-466c-ac3c-fcc19a7a1570) [ JSON;CSV]
• Azure Bastion (appId: 79d7fb34-4bef-4417-8184-ff713af7a679) [ JSON;CSV]

All Azure RPs

• Microsoft Learn
• AzResourceTypesAdvertizer (Microsoft only)

RT information

microsoft.network/networksecuritygroups

RT display name

Network Security Group

RT type only
(without RP)

networkSecurityGroups

RT sub- Resource types

sub-Resource types: 4

RT schema

RT schema API versions: 55

• 2024-05-01
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-08-01
• 2021-05-01
• 2021-03-01
• 2021-02-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2019-12-01
• 2019-11-01
• 2019-09-01
• 2019-08-01
• 2019-07-01
• 2019-06-01
• 2019-04-01
• 2019-02-01
• 2018-12-01
• 2018-11-01
• 2018-10-01
• 2018-08-01
• 2018-07-01
• 2018-06-01
• 2018-04-01
• 2018-02-01
• 2018-01-01
• 2017-11-01
• 2017-10-01
• 2017-09-01
• 2017-08-01
• 2017-06-01
• 2017-03-30
• 2017-03-01
• 2016-12-01
• 2016-09-01
• 2016-06-01
• 2016-03-30
• 2015-06-15
• 2015-05-01-preview

All Microsoft Azure RTs

AzResourceTypesAdvertizer

Aliases and Azure Policy

Aliases

aliases: 841

Azure Policy

Azure Policy definitions: 27
• if: 27
• then.deployment: 1
• then.details: 0
• then.existenceCondition: 0
• then.operations: 0

RBAC Operations and Roles & Roles related operation actions

RBAC operations

RBAC operations: 4
• RBAC operationType action: 1
• RBAC operationType delete: 1
• RBAC operationType read: 1
• RBAC operationType write: 1

RBAC Roles & Operation actions

Unique RBAC Roles: 37
• RBAC Roles with action operationType: 20
• RBAC Roles with delete operationType: 8
• RBAC Roles with read operationType: 30
• RBAC Roles with write operationType: 10

Capabilities & Locations

Diagnostic logs

True
log-categories

Azure Resource Diagnostic settings metrics

Diagnostic metrics

False

Customer-managed key (CMK) [experimental]

Unknown
• Enforce Encryption with a customer-managed key (CMK) at scale

System-Assigned-Resource-Identity

False

Cross-ResourceGroup-Resource-Move

True

Cross-Subscription-Resource-Move

True

Tags

True

Extension

False

Private-Endpoint

False

Supported Locations for Private-Endpoint

n/a

Non supported Locations for Private-Endpoint

n/a

Location

True

Locations

Locations: 43
australiacentral, australiaeast, australiasoutheast, brazilsouth, canadacentral, canadaeast, centralindia, centralus, eastasia, eastus, eastus2, francecentral, germanywestcentral, indonesiacentral, israelcentral, italynorth, japaneast, japanwest, koreacentral, koreasouth, mexicocentral, newzealandnorth, northcentralus, northeurope, norwayeast, polandcentral, qatarcentral, southafricanorth, southcentralus, southeastasia, southindia, spaincentral, swedencentral, switzerlandnorth, uaenorth, uksouth, ukwest, westcentralus, westeurope, westindia, westus, westus2, westus3

Not locations

Not locations: 54
asia, asiapacific, australia, australiacentral2, brazil, brazilsoutheast, brazilus, canada, centraluseuap, centralusstage, eastasiastage, eastus2euap, eastus2stage, eastusstage, eastusstg, europe, france, francesouth, germany, germanynorth, global, india, indonesia, israel, italy, japan, jioindiacentral, jioindiawest, korea, mexico, newzealand, northcentralusstage, norway, norwaywest, poland, qatar, singapore, southafrica, southafricawest, southcentralusstage, southcentralusstg, southeastasiastage, spain, sweden, switzerland, switzerlandwest, taiwan, uae, uaecentral, uk, unitedstates, unitedstateseuap, westus2stage, westusstage

Assessment tooling

Azure Advisor

Azure Advisor recommendations: 1
• OperationalExcellence [High] Enable Traffic Analytics to view insights into traffic patterns across Azure resources

Azure Proactive Resilience Library v2 (APRLv2)

Azure Proactive Resilience Library v2 recommendations: 2
• MonitoringAndAlerting [Low] Monitor changes in Network Security Groups with Azure Monitor
• MonitoringAndAlerting [Medium] Configure Diagnostic Settings for all network security groups

PSRule for Azure

PSRule for Azure rules: 6
• Cost Optimization [Awareness] Associate NSGs or clean them up
• Operational Excellence [Awareness] No custom NSG rules for AKS managed NSGs
• Operational Excellence [Awareness] Use valid NSG names
• Reliability [Important] Network Security Group denies all inbound traffic
• Security [Critical] Avoid rules that allow any as an inbound source
• Security [Important] Limit lateral traversal within subnets

Azure Quick Review (AZQR)

Azure Quick Review (AZQR) recommendations: 7
• Governance [Low] NSG Name should comply with naming conventions
• Governance [Low] NSG should have tags
• Governance [Medium] Network Security Groups not attached to any network interface or subnet
• HighAvailability [High] NSG SLA
• MonitoringAndAlerting [Low] Monitor changes in Network Security Groups with Azure Monitor
• MonitoringAndAlerting [Low] NSG should have diagnostic settings enabled
• Security [Medium] The NSG only has Default Security Rules, make sure to configure the necessary rules

Infrastructure as Code (IaC)

ARM (Azure Resource Manager) templates

ARM (Azure Resource Manager) template API versions: 55
• latest

Bicep templates

Bicep template API versions: 55
• latest

Terraform provider

Terraform providers: 2
• network_interface_security_group_association
• network_security_group

AzAPI Terraform templates

AzAPI Terraform template API versions: 55
• latest

Pulumi provider

Pulumi providers: 1
• network/networksecuritygroup

OpenTofu provider

OpenTofu TF providers: 2
• network_interface_security_group_association
• network_security_group

Azure Verified Modules (AVM) Bicep

Network Security Group

Azure Verified Modules (AVM) Terraform

• GitHub: Network Security Group
• Terraform registry: Network Security Group

REST-API (Representational State Transfer - Application Programming Interface)

REST-API versions

REST-API versions: 68

• 2024-07-01
• 2024-05-01
• 2024-03-01
• 2024-01-01
• 2023-11-01
• 2023-09-01
• 2023-06-01
• 2023-05-01
• 2023-04-01
• 2023-02-01
• 2022-11-01
• 2022-09-01
• 2022-07-01
• 2022-05-01
• 2022-01-01
• 2021-12-01
• 2021-08-01
• 2021-06-01
• 2021-05-01
• 2021-04-01
• 2021-03-01
• 2021-02-01
• 2021-01-01
• 2020-11-01
• 2020-08-01
• 2020-07-01
• 2020-06-01
• 2020-05-01
• 2020-04-01
• 2020-03-01
• 2020-01-01
• 2019-12-01
• 2019-11-01
• 2019-09-01
• 2019-08-01
• 2019-07-01
• 2019-06-01
• 2019-04-01
• 2019-02-01
• 2018-12-01
• 2018-11-01
• 2018-10-01
• 2018-08-01
• 2018-07-01
• 2018-06-01
• 2018-05-01
• 2018-04-01
• 2018-03-01
• 2018-02-01
• 2018-01-01
• 2017-11-01
• 2017-10-01
• 2017-09-01
• 2017-08-01
• 2017-06-01
• 2017-04-01
• 2017-03-01
• 2016-12-01
• 2016-11-01
• 2016-10-01
• 2016-09-01
• 2016-08-01
• 2016-07-01
• 2016-06-01
• 2016-03-30
• 2015-06-15
• 2015-05-01-preview
• 2014-12-01-preview

REST-API version default

2020-03-01

API profiles

API profiles: 4
• 2017-10-01;2019-03-01-hybrid
• 2017-10-01
• 2017-03-09-profile
• 2015-06-15;2018-03-01-hybrid

Resource naming

Azure Naming Tool

The Azure Naming Tool was created to help administrators define and manage their naming conventions, while providing a simple interface for users to generate a compliant name.

Resource naming details

{
  "property": "",
  "ShortName": "nsg",
  "scope": "resource group",
  "lengthMin": "1",
  "lengthMax": "80",
  "validText": "Alphanumerics, underscores, periods, and hyphens. Start with alphanumeric. End alphanumeric or underscore.",
  "invalidText": "",
  "invalidCharacters": "",
  "invalidCharactersStart": "",
  "invalidCharactersEnd": "",
  "invalidCharactersConsecutive": "",
  "regx": "^(?:[a-zA-Z0-9]|[a-zA-Z0-9][a-zA-Z0-9_\\.-]{0,78}[a-zA-Z0-9_])$",
  "staticValues": ""
}

Network Security Group - Microsoft Azure Resource typemicrosoft.network/networksecuritygroups

Network Security Group - Microsoft Azure Resource type
microsoft.network/networksecuritygroups