Add "LocalSubnet" and "GateWay" tags to NSG.
Our subnets rules always have a "Deny All" rule with a priority of 4096 to override the default rule with priority 65000 which allows all VNET traffic. We want to allow all traffic within the same local subnet and all traffic from the Gateway subnet. It would be handy to have tags for these subnets without having to resort to CIDR ranges for each subnet.
Jeff Reed commented
I meant "GatewaySubnet" as the tag, as opposed to "Gateway"