Apply NSG at subnet without applying to NICs
Provide ability to apply an NSG at the subnet level that is NOT applied to each individual NIC as is currently the case.
Say I have five subnets and want to block all inbound traffic to subnet A from the other subnets except for one port.
If I apply a deny all rule to VirtualNetwork, this blocks all communication between VMs in subnet A which breaks cluster type setups unless explicit allow rules are added.
If I don't apply a deny all rule I have to explicitly add the other subnets as deny, but if another subnet is added it will automatically gain access to subnet A.
This means a subnet's default position is insecure and it's not possible to secure it without causing additional work and complications within the subnet itself.
Thanks for the feedback, please use a security rule to allow subnet to subnet traffic to prevent misconfigurations, we’ll take the feedback and evaluate how to incorporate in future improvements