You are viewing a free preview of this lesson.
Subscribe to unlock all 10 lessons in this course and every other course on LearningBro.
Networking is fundamental to how Azure VMs communicate — with each other, with on-premises resources, and with the internet. This lesson covers the key networking components attached to every VM: Network Interface Cards, Network Security Groups, and Public IP addresses.
A Network Interface Card (NIC) is the bridge between a VM and an Azure Virtual Network (VNet). Every VM must have at least one NIC.
| Property | Description |
|---|---|
| Private IP address | Assigned from the VNet subnet range. Used for internal communication. |
| Public IP address | Optional. Provides internet-facing connectivity. |
| Subnet | The NIC is associated with a specific subnet within a VNet. |
| NSG | An optional Network Security Group can be associated at the NIC level. |
| DNS settings | Custom DNS servers can be configured per NIC. |
| IP forwarding | Disabled by default. Enable for network virtual appliances (NVAs). |
Some VM sizes support multiple NICs, which is useful for:
The number of NICs a VM supports depends on its size:
| VM Size | Max NICs |
|---|---|
| Standard_B1s | 2 |
| Standard_D2s_v5 | 2 |
| Standard_D4s_v5 | 2 |
| Standard_D8s_v5 | 4 |
| Standard_D16s_v5 | 8 |
Private IPs can be assigned using two methods:
| Method | Description |
|---|---|
| Dynamic | Azure assigns the next available IP from the subnet range. The IP may change if the VM is deallocated and restarted. |
| Static | You specify a fixed IP. It persists across deallocations. Use for DNS servers, domain controllers, and applications that require stable IPs. |
# Create a NIC with a static private IP
az network nic create \
--resource-group rg-vm-demo \
--name myNIC \
--vnet-name myVNet \
--subnet backend \
--private-ip-address 10.0.2.10
A Network Security Group acts as a virtual firewall, controlling inbound and outbound traffic to network interfaces and subnets.
Each NSG contains a list of security rules evaluated by priority (100–4096). Lower numbers have higher priority and are evaluated first.
| Property | Description |
|---|---|
| Name | A descriptive name for the rule |
| Priority | 100–4096. Lower = evaluated first |
| Source | IP address, CIDR range, service tag, or application security group |
| Destination | IP address, CIDR range, service tag, or application security group |
| Port | Single port, range, or * (all ports) |
| Protocol | TCP, UDP, ICMP, or * (any) |
| Action | Allow or Deny |
| Direction | Inbound or Outbound |
Every NSG includes default rules that cannot be deleted:
Inbound defaults:
Outbound defaults:
Subscribe to continue reading
Get full access to this lesson and all 10 lessons in this course.