General Question on Azure VM Network Setting

Question

Hello Team,

I just have a basic question and i am totally new to Azure. I signed up for a free account and using the free account i created a Windows 10 basic VM in a particular Resource Group. I see that along with the VM other default resources like NSG, public IP, Virtual Network, Network Interface, Disk were created. I was able to login into the VM using an RDP connection and now my question is:

1. When i open Google.com from the edge browser inside VM, i am able to access it. I want to disable it, so that i should not be able to access any website from the VM. Do i need to configure the Inbound or Outbound rule for it.
2. What is the meaning of Public and Private IP address that i see when i create a VM. What is the major difference between them.

Answer 1

Hi Baldeep Singh Nagi, Creating a VM in Azure is just like creating a physical computer you have all those stuff, NIC, Public Ip, disks and the others created alongside it. Now to answer your question: 1. To prevent your VM from receiving traffic from the internet, you should create Network Security Group rule that blocks inbound traffic from either Https or Http. 2. In Azure, you can use two types of IP addresses: Public IP addresses. Private IP addresses Use a public IP address for public-facing service mostly for accessing the internet. Private IP addresses are used for communication within an Azure Virtual Network, including virtual networks and your on-premises networks. For reference: https://learn.microsoft.com/en-us/training/modules/design-ip-addressing-for-azure/3-azure-public-private-ip-addressing

Answer 2

Hello @Anonymous

Greetings!

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

As Josh had provided a detailed answer which has clear steps for which you are looking for,

In the meantime, you may look into this which could help to resolve the issue.

To prevent your Windows 10 VM from accessing the internet, you will need to configure the Network Security Group (NSG) associated with the VM's network interface or subnet. Specifically, you will need to create an Outbound rule to block internet access as you can see the below diagram.

You can find the Network Security Group resource in the Network Settings tab by scrolling down.

Steps to Block Internet Access:

1. Outbound Security Rules:
   • Click on "Outbound security rules" in the NSG settings.
   • Click on "+ Add" to create a new rule.
   • Set the following parameters:
   • Source: Any
   • Source port ranges: *
   • Destination: Internet
   • Destination port ranges: 80, 443 (these are the standard ports for HTTP and HTTPS)
   • Protocol: TCP
   • Action: Deny
   • Priority: Set a priority number (lower numbers have higher priority; make sure it’s lower than any existing allow rules).
   • Name: Give it a descriptive name (e.g., "Deny-Internet-Access").
2. Save the Rule: Click "Add" to save the new rule.

After this, your VM should no longer be able to access the internet.

Refer: https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview

NOTE: When you create a VM in Azure, it is assigned both a Public IP address and a Private IP address. Here’s what they mean:

Public IP Address: This is an IP address that is accessible from the internet. It allows your VM to communicate with external networks, including the internet.

Private IP Address: This is an IP address that is used for communication within the Azure Virtual Network (VNet) and is not accessible from the internet.

By configuring the NSG to block outbound traffic, you can prevent your VM from accessing the internet

---

I hope this has been helpful!

Your feedback is important so please take a moment to accept answers. If you still have questions, please let us know what is needed in the comments so the question can be answered. Thank you for helping to improve Microsoft Q&A!

Please accept an answer if correct. Original posters help the community find answers faster by identifying the correct answer. Here is how.