# Azure Tutorial: Building Virtual Machines and Managing Network Security Groups This is the continue of [https://hashnode.com/post/cm8v7ntxi000209kw2xpm2tp7](https://hashnode.com/post/cm8v7ntxi000209kw2xpm2tp7) To help you further understand Azure networking, let’s walk through a practical example of creating **Virtual Machines (VMs)**, **Network Security Groups (NSGs)**, and configuring necessary resources via **Azure CLI**. #### **Step 1: Setting Up Your Azure Environment** Before starting, ensure you're logged into your Azure account: ```bash az login ``` Set your desired subscription if necessary: ```bash az account set --subscription "your-subscription-name" ``` #### **Step 2: Create a Resource Group** A **Resource Group** is needed to organize and manage the Azure resources. Use the following command to create one: ```bash az group create --name MyResourceGroup --location eastus ``` #### **Step 3: Create a Virtual Network (VNet) and Subnet** Now, we’ll create a **Virtual Network (VNet)** with a **subnet**: ```bash az network vnet create --resource-group MyResourceGroup --name MyVNet --address-prefix 10.0.0.0/16 --subnet-name MySubnet --subnet-prefix 10.0.0.0/24 ``` This command creates a VNet with the address space `10.0.0.0/16` and a subnet `MySubnet` within it. #### **Step 4: Create a Network Security Group (NSG)** To ensure proper security, we'll create a **Network Security Group (NSG)**: ```bash az network nsg create --resource-group MyResourceGroup --name MyNSG ``` #### **Step 5: Define Inbound Traffic Rules for NSG** To allow HTTP traffic (port 80) and deny all other inbound traffic, use the following commands: **Allow HTTP traffic:** ```bash az network nsg rule create --resource-group MyResourceGroup --nsg-name MyNSG --name Allow-HTTP --protocol tcp --priority 100 --destination-port-range 80 --access Allow --direction Inbound ``` **Deny all other inbound traffic:** ```bash az network nsg rule create --resource-group MyResourceGroup --nsg-name MyNSG --name Deny-All-Inbound --protocol '*' --priority 200 --access Deny --direction Inbound ``` #### **Step 6: Create a Public IP Address** Next, we need a **Public IP** for the VM: ```bash az network public-ip create --resource-group MyResourceGroup --name MyPublicIP --allocation-method Dynamic ``` #### **Step 7: Create a Network Interface (NIC)** We will create a **Network Interface (NIC)** and associate it with the **Public IP** and **NSG**: ```bash az network nic create --resource-group MyResourceGroup --name MyNIC --vnet-name MyVNet --subnet MySubnet --network-security-group MyNSG --public-ip-address MyPublicIP ``` #### **Step 8: Create the Virtual Machine (VM)** Now, let’s create a **Virtual Machine** and associate it with the **NIC** created earlier: ```bash az vm create --resource-group MyResourceGroup --name MyVM --nics MyNIC --image UbuntuLTS --admin-username azureuser --admin-password 'YourPasswordHere' --size Standard_B1s --public-ip-address-dns-name myvm-public-ip ``` This command creates a **VM** named `MyVM` running **Ubuntu LTS**, and associates it with `MyNIC`. You can connect to it using SSH. #### **Step 9: Verify VM Setup** You can verify the **Public IP** assigned to your VM using the following command: ```bash az vm show --resource-group MyResourceGroup --name MyVM --query "publicIps" ``` #### **Step 10: Connect to Your VM** For **Linux VMs**, you can SSH into the VM using the **Public IP** or **DNS name**: ```bash ssh azureuser@ ``` #### **Step 11: Clean Up Resources** Once you’re done testing, you can delete all the resources to avoid unnecessary charges: ```bash az group delete --name MyResourceGroup --yes --no-wait ``` This command deletes the **Resource Group** and all resources within it. Thank you :)