Hello @Kishore ,
Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.
Could you please provide more clarity on your setup and requirement?
From the above steps, I understand that you have a requirement of 2 VMs but are those 2 VMs in the same Vnet or different Vnets?
For restricting demoVM1's access to only Facebook and YouTube, implement URL filtering rules on the network device or use a firewall policy that only allows these URLs.
This can be achieved using Azure Firewall in the Vnet and creating application rules to allow selected URLs and deny rest.
https://learn.microsoft.com/en-us/azure/firewall/policy-rule-sets
https://learn.microsoft.com/en-us/azure/firewall/rule-processing
To create a shared folder on demoVM2
I'm not sure about the exact requirement but you can follow the below thread and documents for setting up a file server in an Azure VM:
https://learn.microsoft.com/en-us/azure/storage/files/storage-files-quick-create-use-windows
https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows
To allow all URLs except YouTube and Facebook on demoVM2, configure a blacklist policy on the network device or firewall to block these specific URLs.
The same solution as VM1. You can use Azure Firewall to filter the required traffic.
For RDP configuration, allow demoVM2 RDP access to demoVM1 by configuring the appropriate inbound rules.
This can also be achieved through the Azure Firewall. You can configure network rules to allow the RDP traffic. Additionally, you need to make sure that NSG and the VM2's OS firewall allows this traffic.
Prevent demoVM1 from accessing demoVM2 by not setting up corresponding inbound rules on demoVM2.
To prevent traffic, you can use NSG inbound rule to deny the traffic to VM2.
Regards,
Gita