Associating NSG to VM instead of Subnet

Julie M 526 Reputation points
2022-03-22T14:46:42.21+00:00

Dear All,

We have a Azure virtual Desktop infra. We have created a NSG rule and associated with the individual VM NICs.

The subnet is shared with other Azure services, so we are unable to attach at the subnet level.

Now, part of monthly patching we may have to delete the VMs and recreate using the updated Master image. The entire process will be done using Azure Devops.

Query: I need to automate the process of associating the NSG with individual VM nics after the VM creation. Could someone help on this?

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,111 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,548 questions
Azure Virtual Desktop
Azure Virtual Desktop
A Microsoft desktop and app virtualization service that runs on Azure. Previously known as Windows Virtual Desktop.
1,599 questions
{count} votes

Accepted answer
  1. Alan Kinane 16,911 Reputation points MVP
    2022-03-23T11:55:47.967+00:00

    You can use PowerShell or ARM templates (JSON) to achieve this.

    Yes, I agree with Eric. I suspect the easiest option for you given that you already have your NSG resource created is to get the resource ID of this and pass it in to your ARM template as a parameter and then associate this to the new network interface resource in the JSON as in the below example (lines 28-30).

           {
                "name": "[parameters('networkInterfaceName')]",
                "type": "Microsoft.Network/networkInterfaces",
                "apiVersion": "2021-03-01",
                "location": "[parameters('location')]",
                "dependsOn": [
                    "[concat('Microsoft.Network/publicIpAddresses/', parameters('publicIpAddressName'))]"
                ],
                "properties": {
                    "ipConfigurations": [
                        {
                            "name": "ipconfig1",
                            "properties": {
                                "subnet": {
                                    "id": "[variables('subnetRef')]"
                                },
                                "privateIPAllocationMethod": "Static",
                                "publicIpAddress": {
                                    "id": "[resourceId(resourceGroup().name, 'Microsoft.Network/publicIpAddresses', parameters('publicIpAddressName'))]",
                                    "properties": {
                                        "deleteOption": "[parameters('pipDeleteOption')]"
                                    }
                                }
                            }
                        }
                    ],
                    "enableAcceleratedNetworking": "[parameters('enableAcceleratedNetworking')]",
                    "networkSecurityGroup": {
                        "id": "[parameters('nsgId')]"
                    }
                }
    
    1 person found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Eric Boyd 341 Reputation points Microsoft Regional Director
    2022-03-23T03:58:05.897+00:00

    Hi @Julie M

    We automate all of our Azure Virtual Desktop deployments for customers using Azure Resource Manager (ARM) templates or Bicep. You can associate an existing Network Security Group by Id with the NIC of the VM, or you can create the Network Security Group and configure the security rules inline too.

    Here's the ARM/Bicep reference documentation for the Microsoft.Network/networkinterfaces resource type and you specifically want to look for the networkSecurityGroup property. https://learn.microsoft.com/en-us/azure/templates/microsoft.network/networkinterfaces?tabs=bicep#networkinterfacepropertiesformat

    1 person found this answer helpful.

  2. Julie M 526 Reputation points
    2022-03-24T01:41:14.447+00:00

    Thanks a lot @Alan Kinane and anonymous user for your help.

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.