To get started, we will need a VNet with a subnet created. You need a subnet because NSGs are applied on the subnet level. To create a VNet with a subnet, you can use the following Azure CLI or PowerShell commands.
You can use the following commands in the CLI (see the Creating and configuring VNet-to-VNet connection section for reference):
$ az network vnet create -g myResourceGroup -n vnetName
$ az network vnet subnet create -g myResourceGroup --vnet-name vnetName -n subnetName --address-prefixes 10.0.0.0/16
Alternatively, you can use the following commands in PowerShell. They use the same parameters as the Azure CLI command—the only difference is the syntax:
$vnet = New-AzVirtualNetwork -AddressPrefix 10.0.0.0/16 -Location location -Name vnetName -ResourceGroupName myResourceGroup
Add-AzVirtualNetworkSubnetConfig -AddressPrefix 10.0.0.0/16 -Name subnetname-VirtualNetwork $vnet
Once both the VNet and subnet are created, we are ready to create an NSG for them.