You are the administrator of the Contoso financial group. You are responsible for networking of all VMs in the "Production" Resource Group. You recently created 2 different subnets, 10.0.2.0/24 and 10.0.1.0/24 on the main network which has an address space of 10.0.0.0/16. You move one VM named "Red" in the 10.0.2.0/24 subnet and the other VM named "blue" to the 10.0.1.0/24 subnet. You notice that the VMs can still communicate with each other even though they are on different subnets, how do you stop the VMs from communicating with minimal costs incurred?
Implementing an NSG and blocking traffic to and from each VM is correct as this is possible and does not incur any additional costs. UDR will not suffice, as this is used to force all specific traffic to a specific node on the network. Static routing tables on the VMs will not suffice as this is not the recommended way to handle the flow of traffic. Implementing an NGFW will suffice however, it will incur additional costs.