You have an Azure subscription that contains the resources in the following table.
***
Name: VNet1,??????????????????Type: Virtual network,????????Details: Not applicable
Name: Subnet1,????????????????Type: Subnet,?????????????????Details: Hosted on VNet1
Name: VM1,????????????????????Type: Virtual machine,????????Details: On Subnet1
Name: VM2,????????????????????Type: Virtual machine,????????Details: On Subnet1
***
VM1 and VM2 are deployed from the same template and host line-of-business applications accessed by using Remote Desktop.
You need to prevent users of VM2 and VM2 from accessing websites on the Internet over TCP port 80.
What should you do?
You can associate or dissociate a network security group from a network interface or subnet.
The NSG has the appropriate rule to block users from accessing the Internet. We just need to associate it with Subnet1.