AZ-800 Administering Windows Server Hybrid Core Infrastructure Exam

Network Interface and Security Configuration

Each Azure virtual machine (VM) uses a network interface to connect to other resources in the cloud or on-premises. A VM can have one or more NICs, and each NIC holds settings like IP configuration, subnet assignment, and MAC address. Configuring multiple NICs can improve network performance and allow VMs to separate traffic for different applications. You can manage NICs through the Azure portal, PowerShell, or the Azure CLI.

Network Security Groups (NSGs) are sets of access control rules that help filter network traffic. They include inbound and outbound rules, each defined by:

• Protocol
• Port ranges
• Address prefixes
• Direction
• Priority and access type

NSGs can be attached to either NICs or subnets, so they protect individual VMs or all VMs in a subnet. Default rules always exist, but you can add custom rules to fine-tune which packets are allowed or denied.

Azure Load Balancer helps distribute incoming traffic evenly across multiple VMs to ensure high availability. It uses a frontend IP configuration to receive traffic and a backend address pool to send requests to healthy VMs. Health probes check the status of each VM so the load balancer stops sending traffic to any instance that is not responding. You define load-balancing rules to map specific ports and protocols from the frontend to the backend pool.

When creating a VM, Azure assigns a dynamic IP address by default from the subnet’s range. You can switch to a static IP if you need a fixed address; this helps with consistent DNS entries or special routing scenarios. To add or remove a NIC, the VM must be in a Stopped (deallocated) state before you make changes. After that, you can update NIC settings in the portal, with PowerShell, or the Azure CLI.

By default, Azure VMs use Azure’s DNS server for name resolution, but you can specify custom DNS settings in your virtual network. VMs can communicate within the same subnet or across subnets via virtual network routing, and you can connect to on-premises networks using site-to-site VPN or ExpressRoute. To validate and troubleshoot network issues, use Azure Network Watcher, which offers tools like connection monitors and packet captures. These features help you diagnose latency or connectivity problems quickly and maintain a healthy network environment.

Conclusion

In summary, managing Azure VM network configuration involves setting up and controlling network interfaces, applying Network Security Groups rules, and ensuring traffic flows through load balancers when needed. You also handle IP assignments, choose between dynamic and static addresses, and configure DNS and connectivity options for both internal and external communication. Finally, using Azure Network Watcher lets you monitor and troubleshoot your network setup so you can maintain reliable and secure virtual environments.