A network security group (NSG) contains a list of Access Control List (ACL) rules that allow or deny network traffic to your VMs in a virtual network. NSGs can be associated with either subnets or individual VMs within that subnet. When an NSG is associated with a subnet, the ACL rules apply to all the VMs in that subnet. In addition, traffic to an individual VM can be restricted further by associating a NSG directly to that VM.
You can open a port to a VM by creating a network filter on a subnet or VM network interface. You can then place these filters, which control both inbound and outbound traffic, on an NSG attached to the resource that receives the traffic.
Aster deployment in Azure requires creating new security group. You must have the permission to create new security groups.
For more information on filtering network traffic with network security groups, access Azure Documentation Center, select Services tab. In the Virtual Network documentation section under Networking menu, search for Network Security Groups under Plan and design.