Allow public network access to Azure virtual machines

If you are running virtual machines on Azure, the need to allow public Internet access to one of your virtual machines might arise. In traditional on-premises infrastructure, you would create port forwarding rules on the edge firewall, and open up Windows' own firewall to allow network traffic to a certain port or ports.

When your virtual machine works on Azure, the idea is roughly the same, but implementation is different. First, you need to understand that inside Azure, your virtual machine belongs to something called a network security group. Inside this security group, you can specify both inbound and outbound rules, which is the same kind of idea as firewall rule changed would be.

Under the security group, you will find an section to specify inbound security rules. There, you can enable (almost) any TCP port to accept traffic on your public network interface. By default, for Windows virtual machines, the RDP (Remote Desktop Protocol) port 3389 is already open.

Should you want to open, say, the HTTP port for the IIS web server to work, you'd add a new rule for port 80 or 443. For more details, check out the documentation.

Hope this helps!