Az Lab vnet default, NSG 1 on subnet, and NSG 2 on VM

vnet004799-> vm-subnet (West Europe )

vmserver01
Standard B2ms (2 vcpus, 8 GiB memory)
Public inbound ports-> None

Networking
vnet004799-> vm-subnet (West Europe )
NIC NSG -> Basic
Public IP

Public inbound ports-> None

Default NSG


65000 AllowVnetInBound
65001 AllowAzureLoadBalancerInBound
65500 DenyAllInBound

65000 AllowVnetOutBound
65001 AllowInternetOutBound
65500 DenyAllOutBound

RDP is denied

Add NSG on vnet004799-> vm-subnet (West Europe )

Same set of default rules, lets add RDP with correct information

Add NSG to the subnet

Attached to the subnet

RDP is denied, since it is only default rules on the vm NSG

Networking on VM

Same set of default rules, lets add RDP with correct information on the vmserver01-nsg, same as for Nsg01

RDP now works

Success

Lets delete the NSG rule and test RDP again, it should be denied.

Add a new inbound on r Nsg01, an RDP rule but use UDP and not TCP.

Now we have a valid inbound for RDP on the vm NSG, but on the vnet NSG is is set up with UDP, not TCP.

Same result, denied