In an Azure network security group, is denying all traffic before the "AllowVnetInbound" and "AllowAzureLoadBalancerInbound" rules good practice?

azure network-security-group

The only real reason to do this is if you want to ensure that you are in complete control of the rules governing traffic flow, and not defaulting into using the built in rules. In the scenario you showed, intra-vnet traffic is not allowed, as the "AllowVnetInboundTraffic" rule is blocked. You would then need to explicitly define any rules you want to allow traffic between machines on the same (or peered) vNets, if you apply this rule to a subnet.

Related

Can't SSH to Amazon Lightsail server using browser-based client
using Iperf3 to test upload and download
What does the @ symbol mean before a file path in Windows command prompt?
How to remove warning about "System not registered - please register to enable updates and addons" on Red Hat 8?
I accidentaly enabled the UFW on my Google Cloud Computer
iMac unable to boot from USB
Can I debug network connectivity through two switches?
Giant system dialog font on Windows 10
Can I downgrade from the Windows 8.1 preview to Windows 8 if I have an OEM CD?
How to prevent saving background job calls in logs.txt file
Mapping array of objects to an array of Objects with object and array
How to configure Serilog with different log levels for each namespace in my project? I want to do it via application.json config file