Enable and use Azure Firewall Network rules to explicity allow traffic from specific sources/to specific destinations.
Implementation Effort: Medium
User Impact: Low
Overview
Enable Azure Firewall Network rules to enforce explicit allow lists for all traffic flows. Network rules operate at Layer 3–4, using a stateful, 5-tuple filter (source IP, source port, destination IP, destination port, protocol) to permit only trusted communications.
By defining network rule collections in your Azure Firewall policy—ordered by priority—you can lock down both inbound and outbound traffic to specific IP ranges and ports, preventing unauthorized access and lateral movement. Configure these rules via the Azure portal, CLI, ARM templates, or Firewall Manager to ensure consistent policy rollout across your environment.