Azure network security group rules allow or deny traffic when its conditions are met. The rules allow users to specify the type of traffic, such as ports ,protocols, source and destination of the traffic, including IP addresses, subnets, and instances. {AzureNetworkSecurityGroupRule} allows direct UDP based services (ports : 53, 123, 161, 389, 1900) access from the internet, which puts at risk your Azure Virtual Machines.