Azure-NetworkSecurityGroups-Excessive-Security-Groups

Severity : Medium

Description : Keeping the number of security groups to a minimum helps reduce the attack surface of an account. Rather than creating new groups with the same rules for each project, common rules should be grouped under the same security groups. For example, instead of adding port 22 from a known IP to every group, create a single SSH security group which can be used on multiple instances.

Remediation Steps : Limit the number of security groups to prevent accidental authorizations.