Status: OUT
Azure security operates through two orthogonal enforcement planes that must both be configured: governance (RBAC + Policy cascading through management group hierarchy) controls authorization, while network zero-trust (NSG + LB default-deny + infrastructure IP 168.63.129.16) controls traffic flow — breaching one plane does not bypass the other.