Status: OUT
Azure network traffic requires explicit allowlisting at two independent filtering layers: Standard Load Balancer enforces zero-trust default-deny at the load balancer boundary, while NSGs provide stateful, non-disruptive rule enforcement at the subnet/NIC level — both must independently permit traffic for end-to-end flow, and rule changes at either layer are non-disruptive to established connections.