JackStromberg
commented
7 years ago Hi theMichaelB,
Apologies for the late response. A resource group is not a definition of how resources communicate, but rather a logical grouping of what lifecycle they share. For example, if I deploy SharePoint, I may place all of the VMs, network interfaces, disks, etc. in the same Resource Group as likely they will all remain deployed or all be removed at the same time.
If I place two VMs in the same resource group, that does not mean they can communicate to each other; the underlying network configuration or VNets deployed, will dictate how those resources should communicate. When it comes to PaaS resources, those resources are typically not deployed directly to a VNet and are rather exposed with a public facing IP. Since those are multitenant and are public facing, those will not have the isolated restrictions bound to a VNet. A notable exception to PaaS resources communicating by default is Azure SQL, which when deployed comes with an ACL denying all traffic to its public facing endpoint.
Please let me know if this helps, Jack
theMichaelB
If resources are not related can they interact? If resources do share the same lifecycle can they interact?
As I'm aware there is no restriction on any resource interacting with any other resource that hasn't been specifically configured to do so via security groups