raquelalegre
commented
7 years ago It is possible to configure a network security group with inbound/outbound rules, but by default it does accept everything. It is a good idea to add those rules to the existent Terraform template with whatever the user chooses.
I can't see anything in the Terraform config that says which ports on the VM or network resource should accept incoming communications. Presumably therefore it opens everything by default, given that the test apps are working? We should probably lock that down to just the port(s) the researcher states.