Security groups in EC2 make it extremely easy for admins to manage firewall rules and secure a group of virtual servers.

A security group acts as a virtual firewall that controls the traffic for one or more instances. When you launch an instance, you associate one or more security groups with the instance. You add rules to each security group that allow traffic to or from its associated instances. You can modify the rules for a security group at any time; the new rules are automatically applied to all instances that are associated with the security group. When we decide whether to allow traffic to reach an instance, we evaluate all the rules from all the security groups that are associated with the instance.

Azure does not yet have the ability to set a security group for an entire group of virtual servers.

In Azure, firewall rules are called ENDPOINTS, probably for some obscure reason that makes perfect sense to Microsoft engineers, and none whatsoever to those of us who have spent the last 20 years implementing firewall rules with ipfwadmin, ipchains and iptables.

In the Azure management console, click Virtual Machines, then click on the name of the virtual machine you want to set firewall rules for, then click Endpoints.

To open a port, click Add in the bottom toolbar, and then configure the firewall rule in the dialog.