Using Azure Virtual Network Manager network groups in the source and/or destination of security admin rules is now in public preview!
This feature enables you to achieve network isolation across different environments in an easier and logical way. You can achieve scenarios such as segregating your production and non-production environments and allowing communication between only certain environments, helping you manage your network segments more easily at scale. With network groups, you can create logical groups of virtual networks or subnets that have common attributes. You can then create security admin rules with your network groups as the source and/or destination to enforce that specified traffic among your grouped network resources.
This feature streamlines the process of securing your traffic across workloads and environments by removing the manual step of identifying individual classless inter-domain routing (CIDR) ranges or resource IDs.
To learn more about this feature, please see the public documentation on using network groups in security admin rules (concept and how-to).
Learn more about Azure Virtual Network Manager.