I have added a new VM to a Subnet that has no NSG assigned to. I have a NSG where I have added rules to allow 3389 (RDP) port, but I did not associate this NSG to either the Subnet or the VM n/w interface. But still I am able to RDP into it and am also being able to reach the web server. Basically n/w traffic to port 80 and 3389 is going through.
How come this can happen, when there is no NSG assigned. Does n/w interface of the VM allow this traffic by default? If so where can I find the allowed rules and how can I restrich such a traffic?
Yes, with no NSG around nothing is being blocked (imagine NSG is a firewall, what happens when there is NO firewall?).
Attach the NSG and it will work as you expect it.