What is Effective security rules feature in Azure Network Watcher good for?

Network Security groups are associated at a subnet level or at a NIC level. When associated at a subnet level, it applies to all the VM instances in the subnet. Effective security rules view returns all the configured NSGs and rules that are associated at a NIC and subnet level for a virtual machine providing insight into the configuration. In addition, the effective security rules are returned for each of the NICs in a VM. Using Effective security rules view, you can assess a VM for network vulnerabilities such as open ports. You can also validate if your Network Security Group is working as expected based on a comparison between the configured and the approved security rules.

In addition to network security rules placed via NSGs, Network Watcher’s Effective security rules blade also shows the security admin rules associated with Azure Virtual Network Manager (AVNM). Azure Virtual Network Manager is a management service that enables users to group, configure, deploy and manage Virtual Networks globally across subscriptions. AVNM security configuration allows users to define a collection of rules that can be applied to one or more network security groups at the global level. These security rules have a higher priority than network security group (NSG) rules.