[APIM] NSG rules - v2 tiers

gitName · gitName · commit d02572e8d7fa · 2025-06-16T14:58:17.000-07:00
diff --git a/articles/api-management/inject-vnet-v2.md b/articles/api-management/inject-vnet-v2.md
@@ -54,14 +54,10 @@ If you want to enable *public* inbound access to an API Management instance in t
 * Minimum: /27 (32 addresses)
 * Recommended: /24 (256 addresses) - to accommodate scaling of API Management instance
 
-### Network security group
+## Network security group
 
-A network security group must be associated with the subnet. 
-
-* Configure an outbound NSG rule to allow access to Azure Storage on port 443. 
-* Configure other rules to meet your organization's network access requirements. 
-
-To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
+[!INCLUDE [api-management-virtual-network-v2-nsg-rules](../../includes/api-management-virtual-network-v2-nsg-rules.md)]
+* Configure inbound rules to meet your requirements for access to the API Management instance.
 
 ### Subnet delegation
 
diff --git a/articles/api-management/integrate-vnet-outbound.md b/articles/api-management/integrate-vnet-outbound.md
@@ -5,7 +5,7 @@ author: dlepow
 ms.author: danlep
 ms.service: azure-api-management
 ms.topic: how-to 
-ms.date: 04/03/2025
+ms.date: 06/16/2025
 ---
 
 # Integrate an Azure API Management instance with a private virtual network for outbound connections 
@@ -48,7 +48,7 @@ If you want to inject a Premium v2 (preview) API Management instance into a virt
 
 ### Network security group
 
-A network security group must be associated with the subnet. Configure any network security group rules that you need for the gateway to access your API backends. Network security groups (NSG) can also be used to block outbound traffic to the internet and access only resources in your virtual network. To set up a network security group, see [Create a network security group](../virtual-network/manage-network-security-group.md).
+[!INCLUDE [api-management-virtual-network-v2-nsg-rules](../../includes/api-management-virtual-network-v2-nsg-rules.md)]
 
 ### Subnet delegation
 
diff --git a/includes/api-management-virtual-network-v2-nsg-rules.md b/includes/api-management-virtual-network-v2-nsg-rules.md
@@ -0,0 +1,16 @@
+---
+author: dlepow
+ms.service: azure-api-management
+ms.topic: include
+ms.date: 06/16/2025
+ms.author: danlep
+---
+
+A network security group (NSG) must be associated with the subnet. To set up a network security group, see [Create a network security group](../articles/virtual-network/manage-network-security-group.md). 
+
+* Configure an outbound NSG rule to allow access to Azure Storage on port 443. 
+* Configure other outbound rules you need for the gateway to reach your API backends. 
+* NSG rules can also be used to block outbound traffic to the internet and access only resources in your virtual network. 
+
+
+
