For Azure Network Security Groups (NSGs), we have a default inbound security rule called AllowVnetInBound rule.
AllowVnetInboundRule - https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#allowvnetinbound
But is there a way to create a rule that denies vnet to vnet inbound rule? I am trying to achieve this both from portal and azure powershell, but I don't see any vnet option in the dropdown for the source.
if I understood correctly, you could use the Service Tag called 'VirtualNetwork' in your Inbound Security Rules, and it should be enough to Deny inbound traffic coming from the same Virtual Network.