I am introducing an NSG on subnet level where it is required to allow traffic coming from other azure vms and block the rest traffic coming from internet. Other vms may be in same vnet or may not be. But I am using public IP to establish connection between vms. Is there any way I can get public IP ranges over my subscription.
If this can be done using other alternative please suggest.
If I understand the question, you want network communication between Virtual Machines in separate Virtual Networks, and you want this to be as secure as possible.
Typically, you don't use public IP addresses to establish connections between virtual networks. Instead, you create a Network Gateway on each virtual network, and establish a connection between the two networks that way.
Here is a walkthrough on how to do this:
One reason I doubt the Network Security Group solution will work: when the source machine launches an outgoing TCP connection request, I don't think you can know what source IP address will be exposed. (Somebody correct me if I'm wrong on this).
