Thank you @suvasara-MSFT and @Devaraj G ....
If i read the below article from Microsoft
https://video2.skills-academy.com/en-us/azure/virtual-network/network-security-group-how-it-works
If i look at the below article it clearly says that unless you specify port deny to port 80 it is allowed by the AllowInternetoutbound . And i see that if i do a TELNET www.google.com 80 it makes a connection .
Outbound traffic
For outbound traffic, Azure processes the rules in a network security group associated to a network interface first, if there is one, and then the rules in a network security group associated to the subnet, if there is one.
VM1: The security rules in NSG2 are processed. Unless you create a security rule that denies port 80 outbound to the internet, the traffic is allowed by the AllowInternetOutbound default security rule in both NSG1 and NSG2. If NSG2 has a security rule that denies port 80, the traffic is denied, and never evaluated by NSG1. To deny port 80 from the virtual machine, either, or both of the network security groups must have a rule that denies port 80 to the internet.
VM2: All traffic is sent through the network interface to the subnet, since the network interface attached to VM2 does not have a network security group associated to it. The rules in NSG1 are processed.
VM3: If NSG2 has a security rule that denies port 80, the traffic is denied. If NSG2 has a security rule that allows port 80, then port 80 is allowed outbound to the internet, since a network security group is not associated to Subnet2.
VM4: All network traffic is allowed from VM4, because a network security group isn't associated to the network interface attached to the virtual machine, or to Subnet3.
So the question i have here is :
1) How does machine takes a call that yes i need to make a connection on port 80 and i have to go over internet and i have to make use of rule AllowInternetOutBound?
2)When i create a VM in two different subnets in 2 different regions why Telnet does not work because when i create VM's in 2 different regions and their is no connectivity does it not imply that any communication that i want to make between machines it will go over internet ?