In an Azure subscription with VM1 and VM2 deployed from the same template, how do you prevent access to Internet websites over TCP port 80 using a configured NSG?