Deliverable:

The goal of this is to enable customers to bring their own Network security group.  This contains all the work to go preview and GA for this feature. 

An ARO cluster is deployed across two subnets in a customer’s Vnet. The ARO service creates a network security group (NSG) and attaches it to those subnets. Security teams within some customer organizations have policies that require all NSGs to be far more restrictive than the auto-created ARO NSG. Also, some customers have use cases that require the NSG to be more restrictive. Currently, customers cannot modify ARO NSG, hence they have no supported means to use ARO for their needs.
PRD - https://docs.google.com/document/d/1Uec9lxsC-xGIx0hXbEghXxTAdZuUWYXP/edit?usp=sharing&ouid=105607800740327741207&rtpof=true&sd=true