After a flow monitoring session has been collected, the results are analyzed and can be filtered for use in grouping objects and firewall rules. ARM automatically recommends firewall rules and security groups based on analyzed flows.
Analyzed flows can be filtered to limit the number of flows in a working set. The filter option icon is next to the Processed View drop-down menu on the right.
Prerequisites
Before analysis, a flow monitoring session must have been collected from selected vNICs or VMs.