In the Native Cloud Enforced Mode, NSX Cloud utilizes NSX Groups and Distributed Firewall rules to create corresponding Application Security Groups and Network Security Groups in Microsoft Azure and Security Groups in AWS.

All workload VMs in your VPCs/VNets onboarded in the Native Cloud Enforced Mode are NSX-managed.

Follow this workflow:
Table 1. Micro-segmentation workflow for your workload VMs in the Native Cloud Enforced Mode
Task Instructions
Empty checkbox Create one or more Groups in NSX Manager to include workload VMs from your public cloud. See Set up Micro-segmentation for Workload VMs in the Native Cloud Enforced Mode

See also: Group VMs using NSX and Public Cloud Tags
Empty checkbox Create one or more Security Policies in NSX Manager that apply to the Group(s) you created for your public cloud workload VMs.
Empty checkbox Remove workload VMs from the User Managed list in CSM if you want them managed by NSX Security Policies.
Empty checkbox Resync your public cloud account in CSM.
Empty checkbox From your VPC/VNet, switch to the details view in CSM for troubleshooting Security policies if there are any errors. See Current Limitations and Common Errors