diff --git a/builtin/providers/azurerm/provider.go b/builtin/providers/azurerm/provider.go
index f660155e9..fb1eb246c 100644
--- a/builtin/providers/azurerm/provider.go
+++ b/builtin/providers/azurerm/provider.go
@@ -48,9 +48,9 @@ func Provider() terraform.ResourceProvider {
 			"azurerm_availability_set": resourceArmAvailabilitySet(),
 			//"azurerm_cdn_endpoint":           resourceArmCdnEndpoint(),
 			//"azurerm_cdn_profile":            resourceArmCdnProfile(),
-			"azurerm_local_network_gateway": resourceArmLocalNetworkGateway(),
-			"azurerm_network_interface":     resourceArmNetworkInterface(),
-			//"azurerm_network_security_group": resourceArmNetworkSecurityGroup(),
+			"azurerm_local_network_gateway":  resourceArmLocalNetworkGateway(),
+			"azurerm_network_interface":      resourceArmNetworkInterface(),
+			"azurerm_network_security_group": resourceArmNetworkSecurityGroup(),
 			//"azurerm_network_security_rule":  resourceArmNetworkSecurityRule(),
 			"azurerm_public_ip":         resourceArmPublicIp(),
 			"azurerm_route":             resourceArmRoute(),
diff --git a/builtin/providers/azurerm/resource_arm_network_security_group.go b/builtin/providers/azurerm/resource_arm_network_security_group.go
index 4d9569c41..a60df4629 100644
--- a/builtin/providers/azurerm/resource_arm_network_security_group.go
+++ b/builtin/providers/azurerm/resource_arm_network_security_group.go
@@ -1,301 +1,284 @@
 package azurerm
 
-//import (
-//	"bytes"
-//	"fmt"
-//	"log"
-//	"net/http"
-//	"time"
-//
-//	"github.com/Azure/azure-sdk-for-go/arm/network"
-//	"github.com/hashicorp/terraform/helper/hashcode"
-//	"github.com/hashicorp/terraform/helper/resource"
-//	"github.com/hashicorp/terraform/helper/schema"
-//)
-//
-//func resourceArmNetworkSecurityGroup() *schema.Resource {
-//	return &schema.Resource{
-//		Create: resourceArmNetworkSecurityGroupCreate,
-//		Read:   resourceArmNetworkSecurityGroupRead,
-//		Update: resourceArmNetworkSecurityGroupCreate,
-//		Delete: resourceArmNetworkSecurityGroupDelete,
-//
-//		Schema: map[string]*schema.Schema{
-//			"name": &schema.Schema{
-//				Type:     schema.TypeString,
-//				Required: true,
-//				ForceNew: true,
-//			},
-//
-//			"location": &schema.Schema{
-//				Type:      schema.TypeString,
-//				Required:  true,
-//				ForceNew:  true,
-//				StateFunc: azureRMNormalizeLocation,
-//			},
-//
-//			"resource_group_name": &schema.Schema{
-//				Type:     schema.TypeString,
-//				Required: true,
-//				ForceNew: true,
-//			},
-//
-//			"security_rule": &schema.Schema{
-//				Type:     schema.TypeSet,
-//				Optional: true,
-//				Computed: true,
-//				Elem: &schema.Resource{
-//					Schema: map[string]*schema.Schema{
-//						"name": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Required: true,
-//						},
-//
-//						"description": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Optional: true,
-//							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
-//								value := v.(string)
-//								if len(value) > 140 {
-//									errors = append(errors, fmt.Errorf(
-//										"The network security rule description can be no longer than 140 chars"))
-//								}
-//								return
-//							},
-//						},
-//
-//						"protocol": &schema.Schema{
-//							Type:         schema.TypeString,
-//							Required:     true,
-//							ValidateFunc: validateNetworkSecurityRuleProtocol,
-//						},
-//
-//						"source_port_range": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Required: true,
-//						},
-//
-//						"destination_port_range": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Required: true,
-//						},
-//
-//						"source_address_prefix": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Required: true,
-//						},
-//
-//						"destination_address_prefix": &schema.Schema{
-//							Type:     schema.TypeString,
-//							Required: true,
-//						},
-//
-//						"access": &schema.Schema{
-//							Type:         schema.TypeString,
-//							Required:     true,
-//							ValidateFunc: validateNetworkSecurityRuleAccess,
-//						},
-//
-//						"priority": &schema.Schema{
-//							Type:     schema.TypeInt,
-//							Required: true,
-//							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
-//								value := v.(int)
-//								if value < 100 || value > 4096 {
-//									errors = append(errors, fmt.Errorf(
-//										"The `priority` can only be between 100 and 4096"))
-//								}
-//								return
-//							},
-//						},
-//
-//						"direction": &schema.Schema{
-//							Type:         schema.TypeString,
-//							Required:     true,
-//							ValidateFunc: validateNetworkSecurityRuleDirection,
-//						},
-//					},
-//				},
-//				Set: resourceArmNetworkSecurityGroupRuleHash,
-//			},
-//
-//			"tags": tagsSchema(),
-//		},
-//	}
-//}
-//
-//func resourceArmNetworkSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
-//	client := meta.(*ArmClient)
-//	secClient := client.secGroupClient
-//
-//	name := d.Get("name").(string)
-//	location := d.Get("location").(string)
-//	resGroup := d.Get("resource_group_name").(string)
-//	tags := d.Get("tags").(map[string]interface{})
-//
-//	sgRules, sgErr := expandAzureRmSecurityRules(d)
-//	if sgErr != nil {
-//		return fmt.Errorf("Error Building list of Network Security Group Rules: %s", sgErr)
-//	}
-//
-//	sg := network.SecurityGroup{
-//		Name:     &name,
-//		Location: &location,
-//		Properties: &network.SecurityGroupPropertiesFormat{
-//			SecurityRules: &sgRules,
-//		},
-//		Tags: expandTags(tags),
-//	}
-//
-//	resp, err := secClient.CreateOrUpdate(resGroup, name, sg)
-//	if err != nil {
-//		return err
-//	}
-//
-//	d.SetId(*resp.ID)
-//
-//	log.Printf("[DEBUG] Waiting for Network Security Group (%s) to become available", name)
-//	stateConf := &resource.StateChangeConf{
-//		Pending: []string{"Accepted", "Updating"},
-//		Target:  []string{"Succeeded"},
-//		Refresh: securityGroupStateRefreshFunc(client, resGroup, name),
-//		Timeout: 10 * time.Minute,
-//	}
-//	if _, err := stateConf.WaitForState(); err != nil {
-//		return fmt.Errorf("Error waiting for Network Securty Group (%s) to become available: %s", name, err)
-//	}
-//
-//	return resourceArmNetworkSecurityGroupRead(d, meta)
-//}
-//
-//func resourceArmNetworkSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
-//	secGroupClient := meta.(*ArmClient).secGroupClient
-//
-//	id, err := parseAzureResourceID(d.Id())
-//	if err != nil {
-//		return err
-//	}
-//	resGroup := id.ResourceGroup
-//	name := id.Path["networkSecurityGroups"]
-//
-//	resp, err := secGroupClient.Get(resGroup, name, "")
-//	if resp.StatusCode == http.StatusNotFound {
-//		d.SetId("")
-//		return nil
-//	}
-//	if err != nil {
-//		return fmt.Errorf("Error making Read request on Azure Network Security Group %s: %s", name, err)
-//	}
-//
-//	if resp.Properties.SecurityRules != nil {
-//		d.Set("security_rule", flattenNetworkSecurityRules(resp.Properties.SecurityRules))
-//	}
-//
-//	flattenAndSetTags(d, resp.Tags)
-//
-//	return nil
-//}
-//
-//func resourceArmNetworkSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
-//	secGroupClient := meta.(*ArmClient).secGroupClient
-//
-//	id, err := parseAzureResourceID(d.Id())
-//	if err != nil {
-//		return err
-//	}
-//	resGroup := id.ResourceGroup
-//	name := id.Path["networkSecurityGroups"]
-//
-//	_, err = secGroupClient.Delete(resGroup, name)
-//
-//	return err
-//}
-//
-//func resourceArmNetworkSecurityGroupRuleHash(v interface{}) int {
-//	var buf bytes.Buffer
-//	m := v.(map[string]interface{})
-//	buf.WriteString(fmt.Sprintf("%s-", m["protocol"].(string)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["source_port_range"].(string)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["destination_port_range"].(string)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["source_address_prefix"].(string)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["destination_address_prefix"].(string)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["access"].(string)))
-//	buf.WriteString(fmt.Sprintf("%d-", m["priority"].(int)))
-//	buf.WriteString(fmt.Sprintf("%s-", m["direction"].(string)))
-//
-//	return hashcode.String(buf.String())
-//}
-//
-//func securityGroupStateRefreshFunc(client *ArmClient, resourceGroupName string, securityGroupName string) resource.StateRefreshFunc {
-//	return func() (interface{}, string, error) {
-//		res, err := client.secGroupClient.Get(resourceGroupName, securityGroupName, "")
-//		if err != nil {
-//			return nil, "", fmt.Errorf("Error issuing read request in securityGroupStateRefreshFunc to Azure ARM for network security group '%s' (RG: '%s'): %s", securityGroupName, resourceGroupName, err)
-//		}
-//
-//		return res, *res.Properties.ProvisioningState, nil
-//	}
-//}
-//
-//func flattenNetworkSecurityRules(rules *[]network.SecurityRule) []map[string]interface{} {
-//	result := make([]map[string]interface{}, 0, len(*rules))
-//	for _, rule := range *rules {
-//		sgRule := make(map[string]interface{})
-//		sgRule["name"] = *rule.Name
-//		sgRule["destination_address_prefix"] = *rule.Properties.DestinationAddressPrefix
-//		sgRule["destination_port_range"] = *rule.Properties.DestinationPortRange
-//		sgRule["source_address_prefix"] = *rule.Properties.SourceAddressPrefix
-//		sgRule["source_port_range"] = *rule.Properties.SourcePortRange
-//		sgRule["priority"] = int(*rule.Properties.Priority)
-//		sgRule["access"] = rule.Properties.Access
-//		sgRule["direction"] = rule.Properties.Direction
-//		sgRule["protocol"] = rule.Properties.Protocol
-//
-//		if rule.Properties.Description != nil {
-//			sgRule["description"] = *rule.Properties.Description
-//		}
-//
-//		result = append(result, sgRule)
-//	}
-//	return result
-//}
-//
-//func expandAzureRmSecurityRules(d *schema.ResourceData) ([]network.SecurityRule, error) {
-//	sgRules := d.Get("security_rule").(*schema.Set).List()
-//	rules := make([]network.SecurityRule, 0, len(sgRules))
-//
-//	for _, sgRaw := range sgRules {
-//		data := sgRaw.(map[string]interface{})
-//
-//		source_port_range := data["source_port_range"].(string)
-//		destination_port_range := data["destination_port_range"].(string)
-//		source_address_prefix := data["source_address_prefix"].(string)
-//		destination_address_prefix := data["destination_address_prefix"].(string)
-//		priority := data["priority"].(int)
-//
-//		properties := network.SecurityRulePropertiesFormat{
-//			SourcePortRange:          &source_port_range,
-//			DestinationPortRange:     &destination_port_range,
-//			SourceAddressPrefix:      &source_address_prefix,
-//			DestinationAddressPrefix: &destination_address_prefix,
-//			Priority:                 &priority,
-//			Access:                   network.SecurityRuleAccess(data["access"].(string)),
-//			Direction:                network.SecurityRuleDirection(data["direction"].(string)),
-//			Protocol:                 network.SecurityRuleProtocol(data["protocol"].(string)),
-//		}
-//
-//		if v := data["description"].(string); v != "" {
-//			properties.Description = &v
-//		}
-//
-//		name := data["name"].(string)
-//		rule := network.SecurityRule{
-//			Name:       &name,
-//			Properties: &properties,
-//		}
-//
-//		rules = append(rules, rule)
-//	}
-//
-//	return rules, nil
-//}
+import (
+	"bytes"
+	"fmt"
+	"net/http"
+
+	"github.com/Azure/azure-sdk-for-go/arm/network"
+	"github.com/hashicorp/terraform/helper/hashcode"
+	"github.com/hashicorp/terraform/helper/schema"
+)
+
+func resourceArmNetworkSecurityGroup() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceArmNetworkSecurityGroupCreate,
+		Read:   resourceArmNetworkSecurityGroupRead,
+		Update: resourceArmNetworkSecurityGroupCreate,
+		Delete: resourceArmNetworkSecurityGroupDelete,
+
+		Schema: map[string]*schema.Schema{
+			"name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"location": {
+				Type:      schema.TypeString,
+				Required:  true,
+				ForceNew:  true,
+				StateFunc: azureRMNormalizeLocation,
+			},
+
+			"resource_group_name": {
+				Type:     schema.TypeString,
+				Required: true,
+				ForceNew: true,
+			},
+
+			"security_rule": {
+				Type:     schema.TypeSet,
+				Optional: true,
+				Computed: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"name": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"description": {
+							Type:     schema.TypeString,
+							Optional: true,
+							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+								value := v.(string)
+								if len(value) > 140 {
+									errors = append(errors, fmt.Errorf(
+										"The network security rule description can be no longer than 140 chars"))
+								}
+								return
+							},
+						},
+
+						"protocol": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateNetworkSecurityRuleProtocol,
+						},
+
+						"source_port_range": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"destination_port_range": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"source_address_prefix": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"destination_address_prefix": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+
+						"access": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateNetworkSecurityRuleAccess,
+						},
+
+						"priority": {
+							Type:     schema.TypeInt,
+							Required: true,
+							ValidateFunc: func(v interface{}, k string) (ws []string, errors []error) {
+								value := v.(int)
+								if value < 100 || value > 4096 {
+									errors = append(errors, fmt.Errorf(
+										"The `priority` can only be between 100 and 4096"))
+								}
+								return
+							},
+						},
+
+						"direction": {
+							Type:         schema.TypeString,
+							Required:     true,
+							ValidateFunc: validateNetworkSecurityRuleDirection,
+						},
+					},
+				},
+				Set: resourceArmNetworkSecurityGroupRuleHash,
+			},
+
+			"tags": tagsSchema(),
+		},
+	}
+}
+
+func resourceArmNetworkSecurityGroupCreate(d *schema.ResourceData, meta interface{}) error {
+	client := meta.(*ArmClient)
+	secClient := client.secGroupClient
+
+	name := d.Get("name").(string)
+	location := d.Get("location").(string)
+	resGroup := d.Get("resource_group_name").(string)
+	tags := d.Get("tags").(map[string]interface{})
+
+	sgRules, sgErr := expandAzureRmSecurityRules(d)
+	if sgErr != nil {
+		return fmt.Errorf("Error Building list of Network Security Group Rules: %s", sgErr)
+	}
+
+	sg := network.SecurityGroup{
+		Name:     &name,
+		Location: &location,
+		Properties: &network.SecurityGroupPropertiesFormat{
+			SecurityRules: &sgRules,
+		},
+		Tags: expandTags(tags),
+	}
+
+	_, err := secClient.CreateOrUpdate(resGroup, name, sg, make(chan struct{}))
+	if err != nil {
+		return err
+	}
+
+	read, err := secClient.Get(resGroup, name, "")
+	if err != nil {
+		return err
+	}
+	if read.ID == nil {
+		return fmt.Errorf("Cannot read Virtual Network %s (resource group %s) ID", name, resGroup)
+	}
+
+	d.SetId(*read.ID)
+
+	return resourceArmNetworkSecurityGroupRead(d, meta)
+}
+
+func resourceArmNetworkSecurityGroupRead(d *schema.ResourceData, meta interface{}) error {
+	secGroupClient := meta.(*ArmClient).secGroupClient
+
+	id, err := parseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+	resGroup := id.ResourceGroup
+	name := id.Path["networkSecurityGroups"]
+
+	resp, err := secGroupClient.Get(resGroup, name, "")
+	if resp.StatusCode == http.StatusNotFound {
+		d.SetId("")
+		return nil
+	}
+	if err != nil {
+		return fmt.Errorf("Error making Read request on Azure Network Security Group %s: %s", name, err)
+	}
+
+	if resp.Properties.SecurityRules != nil {
+		d.Set("security_rule", flattenNetworkSecurityRules(resp.Properties.SecurityRules))
+	}
+
+	flattenAndSetTags(d, resp.Tags)
+
+	return nil
+}
+
+func resourceArmNetworkSecurityGroupDelete(d *schema.ResourceData, meta interface{}) error {
+	secGroupClient := meta.(*ArmClient).secGroupClient
+
+	id, err := parseAzureResourceID(d.Id())
+	if err != nil {
+		return err
+	}
+	resGroup := id.ResourceGroup
+	name := id.Path["networkSecurityGroups"]
+
+	_, err = secGroupClient.Delete(resGroup, name, make(chan struct{}))
+
+	return err
+}
+
+func resourceArmNetworkSecurityGroupRuleHash(v interface{}) int {
+	var buf bytes.Buffer
+	m := v.(map[string]interface{})
+	buf.WriteString(fmt.Sprintf("%s-", m["protocol"].(string)))
+	buf.WriteString(fmt.Sprintf("%s-", m["source_port_range"].(string)))
+	buf.WriteString(fmt.Sprintf("%s-", m["destination_port_range"].(string)))
+	buf.WriteString(fmt.Sprintf("%s-", m["source_address_prefix"].(string)))
+	buf.WriteString(fmt.Sprintf("%s-", m["destination_address_prefix"].(string)))
+	buf.WriteString(fmt.Sprintf("%s-", m["access"].(string)))
+	buf.WriteString(fmt.Sprintf("%d-", m["priority"].(int)))
+	buf.WriteString(fmt.Sprintf("%s-", m["direction"].(string)))
+
+	return hashcode.String(buf.String())
+}
+
+func flattenNetworkSecurityRules(rules *[]network.SecurityRule) []map[string]interface{} {
+	result := make([]map[string]interface{}, 0, len(*rules))
+	for _, rule := range *rules {
+		sgRule := make(map[string]interface{})
+		sgRule["name"] = *rule.Name
+		sgRule["destination_address_prefix"] = *rule.Properties.DestinationAddressPrefix
+		sgRule["destination_port_range"] = *rule.Properties.DestinationPortRange
+		sgRule["source_address_prefix"] = *rule.Properties.SourceAddressPrefix
+		sgRule["source_port_range"] = *rule.Properties.SourcePortRange
+		sgRule["priority"] = int(*rule.Properties.Priority)
+		sgRule["access"] = rule.Properties.Access
+		sgRule["direction"] = rule.Properties.Direction
+		sgRule["protocol"] = rule.Properties.Protocol
+
+		if rule.Properties.Description != nil {
+			sgRule["description"] = *rule.Properties.Description
+		}
+
+		result = append(result, sgRule)
+	}
+	return result
+}
+
+func expandAzureRmSecurityRules(d *schema.ResourceData) ([]network.SecurityRule, error) {
+	sgRules := d.Get("security_rule").(*schema.Set).List()
+	rules := make([]network.SecurityRule, 0, len(sgRules))
+
+	for _, sgRaw := range sgRules {
+		data := sgRaw.(map[string]interface{})
+
+		source_port_range := data["source_port_range"].(string)
+		destination_port_range := data["destination_port_range"].(string)
+		source_address_prefix := data["source_address_prefix"].(string)
+		destination_address_prefix := data["destination_address_prefix"].(string)
+		priority := int32(data["priority"].(int))
+
+		properties := network.SecurityRulePropertiesFormat{
+			SourcePortRange:          &source_port_range,
+			DestinationPortRange:     &destination_port_range,
+			SourceAddressPrefix:      &source_address_prefix,
+			DestinationAddressPrefix: &destination_address_prefix,
+			Priority:                 &priority,
+			Access:                   network.SecurityRuleAccess(data["access"].(string)),
+			Direction:                network.SecurityRuleDirection(data["direction"].(string)),
+			Protocol:                 network.SecurityRuleProtocol(data["protocol"].(string)),
+		}
+
+		if v := data["description"].(string); v != "" {
+			properties.Description = &v
+		}
+
+		name := data["name"].(string)
+		rule := network.SecurityRule{
+			Name:       &name,
+			Properties: &properties,
+		}
+
+		rules = append(rules, rule)
+	}
+
+	return rules, nil
+}
diff --git a/builtin/providers/azurerm/resource_arm_network_security_group_test.go b/builtin/providers/azurerm/resource_arm_network_security_group_test.go
index d05ff88bf..44e8eeb2c 100644
--- a/builtin/providers/azurerm/resource_arm_network_security_group_test.go
+++ b/builtin/providers/azurerm/resource_arm_network_security_group_test.go
@@ -1,265 +1,262 @@
 package azurerm
 
-//import (
-//	"fmt"
-//	"net/http"
-//	"testing"
-//
-//	"github.com/hashicorp/terraform/helper/resource"
-//	"github.com/hashicorp/terraform/terraform"
-//)
-//
-//func TestAccAzureRMNetworkSecurityGroup_basic(t *testing.T) {
-//
-//	resource.Test(t, resource.TestCase{
-//		PreCheck:     func() { testAccPreCheck(t) },
-//		Providers:    testAccProviders,
-//		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
-//		Steps: []resource.TestStep{
-//			resource.TestStep{
-//				Config: testAccAzureRMNetworkSecurityGroup_basic,
-//				Check: resource.ComposeTestCheckFunc(
-//					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
-//				),
-//			},
-//		},
-//	})
-//}
-//
-//func TestAccAzureRMNetworkSecurityGroup_withTags(t *testing.T) {
-//
-//	resource.Test(t, resource.TestCase{
-//		PreCheck:     func() { testAccPreCheck(t) },
-//		Providers:    testAccProviders,
-//		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
-//		Steps: []resource.TestStep{
-//			resource.TestStep{
-//				Config: testAccAzureRMNetworkSecurityGroup_withTags,
-//				Check: resource.ComposeTestCheckFunc(
-//					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "tags.#", "2"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "tags.environment", "Production"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "tags.cost_center", "MSFT"),
-//				),
-//			},
-//
-//			resource.TestStep{
-//				Config: testAccAzureRMNetworkSecurityGroup_withTagsUpdate,
-//				Check: resource.ComposeTestCheckFunc(
-//					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "tags.#", "1"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "tags.environment", "staging"),
-//				),
-//			},
-//		},
-//	})
-//}
-//
-//func TestAccAzureRMNetworkSecurityGroup_addingExtraRules(t *testing.T) {
-//
-//	resource.Test(t, resource.TestCase{
-//		PreCheck:     func() { testAccPreCheck(t) },
-//		Providers:    testAccProviders,
-//		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
-//		Steps: []resource.TestStep{
-//			resource.TestStep{
-//				Config: testAccAzureRMNetworkSecurityGroup_basic,
-//				Check: resource.ComposeTestCheckFunc(
-//					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "security_rule.#", "1"),
-//				),
-//			},
-//
-//			resource.TestStep{
-//				Config: testAccAzureRMNetworkSecurityGroup_anotherRule,
-//				Check: resource.ComposeTestCheckFunc(
-//					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
-//					resource.TestCheckResourceAttr(
-//						"azurerm_network_security_group.test", "security_rule.#", "2"),
-//				),
-//			},
-//		},
-//	})
-//}
-//
-//func testCheckAzureRMNetworkSecurityGroupExists(name string) resource.TestCheckFunc {
-//	return func(s *terraform.State) error {
-//
-//		rs, ok := s.RootModule().Resources[name]
-//		if !ok {
-//			return fmt.Errorf("Not found: %s", name)
-//		}
-//
-//		sgName := rs.Primary.Attributes["name"]
-//		resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
-//		if !hasResourceGroup {
-//			return fmt.Errorf("Bad: no resource group found in state for network security group: %s", sgName)
-//		}
-//
-//		conn := testAccProvider.Meta().(*ArmClient).secGroupClient
-//
-//		resp, err := conn.Get(resourceGroup, sgName, "")
-//		if err != nil {
-//			return fmt.Errorf("Bad: Get on secGroupClient: %s", err)
-//		}
-//
-//		if resp.StatusCode == http.StatusNotFound {
-//			return fmt.Errorf("Bad: Network Security Group %q (resource group: %q) does not exist", name, resourceGroup)
-//		}
-//
-//		return nil
-//	}
-//}
-//
-//func testCheckAzureRMNetworkSecurityGroupDestroy(s *terraform.State) error {
-//	conn := testAccProvider.Meta().(*ArmClient).secGroupClient
-//
-//	for _, rs := range s.RootModule().Resources {
-//		if rs.Type != "azurerm_network_security_group" {
-//			continue
-//		}
-//
-//		name := rs.Primary.Attributes["name"]
-//		resourceGroup := rs.Primary.Attributes["resource_group_name"]
-//
-//		resp, err := conn.Get(resourceGroup, name, "")
-//
-//		if err != nil {
-//			return nil
-//		}
-//
-//		if resp.StatusCode != http.StatusNotFound {
-//			return fmt.Errorf("Network Security Group still exists:\n%#v", resp.Properties)
-//		}
-//	}
-//
-//	return nil
-//}
-//
-//var testAccAzureRMNetworkSecurityGroup_basic = `
-//resource "azurerm_resource_group" "test" {
-//    name = "acceptanceTestResourceGroup1"
-//    location = "West US"
-//}
-//
-//resource "azurerm_network_security_group" "test" {
-//    name = "acceptanceTestSecurityGroup1"
-//    location = "West US"
-//    resource_group_name = "${azurerm_resource_group.test.name}"
-//
-//    security_rule {
-//    	name = "test123"
-//    	priority = 100
-//    	direction = "Inbound"
-//    	access = "Allow"
-//    	protocol = "Tcp"
-//    	source_port_range = "*"
-//    	destination_port_range = "*"
-//    	source_address_prefix = "*"
-//    	destination_address_prefix = "*"
-//    }
-//}
-//`
-//
-//var testAccAzureRMNetworkSecurityGroup_anotherRule = `
-//resource "azurerm_resource_group" "test" {
-//    name = "acceptanceTestResourceGroup1"
-//    location = "West US"
-//}
-//
-//resource "azurerm_network_security_group" "test" {
-//    name = "acceptanceTestSecurityGroup1"
-//    location = "West US"
-//    resource_group_name = "${azurerm_resource_group.test.name}"
-//
-//    security_rule {
-//    	name = "test123"
-//    	priority = 100
-//    	direction = "Inbound"
-//    	access = "Allow"
-//    	protocol = "Tcp"
-//    	source_port_range = "*"
-//    	destination_port_range = "*"
-//    	source_address_prefix = "*"
-//    	destination_address_prefix = "*"
-//    }
-//
-//    security_rule {
-//    	name = "testDeny"
-//    	priority = 101
-//    	direction = "Inbound"
-//    	access = "Deny"
-//    	protocol = "Udp"
-//    	source_port_range = "*"
-//    	destination_port_range = "*"
-//    	source_address_prefix = "*"
-//    	destination_address_prefix = "*"
-//    }
-//}
-//`
-//
-//var testAccAzureRMNetworkSecurityGroup_withTags = `
-//resource "azurerm_resource_group" "test" {
-//    name = "acceptanceTestResourceGroup1"
-//    location = "West US"
-//}
-//
-//resource "azurerm_network_security_group" "test" {
-//    name = "acceptanceTestSecurityGroup1"
-//    location = "West US"
-//    resource_group_name = "${azurerm_resource_group.test.name}"
-//
-//    security_rule {
-//    	name = "test123"
-//    	priority = 100
-//    	direction = "Inbound"
-//    	access = "Allow"
-//    	protocol = "Tcp"
-//    	source_port_range = "*"
-//    	destination_port_range = "*"
-//    	source_address_prefix = "*"
-//    	destination_address_prefix = "*"
-//    }
-//
-//
-//    tags {
-//	environment = "Production"
-//	cost_center = "MSFT"
-//    }
-//}
-//`
-//
-//var testAccAzureRMNetworkSecurityGroup_withTagsUpdate = `
-//resource "azurerm_resource_group" "test" {
-//    name = "acceptanceTestResourceGroup1"
-//    location = "West US"
-//}
-//
-//resource "azurerm_network_security_group" "test" {
-//    name = "acceptanceTestSecurityGroup1"
-//    location = "West US"
-//    resource_group_name = "${azurerm_resource_group.test.name}"
-//
-//    security_rule {
-//    	name = "test123"
-//    	priority = 100
-//    	direction = "Inbound"
-//    	access = "Allow"
-//    	protocol = "Tcp"
-//    	source_port_range = "*"
-//    	destination_port_range = "*"
-//    	source_address_prefix = "*"
-//    	destination_address_prefix = "*"
-//    }
-//
-//    tags {
-//	environment = "staging"
-//    }
-//}
-//`
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"github.com/hashicorp/terraform/helper/resource"
+	"github.com/hashicorp/terraform/terraform"
+)
+
+func TestAccAzureRMNetworkSecurityGroup_basic(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMNetworkSecurityGroup_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAzureRMNetworkSecurityGroup_withTags(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMNetworkSecurityGroup_withTags,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "tags.#", "2"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "tags.environment", "Production"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "tags.cost_center", "MSFT"),
+				),
+			},
+
+			{
+				Config: testAccAzureRMNetworkSecurityGroup_withTagsUpdate,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "tags.#", "1"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "tags.environment", "staging"),
+				),
+			},
+		},
+	})
+}
+
+func TestAccAzureRMNetworkSecurityGroup_addingExtraRules(t *testing.T) {
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMNetworkSecurityGroupDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: testAccAzureRMNetworkSecurityGroup_basic,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "security_rule.#", "1"),
+				),
+			},
+
+			{
+				Config: testAccAzureRMNetworkSecurityGroup_anotherRule,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMNetworkSecurityGroupExists("azurerm_network_security_group.test"),
+					resource.TestCheckResourceAttr(
+						"azurerm_network_security_group.test", "security_rule.#", "2"),
+				),
+			},
+		},
+	})
+}
+
+func testCheckAzureRMNetworkSecurityGroupExists(name string) resource.TestCheckFunc {
+	return func(s *terraform.State) error {
+
+		rs, ok := s.RootModule().Resources[name]
+		if !ok {
+			return fmt.Errorf("Not found: %s", name)
+		}
+
+		sgName := rs.Primary.Attributes["name"]
+		resourceGroup, hasResourceGroup := rs.Primary.Attributes["resource_group_name"]
+		if !hasResourceGroup {
+			return fmt.Errorf("Bad: no resource group found in state for network security group: %s", sgName)
+		}
+
+		conn := testAccProvider.Meta().(*ArmClient).secGroupClient
+
+		resp, err := conn.Get(resourceGroup, sgName, "")
+		if err != nil {
+			return fmt.Errorf("Bad: Get on secGroupClient: %s", err)
+		}
+
+		if resp.StatusCode == http.StatusNotFound {
+			return fmt.Errorf("Bad: Network Security Group %q (resource group: %q) does not exist", name, resourceGroup)
+		}
+
+		return nil
+	}
+}
+
+func testCheckAzureRMNetworkSecurityGroupDestroy(s *terraform.State) error {
+	conn := testAccProvider.Meta().(*ArmClient).secGroupClient
+
+	for _, rs := range s.RootModule().Resources {
+		if rs.Type != "azurerm_network_security_group" {
+			continue
+		}
+
+		name := rs.Primary.Attributes["name"]
+		resourceGroup := rs.Primary.Attributes["resource_group_name"]
+
+		resp, err := conn.Get(resourceGroup, name, "")
+
+		if err != nil {
+			return nil
+		}
+
+		if resp.StatusCode != http.StatusNotFound {
+			return fmt.Errorf("Network Security Group still exists:\n%#v", resp.Properties)
+		}
+	}
+
+	return nil
+}
+
+var testAccAzureRMNetworkSecurityGroup_basic = `
+resource "azurerm_resource_group" "test" {
+    name = "acceptanceTestResourceGroup1"
+    location = "West US"
+}
+
+resource "azurerm_network_security_group" "test" {
+    name = "acceptanceTestSecurityGroup1"
+    location = "West US"
+    resource_group_name = "${azurerm_resource_group.test.name}"
+
+    security_rule {
+    	name = "test123"
+    	priority = 100
+    	direction = "Inbound"
+    	access = "Allow"
+    	protocol = "Tcp"
+    	source_port_range = "*"
+    	destination_port_range = "*"
+    	source_address_prefix = "*"
+    	destination_address_prefix = "*"
+    }
+}
+`
+
+var testAccAzureRMNetworkSecurityGroup_anotherRule = `
+resource "azurerm_resource_group" "test" {
+    name = "acceptanceTestResourceGroup1"
+    location = "West US"
+}
+
+resource "azurerm_network_security_group" "test" {
+    name = "acceptanceTestSecurityGroup1"
+    location = "West US"
+    resource_group_name = "${azurerm_resource_group.test.name}"
+
+    security_rule {
+    	name = "test123"
+    	priority = 100
+    	direction = "Inbound"
+    	access = "Allow"
+    	protocol = "Tcp"
+    	source_port_range = "*"
+    	destination_port_range = "*"
+    	source_address_prefix = "*"
+    	destination_address_prefix = "*"
+    }
+
+    security_rule {
+    	name = "testDeny"
+    	priority = 101
+    	direction = "Inbound"
+    	access = "Deny"
+    	protocol = "Udp"
+    	source_port_range = "*"
+    	destination_port_range = "*"
+    	source_address_prefix = "*"
+    	destination_address_prefix = "*"
+    }
+}
+`
+
+var testAccAzureRMNetworkSecurityGroup_withTags = `
+resource "azurerm_resource_group" "test" {
+    name = "acceptanceTestResourceGroup1"
+    location = "West US"
+}
+
+resource "azurerm_network_security_group" "test" {
+    name = "acceptanceTestSecurityGroup1"
+    location = "West US"
+    resource_group_name = "${azurerm_resource_group.test.name}"
+
+    security_rule {
+    	name = "test123"
+    	priority = 100
+    	direction = "Inbound"
+    	access = "Allow"
+    	protocol = "Tcp"
+    	source_port_range = "*"
+    	destination_port_range = "*"
+    	source_address_prefix = "*"
+    	destination_address_prefix = "*"
+    }
+
+
+    tags {
+	environment = "Production"
+	cost_center = "MSFT"
+    }
+}
+`
+
+var testAccAzureRMNetworkSecurityGroup_withTagsUpdate = `
+resource "azurerm_resource_group" "test" {
+    name = "acceptanceTestResourceGroup1"
+    location = "West US"
+}
+
+resource "azurerm_network_security_group" "test" {
+    name = "acceptanceTestSecurityGroup1"
+    location = "West US"
+    resource_group_name = "${azurerm_resource_group.test.name}"
+
+    security_rule {
+    	name = "test123"
+    	priority = 100
+    	direction = "Inbound"
+    	access = "Allow"
+    	protocol = "Tcp"
+    	source_port_range = "*"
+    	destination_port_range = "*"
+    	source_address_prefix = "*"
+    	destination_address_prefix = "*"
+    }
+
+    tags {
+	environment = "staging"
+    }
+}
+`