Do you use these together or is it situation specific when deciding to apply one or the other? Does one take precedence over another? Not to clear on what decision making would go into choosing one vs another.
Azure Network Security groups vs Application Security groups
Application security groups are used to create rules in network security groups.
Network security groups are a set of rules that control the flow of traffic to and from a virtual network.
Inside a virtual network named VNET1, you night have several VMs. For example, you might have three web servers and a database server. There is a network security group named NSG1, attached to VNET1. If you want to allow port 80 traffic to the web servers but not the database server, then you need a way to identify the web servers when you create the rule in the network security group. This is where application security groups come into play. I can assign the NICs from the three web servers to an application security group. Let's call the application security group AsgWeb. Now you can create a NSG rule that allows port 80 traffic from the internet to just the web servers. Your rule would specify
Source port: *
Destination port: 80
So NSGs contain rules to control traffic. ASGs contain vNICs and are used inside NSG rules to group application servers.
Hope this helps!