Using Azure VPN Gateway with network security group rules is the appropriate choice for securing communication in a hybrid cloud infrastructure for Azure applications because it ensures that data transmitted over the internet is encrypted and securely tunneled. The Azure VPN Gateway facilitates the establishment of secure site-to-site connections between on-premises networks and Azure virtual networks, which is crucial for hybrid architectures.
Network security group rules can further enhance this security by allowing or denying inbound and outbound traffic to resources in an Azure virtual network. This layered approach to security ensures that only authorized traffic can flow between on-premises environments and Azure, protecting sensitive data and complying with various regulatory requirements.
While ExpressRoute connections also offer a secure and private connection to Azure, they are generally used for scenarios requiring higher bandwidth and lower latency, and they are not typically suited for all Azure applications as VPN Gateways might be. Azure Load Balancer is more focused on distributing network traffic rather than securing communication. VNet peering allows connection between Azure virtual networks and can be part of a secure architecture, but it does not inherently provide the secure communication pathway typically needed for hybrid scenarios with on-premises infrastructure.