Security recommendations for Azure VMware Solution
It's important to take proper measures to secure your Azure VMware Solution deployments. Use the information in this article as a high-level guide to achieve your security goals.
General
Use the following guidelines and links for general security recommendations for both Azure VMware Solution and VMware best practices.
| Recommendation | Comments |
|---|---|
| Review and follow VMware Security Best Practices. | It's important to stay updated on Azure security practices and VMware Security Best Practices. |
| Keep up to date on VMware Security Advisories. | Subscribe to VMware notifications in my.vmware.com. Regularly review and remediate any VMware Security Advisories. |
| Enable Microsoft Defender for Cloud. | Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads. |
| Follow the Microsoft Security Response Center blog. | Microsoft Security Response Center |
| Review and implement recommendations within the Azure security baseline for Azure VMware Solution. | Azure security baseline for VMware Solution |
Network
The following recommendations for network-related security apply to Azure VMware Solution.
| Recommendation | Comments |
|---|---|
| Only allow trusted networks. | Only allow access to your environments over Azure ExpressRoute or other secured networks. Avoid exposing your management services like vCenter Server, for example, on the internet. |
| Use Azure Firewall Premium. | If you must expose management services on the internet, use Azure Firewall Premium with both intrusion detection and detention system (IDPS) Alert and Deny mode along with Transport Layer Security (TLS) inspection for proactive threat detection. |
| Deploy and configure network security groups on a virtual network. | Ensure that any deployed virtual network has network security groups configured to control ingress and egress to your environment. |
| Review and implement recommendations within the Azure security baseline for Azure VMware Solution. | Azure security baseline for Azure VMware Solution |
VMware HCX
See the following information for recommendations to secure your VMware HCX deployment.
| Recommendation | Comments |
|---|---|
| Stay current with VMware HCX service updates. | VMware HCX service updates can include new features, software fixes, and security patches. To apply service updates during a maintenance window where no new VMware HCX operations are queued up, follow these steps. |
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for