Azure Best Practice For Virtual Machine Hardening

GRAY Mike 161 Reputation points
2023-11-07T14:57:07+00:00

Hi,

I am deploying a number of Azure VMs for a client and I am researching the best practice for hardening the security of the VMs before we start delivery and running these in a production service.

We are employing Nessus and the output results are obviously generating vulnerabilities with the images we are deploying. Previously we have deployed Domain Controllers and Group Policies within AD to harden the joined VMs and I am questioning whether this should be best practice now we are using VMs in Azure.

Could you please advise whether the Azure Cloud recommends another way of achieving this or do we still need to deployed AD DS to support GPO hardening.

Could you also point me in the direction of the best Group Policies I can use to build into the DC if required.

We are using a mixture of Windows based and Linux Based (RHAT) VMs.

Thanks

Mike

Azure Virtual Machines
Azure Virtual Machines
An Azure service that is used to provision Windows and Linux virtual machines.
8,122 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,731 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,865 questions
{count} votes

Accepted answer
  1. vipullag-MSFT 26,411 Reputation points
    2023-11-08T05:27:36.72+00:00

    Hello GRAY Mike

    Welcome to Microsoft Q&A Platform, thanks for posting your query here.

    As per the security recommendations for virtual machines in Azure, it is recommended to apply the latest updates before creating custom VM images. You can use the Update Management solution in Azure Automation to manage operating system updates for your Windows and Linux computers in Azure.

    Regarding your question about hardening the security of the VMs, it is recommended to follow the security recommendations for Azure Virtual Machines. You can find these recommendations in the article "Security recommendations for virtual machines in Azure".

    As for your question about using AD DS to support GPO hardening, it is not mandatory to use AD DS for hardening the security of VMs in Azure. You can use other methods such as Azure Security Center, Azure Policy, and Azure Firewall to harden the security of your VMs.

    For Windows-based VMs, you can use the Security Baseline for Windows 10 and Windows Server to apply security settings to your VMs. You can find more information about this in the article "Security Baseline for Windows 10 and Windows Server".

    For Linux-based VMs, you can use the Security Baseline for Linux to apply security settings to your VMs. You can find more information about this in the article "Security Baseline for Linux".

    I hope this helps!


0 additional answers

Sort by: Most helpful

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.