Security recommendations for Azure VMware Solution

It's important that proper measures are taken to secure your Azure VMware Solution deployments. Use this information as a high-level guide to achieve your security goals.

General

Use the following guidelines and links for general security recommendations for both Azure VMware Solution and VMware best practices.

Recommendation Comments
Review and follow VMware Security Best Practices It's important to stay updated on Azure security practices and VMware Security Best Practices.
Keep up to date on VMware Security Advisories Subscribe to VMware notifications in my.vmware.com and regularly review and remediate any VMware Security Advisories.
Enable Microsoft Defender for Cloud Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads.
Follow the Microsoft Security Response Center blog Microsoft Security Response Center
Review and implement recommendations within the Azure Security Baseline for Azure VMware Solution Azure security baseline for VMware Solution

Network

The following are network-related security recommendations for Azure VMware Solution.

Recommendation Comments
Only allow trusted networks Only allow access to your environments over ExpressRoute or other secured networks. Avoid exposing your management services like vCenter Server, for example, on the internet.
Use Azure Firewall Premium If you must expose management services on the internet, use Azure Firewall Premium with both IDPS Alert and Deny mode along with TLS inspection for proactive threat detection.
Deploy and configure Network Security Groups on VNET Ensure any VNET deployed has Network Security Groups configured to control ingress and egress to your environment.
Review and implement recommendations within the Azure security baseline for Azure VMware Solution Azure security baseline for Azure VMware Solution

HCX

See the following information for recommendations to secure your HCX deployment.

Recommendation Comments
Stay current with HCX service updates HCX service updates can include new features, software fixes, and security patches. Apply service updates during a maintenance window where no new HCX operations are queued up by following these steps.