Security recommendations for Azure VMware Solution
It's important that proper measures are taken to secure your Azure VMware Solution deployments. Use this information as a high-level guide to achieve your security goals.
Use the following guidelines and links for general security recommendations for both Azure VMware Solution and VMware best practices.
|Review and follow VMware Security Best Practices||It's important to stay updated on Azure security practices and VMware Security Best Practices.|
|Keep up to date on VMware Security Advisories||Subscribe to VMware notifications in my.vmware.com and regularly review and remediate any VMware Security Advisories.|
|Enable Microsoft Defender for Cloud||Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads.|
|Follow the Microsoft Security Response Center blog||Microsoft Security Response Center|
|Review and implement recommendations within the Azure Security Baseline for Azure VMware Solution||Azure security baseline for VMware Solution|
The following are network-related security recommendations for Azure VMware Solution.
|Only allow trusted networks||Only allow access to your environments over ExpressRoute or other secured networks. Avoid exposing your management services like vCenter Server, for example, on the internet.|
|Use Azure Firewall Premium||If you must expose management services on the internet, use Azure Firewall Premium with both IDPS Alert and Deny mode along with TLS inspection for proactive threat detection.|
|Deploy and configure Network Security Groups on VNET||Ensure any VNET deployed has Network Security Groups configured to control ingress and egress to your environment.|
|Review and implement recommendations within the Azure security baseline for Azure VMware Solution||Azure security baseline for Azure VMware Solution|
See the following information for recommendations to secure your HCX deployment.
|Stay current with HCX service updates||HCX service updates can include new features, software fixes, and security patches. Apply service updates during a maintenance window where no new HCX operations are queued up by following these steps.|
Submit and view feedback for