Windows VM with Azure secure baseline.

Azure Public Test Date Azure Public Test Result

Azure US Gov Last Test Date Azure US Gov Last Test Result

Best Practice Check Cred Scan Check

Bicep Version

Deploy To Azure


This template allows you to deploy a Windows VM with the Azure secure baseline applied. For details about the settings in the baseline, review the reference documentation.

Windows secure baseline

General information about how configurations are assigned to machines in Azure is available in documentation.

Understand the guest configuration feature of Azure Policy

A detailed how to document about assigning configurations to machines, and how to customize configurations from ARM, is also available.

Common administration ports to log in to the VM directly, are not opened in this template. After deploying this machine, it is expected that you will deploy applications using a service such as Azure DevOps.

To provide ongoing operations for the machine, it is expected you will use the available Azure management services. You can also view the Cloud Adoption Framework for more information about best practices.

If you would prefer to open common ports, modify rules in the network security group associated with the network adapter for the machine.

How to create a guest configuration assignment using templates

If you're new to Azure virtual machines, see:

If you're new to template deployment, see:

Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, ConfigurationforWindows, Microsoft.GuestConfiguration/guestConfigurationAssignments