Microsoft Compute
Best practices and references below are based on published guidance from the cloud service provider and may reference native capabilities the cloud service provider offers. If you are not using the native security capabilities, the same security requirement can be met using other security capabilities your organization utilizes
Design Guidance:
Name | ||
Tags | ||
Os Disk-Name | ||
Data Disks-Name | ||
Os Profile-Computer Name |
Name | ||
Tags | ||
Os Disk-Name | ||
Data Disks-Name | ||
Public Ipaddress Configuration-Ip Tags | ||
Ip Tags-Ip Tag Type | ||
Ip Tags-Tag |
Name | |
Tags | |
Os Profile-Computer Name | |
Dns Settings-Dns Servers | |
Public Ipaddress Configuration-Ip Tags | |
Ip Tags-Ip Tag Type | |
Ip Tags-Tag | |
Plan-Name |
Name | ||
Tags | ||
Instance View-Name |
Design Guidance:
Availability Set-Id |
Zones | ||
Health Probe-Id |
Availability Set-Id |
Os Disk-Os Type | ||
Os Profile-Windows Configuration | ||
Os Profile-Linux Configuration |
Os Profile-Windows Configuration | ||
Os Profile-Linux Configuration | ||
Os Disk-Os Type |
Os Profile-Windows Configuration | |
Os Profile-Linux Configuration |
Win Rm-Listeners |
Win Rm-Listeners |
Design Guidance:
Encryption Settings-Enabled | ||
Security Profile-Encryption At Host | ||
Managed Disk-Id | ||
Disk Encryption Set-Id | ||
Disk Encryption Set-Id |
Security Profile-Encryption At Host | ||
Disk Encryption Set-Id | ||
Disk Encryption Set-Id |
Encryption Settings-Enabled | |
Security Profile-Encryption At Host | |
Disk Encryption Set-Id | |
Disk Encryption Set-Id |
Design Guidance:
Uefi Settings-Secure Boot Enabled | ||
Uefi Settings-V Tpm Enabled |
Uefi Settings-Secure Boot Enabled | ||
Uefi Settings-V Tpm Enabled |
Uefi Settings-Secure Boot Enabled | |
Uefi Settings-V Tpm Enabled |
Design Guidance:
Listeners-Protocol | ||
Listeners-Certificate Url |
Listeners-Protocol | ||
Listeners-Certificate Url |
Listeners-Protocol |
Application Gateway Backend Address Pools-Id | ||
Ip Configurations-Load Balancer Backend Address Pools | ||
Load Balancer Backend Address Pools-Id | ||
Load Balancer Inbound Nat Pools-Id |
Application Gateway Backend Address Pools-Id | |
Ip Configurations-Load Balancer Backend Address Pools | |
Load Balancer Backend Address Pools-Id | |
Ip Configurations-Load Balancer Inbound Nat Pools | |
Load Balancer Inbound Nat Pools-Id | |
Network Interface Configurations-Enable Ipforwarding |
Design Guidance:
Os Profile-Admin Username | ||
Os Profile-Admin Password | ||
Linux Configuration-Disable Password Authentication | ||
SSH-Public Keys | ||
Public Keys-Path | ||
Public Keys-Key Data |
Os Profile-Admin Username | ||
Os Profile-Admin Password | ||
Linux Configuration-Disable Password Authentication | ||
SSH-Public Keys | ||
Public Keys-Path | ||
Public Keys-Key Data |
Os Profile-Admin Username | |
Os Profile-Admin Password | |
Linux Configuration-Disable Password Authentication | |
SSH-Public Keys | |
Public Keys-Path | |
Public Keys-Key Data |
Design Guidance:
Network Interfaces-Id |
Network Interface Configurations-Id | ||
Network Interface Configurations-Ip Configurations | ||
Ip Configurations-Id | ||
Ip Configurations-Name | ||
Subnet-Id | ||
Public Ipaddress Configuration-Name |
Network Interfaces-Id | |
Network Interface Configurations-Id | |
Ip Configurations-Id | |
Subnet-Id |
Design Guidance:
Network Security Group-Id | ||
Ip Configurations-Application Security Groups | ||
Application Security Groups-Id |
Network Security Group-Id | |
Ip Configurations-Application Security Groups | |
Application Security Groups-Id |
Public Ipprefix-Id | ||
Public Ipaddress Configuration-Public Ipaddress Version | ||
Ip Configurations-Private Ipaddress Version |
Public Ipprefix-Id | |
Public Ipaddress Configuration-Public Ipaddress Version | |
Ip Configurations-Private Ipaddress Version |
Design Guidance:
Disk Encryption Key-Secret Url | ||
Disk Encryption Key-Source Vault | ||
Source Vault-Id | ||
Key Encryption Key-Key Url | ||
Source Vault-Id | ||
Os Profile-Secrets | ||
Source Vault-Id | ||
Secrets-Vault Certificates | ||
Vault Certificates-Certificate Url | ||
Vault Certificates-Certificate Store |
Os Profile-Secrets | ||
Source Vault-Id | ||
Secrets-Vault Certificates | ||
Vault Certificates-Certificate Url | ||
Vault Certificates-Certificate Store |
Disk Encryption Key-Secret Url | |
Source Vault-Id | |
Key Encryption Key-Key Url | |
Source Vault-Id | |
Listeners-Certificate Url | |
Os Profile-Secrets | |
Source Vault-Id | |
Secrets-Vault Certificates | |
Vault Certificates-Certificate Url | |
Vault Certificates-Certificate Store |
Design Guidance:
Dns Settings-Dns Servers | ||
Public Ipaddress Configuration-Dns Settings |
Design Guidance: