| title | description | ms.topic | ms.service | ms.date |
|---|---|---|---|---|
Concepts - Security recommendations for Azure VMware Solution |
Learn about tips and best practices to help protect Azure VMware Solution deployments from vulnerabilities and malicious actors. |
conceptual |
azure-vmware |
01/10/2022 |
It's important that proper measures are taken to secure your Azure VMware Solution deployments. Use this information as a high-level guide to achieve your security goals.
Use the following guidelines and links for general security recommendations for both Azure VMware Solution and VMware best practices.
| Recommendation | Comments |
|---|---|
| Review and follow VMware Security Best Practices | It's important to stay updated on Azure security practices and VMware Security Best Practices. |
| Keep up to date on VMware Security Advisories | Subscribe to VMware notifications in my.vmware.com and regularly review and remediate any VMware Security Advisories. |
| Enable Microsoft Defender for Cloud | Microsoft Defender for Cloud provides unified security management and advanced threat protection across hybrid cloud workloads. |
| Follow the Microsoft Security Response Center blog | Microsoft Security Response Center |
| Review and implement recommendations within the Azure Security Baseline for Azure VMware Solution | Azure security baseline for VMware Solution |
The following are network-related security recommendations for Azure VMware Solution.
| Recommendation | Comments |
|---|---|
| Only allow trusted networks | Only allow access to your environments over ExpressRoute or other secured networks. Avoid exposing your management services like vCenter Server, for example, on the internet. |
| Use Azure Firewall Premium | If you must expose management services on the internet, use Azure Firewall Premium with both IDPS Alert and Deny mode along with TLS inspection for proactive threat detection. |
| Deploy and configure Network Security Groups on VNET | Ensure any VNET deployed has Network Security Groups configured to control ingress and egress to your environment. |
| Review and implement recommendations within the Azure security baseline for Azure VMware Solution | Azure security baseline for Azure VMware Solution |
See the following information for recommendations to secure your HCX deployment.
| Recommendation | Comments |
|---|---|
| Stay current with HCX service updates | HCX service updates can include new features, software fixes, and security patches. Apply service updates during a maintenance window where no new HCX operations are queued up by following these steps. |