Securing VMs

We’ve covered quite a lot about Windows VMs and Linux VMs and how to create them using Azure Portal and CLI commands. We’ve also explored how to establish connections using RDP, SSH, and Bastion by utilizing these protocols as secure means to connect and manage remote systems. The next step is to get more secure access to these VMs.

There are several services available for us to secure our VMs. One of them is Microsoft Entra ID through which we can manage access to VMs for different users or groups. When creating a VM, we can assign users to it, and while we’re assigning, we can also associate roles for them.

These roles define the level of access that the users will have on our VM. We can manage control using RBAC policies and appropriate access can be granted to users, groups, and applications at a certain scope. The scope of a role assignment varies as per the requirement. An Azure Subscription can be considered as a scope.

We’re already familiar with the roles in RBAC. Here’s a recap:

• Owner: They have full access to all the resources, and they can even give access to others.
• Contributor: They have access to manage resources, but they can’t grant access to others.
• Reader: They have access to only view the existing Azure resources.

Keynote: There are some other security features like disk encryptionTo establish encryption at rest for our virtual machines., virtual networkingTo remove public IP addresses and decide how to allow virtual machines to connect to other resources., Microsoft AntimalwareIt’s a type of extension added to our Azure VMs to secure them against any malware., NSGsTo filter out the traffic in and out of the virtual machine., and so on.