Tuesday 24 May 2016

Securing Azure Virtual Machines

We discussed about Understanding Microsoft AzureVirtual Networks ,Azure Management Tools , Azure Virtual Machines and Demystified Azure Websites earlier in our post related to Microsoft Azure Series.

Dedicated this article for understanding the various aspects related to securing Azure Virtual Machines running in Windows Azure.

Network Security Groups aka NSG's

  • NSG's can be used for controlling the traffic to Virtual Machine in a Virtual Network.
  • Quite like an alternative to ACL (Access Control List) and contains Access Control Rules that Allow or Deny traffic to specific VM's or to the entire Vm's in Subnet.
  • To work with NSG's Regional vNet's need to be created.
  • Not Compatible with any vNet's which are associated to an Affinity Group
  • When we associate NSG's to a subnet the ACL rules would be applied to all the VM's which are part of that subnet.
Firewall Rules
  • Firewall Rules can be used to Allow or Deny connections through VM firewall.
  • We can VM firewall rules by configuring Windows Firewall on each Virtual Machine manually or can also make use of Group Policies. 
  • For RDP, Remote PowerShell, and SSH, the configuration of access through firewalls is automatic.
  • Moreover for other endpoints we can always go ahead and manually add the required port details.
  • By Default RDP and PowerShell are secured using Self Signed Certificates.
  • Moreover Certificates linked to Trusted Certificate Authority can also be used.
  • For Linux-based VMs, exposing SSH to the Internet from the cloud can present a security weakness. 
  • Make Sure to Setup unique userid's apart from Root and Admin.
  • The endpoint should be configured on private key/certificate SSH authentication. 
  • The Azure Management Portal accepts SSH public keys encapsulated in an X509 certificate.


  • When it comes to Windows Azure it provides a highly Secure environment , moreover we can make use of BITLOCKER for encrypting sensitive data.

For More information refer Microsoft Azure Essentials

No comments:

Post a Comment