SecurityUpdated July 3, 2026
Infrastructure Security Baselines
securitybaselinesinfrastructureazurevm-securitynetwork-securitystorage-securityencryptioncompliance
Infrastructure Security Baselines
Azure Resource Security Standards
Virtual Machines
- Encryption: All VMs must use Azure Disk Encryption
- Access: SSH key authentication only, no password authentication
- Monitoring: Azure Monitor agent required on all VMs
- Patching: Automated patching enabled for {{ security_metrics.compliance.patch_compliance }} compliance
Network Security
- NSG Rules: Principle of least privilege
- Private Endpoints: Required for all PaaS services
- Firewall: Azure Firewall for north-south traffic inspection
Storage Accounts
- Encryption: Encryption at rest and in transit mandatory
- Access: Private endpoints only, no public access
- Backup: Azure Backup enabled with {{ disaster_recovery.retention.standard }} retention
Compliance Requirements
Our infrastructure maintains:
- Availability: {{ metrics.availability.production }}
- Patch Compliance: {{ security_metrics.compliance.patch_compliance }}
- Vulnerability Scanning: {{ security_metrics.compliance.vulnerability_scan }}
Tools Integration
- {{ tools.security.azure_security_center.name }}: <{{ tools.security.azure_security_center.access }}>
- {{ tools.security.qualys.name }}: <{{ tools.security.qualys.access }}>
For questions, contact {{ stakeholders.azure_team.azure_admins }}.