Navigation
SecurityUpdated July 3, 2026

Infrastructure Security Baselines

securitybaselinesinfrastructureazurevm-securitynetwork-securitystorage-securityencryptioncompliance

Infrastructure Security Baselines

Azure Resource Security Standards

Virtual Machines

  • Encryption: All VMs must use Azure Disk Encryption
  • Access: SSH key authentication only, no password authentication
  • Monitoring: Azure Monitor agent required on all VMs
  • Patching: Automated patching enabled for {{ security_metrics.compliance.patch_compliance }} compliance

Network Security

  • NSG Rules: Principle of least privilege
  • Private Endpoints: Required for all PaaS services
  • Firewall: Azure Firewall for north-south traffic inspection

Storage Accounts

  • Encryption: Encryption at rest and in transit mandatory
  • Access: Private endpoints only, no public access
  • Backup: Azure Backup enabled with {{ disaster_recovery.retention.standard }} retention

Compliance Requirements

Our infrastructure maintains:

  • Availability: {{ metrics.availability.production }}
  • Patch Compliance: {{ security_metrics.compliance.patch_compliance }}
  • Vulnerability Scanning: {{ security_metrics.compliance.vulnerability_scan }}

Tools Integration

  • {{ tools.security.azure_security_center.name }}: <{{ tools.security.azure_security_center.access }}>
  • {{ tools.security.qualys.name }}: <{{ tools.security.qualys.access }}>

For questions, contact {{ stakeholders.azure_team.azure_admins }}.