A virtual machine is a machine file, typically described as an image, which works as an actual machine. In other words, it is just like creating a machine within a machine. It operates in a window, much like any other program, giving the end-user the equivalent action on a virtual machine as they would have using the host operating system. An Azure virtual machine comes with the adaptability of virtualization without having to purchase and manage the physical device that runs the virtual machine. You can create and deploy the applications with the presumption that your data is guarded and safe in highly secure data centers.
In this lab, you will learn the method behind the creation and deployment of an Azure Virtual Machine and then the steps of the configuration of security recommendations for the VM. The other guided challenges in this series are "Configure Application Insights and Log Retention for Web Apps" and "Can You Enable Database Authentication Using Azure AD?"
Understand the Scenario
You can use Azure Virtual Machines to deploy a broad range of computing solutions in an active process. For instance, you can deploy any workload or applications on almost any operating system. In this hands-on-lab, you are a system administrator for a company that is migrating its application services from its own datacenter to Azure. Your job is to deploy an Azure Virtual Machine and to configure security recommendations for the virtual machine, as a proof of concept. To accomplish this task, you are provided with an Azure resource group named @lab.CloudResourceGroup(1829). Name that initially contains no resources. You will create the necessary resources to complete the challenge.
Create an Azure Virtual Machine
The first step in this challenge is to create an Azure virtual machine. For this, learners will first create an Azure Virtual Machine named VM1-11764091 and configure the virtual machine to use Windows Server 2016 Datacenter. After this, they will learn how to set the size of the virtual machine to Standard B2s with Standard HDD managed disks and enable RDP access. After setting the size of the virtual machine, they will set the Username and Password to connect to the virtual machine by using RDP. Finally, learners will verify the logical disks available by using Windows Disk Management and disconnect the RDP session. They will execute this task by connecting to the virtual machine by using RDP and verifying the disks currently available by using Windows Disk Management. Disk Management is a Windows utility that allows users to inspect and maintain the disk drives placed in their machine and the partitions connected with those drives.
Enable Security Recommendations
Recommendations are steps for you to apply to secure the Azure resources. Security Center systematically investigates the security state of the Azure resources to recognize possible security vulnerabilities. It gives you recommendations on how to eliminate them. After creating the Azure Virtual Machine, the next step is to enable security recommendations. To execute this, you will first open the Security page for security recommendations and review the security recommendations. Here you will learn how to:
- Follow the "Install endpoint protection solution on virtual machines recommendation" and proceed to the Extensions page of the virtual machine and add the extension for Microsoft Antimalware manually.
- Follow the "Management ports should be closed on your virtual machines" recommendation and proceed to the Networking page of the virtual machine and remove the inbound rule for RDP manually.
Enable Azure Disk Encryption
Azure Disk Encryption secures your data to satisfy your organizational security responsibilities. It applies the Bitlocker characteristic of Windows to give volume encryption for the data disks and OS of Azure virtual machines. It is combined with Azure Key Vault to manage and control the disk encryption keys. In this final section of the lab, learners will learn how to follow the "Disk Encryption should be enabled on virtual machines" recommendation and how to apply Azure Disk Encryption manually. Here, they will first launch Azure Cloud Shell for PowerShell and use advanced settings to create a storage account and file share for Cloud Shell in the existing resource group. After this, they will create an Azure Key Vault and enable Azure Disk Encryption for the virtual machine by using specific commands. Finally, they will verify that the Azure Disk Encryption is enabled.
Lab Summary Conclusion
After completing the "Configure Security Recommendations for Virtual Machines" virtual lab, you will have accomplished the following:
- Created an Azure Virtual Machine.
- Enabled security recommendations.
- Enabled Azure Disk Encryption.