Azure Compute
About
Monitor your AZURE Compute resources for best practices.
Security
Virtual Machine Extensions Installed
Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions.
Virtual Machines should only allow SSH based authentication
Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication.
Virtual Machines should have backups
Ensure that Azure Backup service is enabled and configured to create server backups for your Microsoft Azure virtual machines (VMs), in order to follow data security best practices and compliance requirements. Azure Backup service is a cost-effective, one-click backup solution, that simplifies virtual machine data recovery in your Azure cloud account.
Setup Alerts for Create or Update Virtual Machine Events
Ensure that an Azure activity log alert is fired whenever 'Create Virtual Machine' or 'Update Virtual Machine' events are triggered in your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs. The matched condition is Whenever the Administrative Activity Log 'Create or Update Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'
Setup Alerts for Power Off Virtual Machine Events
Ensure that a Microsoft Azure activity log alert is fired whenever a 'Power Off Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition defined in the alert configuration is triggered. The alert condition that this conformity rule checks for is `Whenever the Administrative Activity Log 'Power Off Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'`
Setup Alerts for Delete Virtual Machine Events
Ensure that a Microsoft Azure activity log alert is fired whenever a 'Delete Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition specified in the alert configuration is triggered. The alert condition that this rule searches for is `Whenever the Administrative Activity Log 'Delete Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'`
Disks Lacking Encryption
Encrypting disks ensures that their entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.
Remove Unattached Virtual Machine Disk Volumes
Identify any unattached (unused) Microsoft Azure virtual machine disk volumes available within your Azure cloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.
Reliability
Virtual Machines should have sufficient daily backup retention period
Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient daily backup retention period configured within the associated backup policy for security and compliance purposes. The maximum retention period supported is 30 days.
Virtual Machines should have sufficient instant restore retention period
Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient snapshot instant restore retention period configured for data security and internal compliance. Instant recovery snapshots are stored together with the VM disk volumes to speed up the recovery point creation and the restore operations. Azure VM instant restore retention period can range from a minimum of 1 day to a maximum of 5 days.
Cost Optimization
Virtual Machines should user Standard SSD for Cost Effective storage
Ensure that your Microsoft Azure virtual machines (VMs) are using Standard SSD disk volumes instead of Premium SSD volumes for cost-effective storage that fits a broad range of workloads from web servers to enterprise applications that need consistent performance at lower IOPS levels. Unless you are running mission-critical applications or performance sensitive workloads that need more than 6000 IOPS or 750 MiB/s of throughput per VM disk volume, it's recommends converting your Premium SSD volumes to Standard SSD in order to lower the cost of your Azure monthly bill.
Sources
https://www.cloudanix.com/recipelist/azure/azurecomputeaudit
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/extensions-features
https://docs.microsoft.com/en-us/azure/virtual-machines/linux/create-ssh-keys-detailed
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal#start-a-backup-job
https://docs.microsoft.com/en-us/azure/backup/backup-instant-restore-capability
https://docs.microsoft.com/en-us/azure/backup/quick-backup-vm-portal
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-activity-log
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/alerts-log
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/convert-disk-storage
https://docs.microsoft.com/en-us/azure/security/azure-security-disk-encryption-overview
https://docs.microsoft.com/en-us/azure/security-center/security-center-apply-disk-encryption
https://docs.microsoft.com/en-us/azure/virtual-machines/windows/managed-disks-overview
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
