Windows VM with Azure secure baseline.
This template allows you to deploy a Windows VM with the Azure secure baseline applied. For details about the settings in the baseline, review the reference documentation.
General information about how configurations are assigned to machines in Azure is available in documentation.
Understand the guest configuration feature of Azure Policy
A detailed how to document about assigning configurations to machines, and how to customize configurations from ARM, is also available.
Common administration ports to log in to the VM directly, are not opened in this template. After deploying this machine, it is expected that you will deploy applications using a service such as Azure DevOps.
To provide ongoing operations for the machine, it is expected you will use the available Azure management services. You can also view the Cloud Adoption Framework for more information about best practices.
- Azure Automanage
- Azure Monitor
- Azure Update Management
- Azure Automation inventory feature
- Azure Policy's guest configuration feature
- Azure Backup
- Azure Custom Script extension for Windows
- Azure Run Commands for Windows
If you would prefer to open common ports, modify rules in the network security group associated with the network adapter for the machine.
How to create a guest configuration assignment using templates
If you're new to Azure virtual machines, see:
- Azure Virtual Machines
- Azure Linux Virtual Machines documentation
- Azure Windows Virtual Machines documentation
- Template reference
- Quickstart templates
If you're new to template deployment, see:
- Azure Resource Manager documentation
- Quickstart: Create a Windows virtual machine using an ARM template
Tags: Microsoft.Network/networkSecurityGroups, Microsoft.Network/virtualNetworks, Microsoft.Network/publicIPAddresses, Microsoft.Network/networkInterfaces, Microsoft.Compute/virtualMachines, Microsoft.Compute/virtualMachines/extensions, ConfigurationforWindows, Microsoft.GuestConfiguration/guestConfigurationAssignments