Azure

I am beyond grateful for receiving a Gold Club Circle of Excellence 2020 Award for my work and achievements of the past fiscal year.

As of writing this post (August 8th, 2019) there are 159 Azure Policies available and 111 are in preview (and 27 deprecated). In this post I try to come up with a decent set of ‘common sense’ policies that can prevent data leaks or other issues, I focus primarily on security-related policies. Some of them are so essential, that I would always recommend to enable them - some of them are very specific, so let us use the old consultant wisdom: “it depends”!

I don’t want to expose VMs to the entire internet - and neither should you. That is basically an invite to brute force attack the VM. Therefore, if I don’t use a VPN or Express Route connection to use private IPs, I use Network Security Groups (NSG) to control the traffic to VMs by allowing a single source IP.

In this post, I show how I do that with Terraform.