How to increase security of your Azure virtual machine (VM)
It is important to deploy an advanced defense mechanism for your Azure Windows and Linux machines. This is to prevent unauthorized access, brute force attack over the internet to your virtual machine, etc.
To provide more security on your environment, this could be achieved in multiple ways.
- Create or update an existing NSG to make it more restricted allowing access only to an IP range (organization network) and/or denying access to every other IPs in your inbound rule. Control network traffic flow with network security groups
- You can also, restrict the access to the VMs, using RBACs, please refer to Use Role-Based Access Control to manage access to your Azure subscription resources
- Another option is by using just in time access to secure the public facing ports of your VM. Manage virtual machine access using just in time
4. You can also put a the VM behind a Load Balancer and changing the public RDP port to a high (five digits) port. Refer this article, under Access Via Public Load Balancer section External RDP Access To Azure RM VM.
5. Use Azure Bastion to connect securely via the Azure portal, and block RDP traffic from the Internet in your Network Security Group (NSG).
6. Deploy an Azure VPN Gateway to provide an encrypted tunnel between your computer and your VMs, and block RDP traffic from the Internet in your Network Security Group (NSG).
