Forum Discussion
Jumphost Questions?
Hi since you are in an Hub and Spoke Topology the jumphost need to be on Hub (central operations ) and you can limit the incoming authorized requests either with network security groups either by using azure firewall or network virtual appliance of your choice .
If the virtual machine is domain joined you can simply restrict administrative access and leverage app locker policies in Group Policy Objects .
Since it's a Iaas workload the first thing to do is implement security best practice fundamentals
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
There a many builtin policies in Azure Security Center now Azure defender to prevent detect and respond to threats to your Vms.
https://docs.microsoft.com/en-us/azure/virtual-machines/security-policy
Tips : Your Jumphost does'nt need to have Public IP , you can create a DNAT rule and leverage the public IP of your firewall .
Hi since you are in an Hub and Spoke Topology the jumphost need to be on Hub (central operations ) and you can limit the incoming authorized requests either with network security groups either by using azure firewall or network virtual appliance of your choice .
If the virtual machine is domain joined you can simply restrict administrative access and leverage app locker policies in Group Policy Objects .
Since it's a Iaas workload the first thing to do is implement security best practice fundamentals
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
There a many builtin policies in Azure Security Center now Azure defender to prevent detect and respond to threats to your Vms.
https://docs.microsoft.com/en-us/azure/virtual-machines/security-policy
Tips : Your Jumphost does'nt need to have Public IP , you can create a DNAT rule and leverage the public IP of your firewall .