Microsoft Security Compliance Toolkit 1.0 and Azure Automanage Machine Configuration

To deploy Windows images in Azure with Security Baselines applied from the Microsoft Security Compliance Toolkit, you can follow these general steps:

Prepare the Security Baseline: Download and extract the Microsoft Security Compliance Toolkit, which contains the Security Baselines for various Windows versions. Select the appropriate Security Baseline for your Windows images and review the configuration settings.

Create a custom Windows image: Set up a virtual machine (VM) in Azure with the desired Windows version. Install the necessary software, applications, and updates on the VM. Apply the Security Baseline settings manually to configure the security policies on the VM.

Generalize the VM: Use the Sysprep tool or Azure Image Builder service to generalize the VM. This process removes unique system information and prepares the VM for image creation.

Capture the VM image: Capture the generalized VM as a custom VM image in Azure. This image will serve as the base image with the Security Baseline applied.

Provision VMs using the custom image: Use the custom VM image to deploy new VMs in Azure. You can use various methods, such as Azure portal, Azure PowerShell, Azure CLI, or Azure Resource Manager (ARM) templates, to provision VMs based on the custom image.

Scale and manage the deployed VMs: Depending on your requirements, you can scale the number of VM instances using features like Azure Virtual Machine Scale Sets. You can also use Azure Automation or Azure Policy to manage and enforce security configurations and policies on the deployed VMs.