Forum Discussion
Solved
Jumphost Questions?
Environment: Hub - Spoke Environment in Azure Jumphost: Will provision Windows based VM and not WVD (customer request) Questions: a) Should Jumphost be hosted in Hub or can be hosted in the ind...
Hi since you are in an Hub and Spoke Topology the jumphost need to be on Hub (central operations ) and you can limit the incoming authorized requests either with network security groups either by using azure firewall or network virtual appliance of your choice .
If the virtual machine is domain joined you can simply restrict administrative access and leverage app locker policies in Group Policy Objects .
Since it's a Iaas workload the first thing to do is implement security best practice fundamentals
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
There a many builtin policies in Azure Security Center now Azure defender to prevent detect and respond to threats to your Vms.
https://docs.microsoft.com/en-us/azure/virtual-machines/security-policy
Tips : Your Jumphost does'nt need to have Public IP , you can create a DNAT rule and leverage the public IP of your firewall .
Hi since you are in an Hub and Spoke Topology the jumphost need to be on Hub (central operations ) and you can limit the incoming authorized requests either with network security groups either by using azure firewall or network virtual appliance of your choice .
If the virtual machine is domain joined you can simply restrict administrative access and leverage app locker policies in Group Policy Objects .
Since it's a Iaas workload the first thing to do is implement security best practice fundamentals
https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
There a many builtin policies in Azure Security Center now Azure defender to prevent detect and respond to threats to your Vms.
https://docs.microsoft.com/en-us/azure/virtual-machines/security-policy
Tips : Your Jumphost does'nt need to have Public IP , you can create a DNAT rule and leverage the public IP of your firewall .
