Skip to main content

Policies on a Landing Zone without Corporate Add-on

Landing Zone without Corporate Addon

We have around 120 policies assigned to each Landing Zone without Corporate Add-on. In a nutshell, their goal is to:

  • Force Antivirus on Virtual Machines
  • Force Vulnerability Management on Virtual Machines
  • Force security logging and monitoring on Virtual Machine
  • Forbid any NSG rules allowing All Internet inbound traffic on any port different than 443 or 80 (other port are authorized on specific Internet IP)
  • Audit public access on Azure PaaS services (best practice beeing to disable it in the majority of uses cases)

The full list of policies is available in this Excel file