Policies on a Landing Zone with Corporate Add-on
The goal of the Corporate Add-on is to forbid any Internet Exposition on the workload deployed in the Landing Zone. This security is implemented using Azure Policies.
We have around 120 policies assigned to each Landing Zone with Corporate Add-on. In a nutshell, their goal is to:
- Force Antivirus on Virtual Machines
- Force Vulnerability Management on Virtual Machines
- Force security logging and monitoring on Virtual Machine
- Forbid any NSG rules allowing Internet inbound traffic
- Forbid public access to Azure PaaS services
The full list of policies is available in this Excel file