AZURE Compute Audit

Your EC2 could become your weakest link. Cloudanix can help!

What we do?

Virtual Machine Extensions Installed

Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions.

Addresses: Security

Additional Reading:

Virtual Machines should only allow SSH based authentication

Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication.

Addresses: Security

Additional Reading:

Virtual Machines should have sufficient daily backup retention period

Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient daily backup retention period configured within the associated backup policy for security and compliance purposes. The maximum retention period supported is 30 days.

Addresses: Reliability

Additional Reading:

Virtual Machines should have sufficient instant restore retention period

Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient snapshot instant restore retention period configured for data security and internal compliance. Instant recovery snapshots are stored together with the VM disk volumes to speed up the recovery point creation and the restore operations. Azure VM instant restore retention period can range from a minimum of 1 day to a maximum of 5 days.

Addresses: Reliability

Additional Reading:

Virtual Machines should have backups

Ensure that Azure Backup service is enabled and configured to create server backups for your Microsoft Azure virtual machines (VMs), in order to follow data security best practices and compliance requirements. Azure Backup service is a cost-effective, one-click backup solution, that simplifies virtual machine data recovery in your Azure cloud account.

Addresses: Security

Additional Reading:

Virtual Machines should user Standard SSD for Cost Effective storage

Ensure that your Microsoft Azure virtual machines (VMs) are using Standard SSD disk volumes instead of Premium SSD volumes for cost-effective storage that fits a broad range of workloads from web servers to enterprise applications that need consistent performance at lower IOPS levels. Unless you are running mission-critical applications or performance sensitive workloads that need more than 6000 IOPS or 750 MiB/s of throughput per VM disk volume, it's recommends converting your Premium SSD volumes to Standard SSD in order to lower the cost of your Azure monthly bill.

Addresses: Cost Optimization

Additional Reading:

OS Disks Lacking Encryption

Encrypting the IaaS VM's OS disk (boot volume) ensures that its entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.

Addresses: Security

Additional Reading:

Disks Lacking Encryption

Encrypting disks ensures that their entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.

Addresses: Security

Additional Reading:

Remove Unattached Virtual Machine Disk Volumes

Identify any unattached (unused) Microsoft Azure virtual machine disk volumes available within your Azure cloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.

Addresses: Security, Cost Optimization

Additional Reading: