Introduction

Welcome to our comprehensive guide on host security. In this article, we build on our previous discussions covering identity and access, perimeter security, and network security as part of a robust defense-in-depth strategy. Now, we shift our focus to compute security.

Within compute security, there are two primary areas:

• Host Security: Pertains to Infrastructure as a Service (IaaS) solutions.
• Container Security: Relevant when using Azure Kubernetes Service (AKS), container apps, or container instances. For more details on AKS, refer to the Azure Kubernetes Service documentation.

In this guide, we focus initially on host security and subsequently discuss container security to ensure a thorough understanding of compute security.

Topics Covered

This module presents a comprehensive overview of host security best practices, including:

• Endpoint protection
• Privileged access device strategy
• Privileged access workstations (PAW)
• Virtual machine templates
• Secure remote access management using Azure Bastion
• Update management configuration
• Disk encryption deployment
• Microsoft Defender for Cloud deployment and configuration (formerly known as Security Center)
• Securing Azure workloads using the Azure Security Benchmark

We begin our deep dive into host security with the first topic: enabling endpoint protection. Continue reading to explore expert strategies and best practices to fortify your infrastructure against evolving threats.