What to take into account to deploy a compliant development VM

Recently a developer asked me about what would be considered a compliant virtual machine for development

Depending on your corporate policy but to me a healthy virtual machine for development would have the following things initially:

    • It is deployed in a controlled virtual network and subnet.
    • It should not have any Internet exposure. Azure Bastion should be used.
    • It should have Microsoft Antimalware solution installed.
    • It should have Visual Studio Code installed.
    • It should integrate AAD for seamless sign-in.
    • It should send VM log to a Log Analytics workspace. If you have SIEM already and want to send log to Event Hub.
    • Its disk including data disk should be encrypted using Microsoft Disk encryption capability

So the deployment will be similar as follows:




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s