Probably you’re asking yourself what’s a jump host? So in simple words, is a virtual host which is not the same as you use daily to read e-mail, browse the web, install software, but is used to perform administrative tasks for one or multiple IT infrastructures.
These are some of the recommendations that I follow when I need to deploy a jump host in Azure. The first two, are the most important, you have to be sure of not doing any of these
- Do NOT install any productivity tools such as Office, it’s important to keep the VM as clean as possible, it’s only a considered to be a jump Host, not a working device.
- Do NOT use this VM for general internet browsing purposes
and other some recommendations…
- Isolate the VM with NSG, only is need to access where it is really needed
- Install the AntiMalware extension from Azure and configure Windows Defender Settings
- If possible, configure JIT on the VM
- Onboard the device in Microsoft Defender for Endpoint (if Possible)
- Apply the Microsoft Security baseline
- Enable Windows Defender Network Protection and Exploit Guard
- Enable Virtualization based security, if you deployed a Gen 2 VM
That’s all, as always, these are my recommendations, probably you have different ones