Recently a developer asked me about what would be considered a compliant virtual machine for development
Depending on your corporate policy but to me a healthy virtual machine for development would have the following things initially:
- It is deployed in a controlled virtual network and subnet.
- It should not have any Internet exposure. Azure Bastion should be used.
- It should have Microsoft Antimalware solution installed.
- It should have Visual Studio Code installed.
- It should integrate AAD for seamless sign-in.
- It should send VM log to a Log Analytics workspace. If you have SIEM already and want to send log to Event Hub.
- Its disk including data disk should be encrypted using Microsoft Disk encryption capability
So the deployment will be similar as follows: