Microsoft partners up with the Center of Internet Security to deliver hardened VMs in Azure
I saw something last week that was interesting that I am just getting to blog about now. It appears Microsoft has partnered with the Center of Internet Security (CIS) to deliver hardened virtual machines that you can purchase directly from the Azure Marketplace that have been securely pre-configured. This makes it easier for customers to deploy secured VMs in Azure that "out of the box" may meet the security controls of various standards, from PCI and CIS critical controls to the US NIST Cyber Framework.
You can go straight the Azure Marketplace and check it out. Search for "Center for Internet Security" and look at the list of VMs already listed. They plan to continue to update and release new images regularly.
One trick to look for is in the naming of the image. The CIS benchmarks have two differing levels and you need to pick the appropriate one for your organization:
Level 1 - Recommended, minimum security settings that should be configured on any system and should cause little or no interruption of service or reduced functionality. (Why doesn't Microsoft just make this the default for all VMs?)
Level 2 - Recommended security settings for highly secure environments and could result in some reduced functionality.
If you don't want to harden your own VMs in Azure, it appears you can pay the CIS to do so for your new deployments. If you give it a try let me know how it goes!