Phase 3: Ongoing management and security
After you've onboarded Azure server management services, you'll need to focus on the operations and security configurations that will support your ongoing operations. We'll start with securing your environment by reviewing Microsoft Defender for Cloud. We'll then configure policies to keep your servers in compliance and automate common tasks. This section covers the following topics:
- Address security recommendations: Microsoft Defender for Cloud provides suggestions to improve the security of your environment. When you implement these recommendations, you see the impact reflected in a security score.
- Enable the guest configuration policy: Use the Azure Policy guest configuration feature to audit the settings in a virtual machine. For example, you can check whether any certificates are about to expire.
- Track and alert on critical changes: When you're troubleshooting, the first question to consider is, "What's changed?" In this article, you'll learn how to track changes and create alerts to proactively monitor critical components.
- Create update schedules: Schedule the installation of updates to ensure that all your servers have the latest ones.
- Common Azure Policy examples: This article provides examples of common management policies.
Address security recommendations
Microsoft Defender for Cloud is the central place to manage security for your environment. You'll see an overall assessment and targeted recommendations.
We recommend that you review and implement the recommendations provided by this service. For information about additional benefits of Microsoft Defender for Cloud, see Follow Microsoft Defender for Cloud recommendations.
Next steps
Learn how to enable the Azure Policy guest configuration feature.