You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/operator-insights/set-up-ingestion-agent.md
+28-15Lines changed: 28 additions & 15 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,21 +30,34 @@ From the documentation for your Data Product, obtain the:
30
30
31
31
The VM used for the ingestion agent should be set up following best practice for security. We recommend the following actions:
32
32
33
-
-**Networking**
34
-
- Give the VM a private IP address.
35
-
- Configure an Azure virtual network between the VM and the Data Product's input storage account. This might incur extra cost.
36
-
- Configure a Network Security Group (NSG) to only allow network traffic on the ports that are required to run the agent and maintain the VM.
37
-
-**Disk encryption** - ensure Azure disk encryption is enabled (this is the default when you create the VM).
38
-
-**OS version**
39
-
- Keep the OS version up-to-date to avoid known vulnerabilities.
40
-
- Configure the VM to periodically check for missing system updates.
41
-
-**Access** Limit access to the VM to a minimal set of users. Configure audit logging on the VM - for example, using the Linux audit package - to record log in attempts and actions taken by logged-in users. We recommend that you restrict the following:
42
-
- Admin access to the VM (for example, to stop/start/install the ingestion agent).
43
-
- Access to the directory where the logs are stored: */var/log/az-aoi-ingestion/*.
44
-
- Access to the managed identity or certificate and private key for the service principal that you create during this procedure.
45
-
- Access to the directory for secrets that you create on the VM during this procedure.
46
-
47
-
When using an Azure VM, also follow all recommendations from **Microsoft Defender for Cloud**. You can find these recommendations in the portal by navigating to the VM, then selecting Security.
33
+
### Networking
34
+
35
+
- Give the VM a private IP address.
36
+
- Configure an Azure virtual network between the VM and the Data Product's input storage account. This might incur extra cost.
37
+
- Configure a Network Security Group (NSG) to only allow network traffic on the ports that are required to run the agent and maintain the VM.
38
+
39
+
### Disk encryption
40
+
41
+
Ensure Azure disk encryption is enabled (this is the default when you create the VM).
42
+
43
+
### OS version
44
+
45
+
- Keep the OS version up-to-date to avoid known vulnerabilities.
46
+
- Configure the VM to periodically check for missing system updates.
47
+
48
+
### Access
49
+
50
+
Limit access to the VM to a minimal set of users. Configure audit logging on the VM - for example, using the Linux audit package - to record log in attempts and actions taken by logged-in users.
51
+
52
+
We recommend that you restrict the following:
53
+
- Admin access to the VM (for example, to stop/start/install the ingestion agent).
54
+
- Access to the directory where the logs are stored: */var/log/az-aoi-ingestion/*.
55
+
- Access to the managed identity or certificate and private key for the service principal that you create during this procedure.
56
+
- Access to the directory for secrets that you create on the VM during this procedure.
57
+
58
+
### Microsoft Defender for Cloud
59
+
60
+
When using an Azure VM, also follow all recommendations from Microsoft Defender for Cloud. You can find these recommendations in the portal by navigating to the VM, then selecting Security.
0 commit comments