What should you use to meet each requirement?

HOTSPOT

You have an Azure subscription that contains a resource group named RG1.

You have a group named Group1 that is assigned the Contributor role for RG1.

You need to enhance security for the virtual machines in RG1 to meet the following requirements:

• Prevent Group1 from assigning external IP addresses to the virtual machines.

• Ensure that Group1 can establish an RDP connection to the virtual machines through a shared external IP address.

What should you use to meet each requirement? To answer, select the appropriate options in the answer area. NOTE: Each correct selection is worth one point.

View Answer

Answer: Explanation:

Box 1: Azure Policy

There is a built-in policy in the Azure Policy service that allows you to block public IPs on all NICs of a VM.

Note: Azure Policy is a powerful tool in your Azure toolbox. It allows you to enforce specific governance principals you want to see implemented in your environment.

Some key examples of what Azure Policy allows you to do is:

Automatically tag resources

Block VMs from having a public IP

Enforce specific regions

Enforce VM size

Box 2: Azure Bastion

Azure Bastion is a fully managed PaaS service that provides secure and seamless RDP and SSH access to your virtual machines directly through the Azure Portal.

Azure Bastion is provisioned directly in your Virtual Network (VNet) and supports all VMs in your Virtual Network (VNet) using SSL without any exposure through public IP addresses.