As businesses across the globe have adapted to a remote working model, the need for more robust security measures has naturally increased. Remote co-workers are naturally more vulnerable, particularly when they might be connecting via an unsecured network or using personal devices without the proper protections in place.
Azure Virtual Desktop (AVD), a desktop and application virtualisation service running in the Azure Cloud, empowers employees to work from anywhere, without losing access to the crucial business resources they need to maintain productivity. Alongside flexibility and agility, one of the primary benefits of Azure Virtual Desktop is its enhanced security capabilities. AVD benefits from the advanced security infrastructure of Azure. This is supported by Microsoft’s ongoing cyber security research, which they invest $1 billion into annually.
Which Azure Virtual Desktop Security Features Should Your Business be Utilising?
As AVD is a service that runs on Azure, to optimise your Azure Virtual Desktop security, you need to ensure that your surrounding Azure infrastructure and management plane are properly protected. Many of the built-in Azure security features will also help to secure your AVD deployment.
Azure Security Centre
Azure Security Centre is a set of tools that enables the management of the security of virtual machines and Cloud computing resources within Azure. Azure’s Security Centre can provide feedback on your current security setup in Azure Virtual Desktop, highlighting vulnerabilities and suggesting remedies for any gaps in policies and processes.
You need to protect the data stored in Azure Virtual Desktop in case a disaster should occur. Azure Backup allows you to back up everything in your Azure environment, including databases and virtual machines. You can use Azure’s native disaster recovery service, Azure Site Recovery, to ensure your applications are kept up and running even during outages. With Azure Service Health, you will receive notifications about Azure service incidents and planned maintenance so you can mitigate downtime.
Microsoft-managed Gateway Servers
The Remote Connection Gateway service is solely managed by Microsoft. It connects remote users to Azure Virtual Desktop applications and desktops from any internet-connected device with the ability to run an Azure Virtual Desktop client. The client connects to a gateway, which orchestrates a connection from a VM back to the same gateway. This offers a more secure setup because, as there is no need for Public IP addresses, open inbound ports or SSL certificates, there are no public-facing exposures or attack vectors.
Introducing multi-factor authentication (MFA) as a requirement for all users and administrators in Azure Virtual Desktop will improve the security of your entire deployment. Through integration with Azure Active Directory, enabling multi-factor authentication for AVD is seamless. Furthermore, enabling Conditional Access will let you mitigate threats before you grant users access to your AVD environment. Conditional Access can be used with MFA to secure both the Web and Windows Desktop Client and allows you to consider how users are signing in and what devices they are using as well as who the user is.
Role-based Access Control
Azure Virtual Desktop uses Azure role-based access control (RBAC) to allow you to designate permissions. You can manage who has access to areas and resources, and what these users can do with those resources. The built-in roles for Azure are Owner, Contributor and Reader. However, with AVD you can designate additional roles, separating management roles for host pools, application groups and workspaces. This not only facilitates more granular control over administrative tasks but enhances Azure Virtual Desktop security.
See How Azure Virtual Desktop Security Stacks Up
At Ortus, we have the expertise to help you strengthen the protections of your Azure Virtual Desktop environment. To discover more about Azure Virtual Desktop security, and how its features compare to legacy servers, download our free battlecard today.