diff --git a/articles/azure-government/TOC.yml b/articles/azure-government/TOC.yml index a7a4d3748a51b..b3a8017cdf71d 100644 --- a/articles/azure-government/TOC.yml +++ b/articles/azure-government/TOC.yml @@ -13,12 +13,6 @@ href: documentation-government-get-started-connect-with-portal.md - name: Azure CLI href: documentation-government-get-started-connect-with-cli.md - - name: DoD DISA STIGs - items: - - name: Deploy Linux VM - href: documentation-government-stig-linux-vm.md - - name: Deploy Windows VM - href: documentation-government-stig-windows-vm.md - name: PowerShell href: documentation-government-get-started-connect-with-ps.md - name: Visual Studio diff --git a/articles/azure-government/documentation-government-impact-level-5.md b/articles/azure-government/documentation-government-impact-level-5.md index 76a93370295a2..77eda5a3296d0 100644 --- a/articles/azure-government/documentation-government-impact-level-5.md +++ b/articles/azure-government/documentation-government-impact-level-5.md @@ -419,5 +419,3 @@ Start using Azure Government: - [Guidance for developers](./documentation-government-developer-guide.md) - [Connect with the Azure Government portal](./documentation-government-get-started-connect-with-portal.md) -- [Deploy STIG-compliant Linux VMs](./documentation-government-stig-linux-vm.md) -- [Deploy STIG-compliant Windows VMs](./documentation-government-stig-windows-vm.md) diff --git a/articles/azure-government/documentation-government-stig-linux-vm.md b/articles/azure-government/documentation-government-stig-linux-vm.md deleted file mode 100644 index 563e482ba85a8..0000000000000 --- a/articles/azure-government/documentation-government-stig-linux-vm.md +++ /dev/null @@ -1,185 +0,0 @@ ---- -title: Deploy STIG-compliant Linux Virtual Machines (Preview) -description: This quickstart shows you how to deploy a STIG-compliant Linux VM (Preview) from the Azure portal or Azure Government portal. -author: EliotSeattle -ms.author: eliotgra -ms.service: azure-government -ms.topic: quickstart -ms.custom: mode-other, kr2b-contr-experiment, linux-related-content -recommendations: false -ms.date: 06/06/2024 ---- - -# Deploy STIG-compliant Linux Virtual Machines (Preview) - -Microsoft Azure Security Technical Implementation Guides (STIGs) solution templates help you accelerate your [DoD STIG compliance](https://public.cyber.mil/stigs/) by delivering an automated solution to deploy virtual machines and apply STIGs through the Azure portal. - -This quickstart shows how to deploy a STIG-compliant Linux virtual machine (Preview) on Azure or Azure Government using the corresponding portal. - -## Prerequisites - -- Azure or Azure Government subscription -- Storage account - - If desired, must be in the same resource group/region as the VM - - Required if you plan to store Log Analytics diagnostics -- Log Analytics workspace (required if you plan to store diagnostic logs) - -## Sign in to Azure - -Sign in at the [Azure portal](https://portal.azure.com/) or [Azure Government portal](https://portal.azure.us/) depending on your subscription. - -## Create a STIG-compliant virtual machine - -1. Select *Create a resource*. -1. Type **Azure STIG Templates for Linux** in the search bar and press enter. -1. Select **Azure STIG Templates for Linux** from the search results and then **Create**. -1. In the **Basics** tab, under **Project details**: - - a. Select an existing *Subscription*. - - b. Create a new *Resource group* or enter an existing resource group. - - c. Select your *Region*. - - > [!IMPORTANT] - > Make sure to choose an empty resource group or create a new one. - - :::image type="content" source="./media/stig-project-details.png" alt-text="Project details section showing where you select the Azure subscription and the resource group for the virtual machine" border="false"::: - -1. Under **Instance details**, enter all required information: - - a. Enter the *VM name*. - - b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](/azure/virtual-machines/availability-set-overview). - - c. Select the *Linux OS version*. - - d. Select the instance *Size*. - - e. Enter the administrator account *Username*. - - f. Select the Authentication type by choosing either *Password* or *Public key*. - - g. Enter a *Password* or *Public key*. - - h. Confirm *Password* (*Public key* only needs to be input once). - - > [!NOTE] - > For instructions on creating an SSH RSA public-private key pair for SSH client connections, see **[Create and manage SSH keys for authentication to a Linux VM in Azure](/azure/virtual-machines/linux/create-ssh-keys-detailed).** - - :::image type="content" source="./media/stig-linux-instance-details.png" alt-text="Instance details section where you provide a name for the virtual machine and select its region, image, and size" border="false"::: - -1. Under **Disk**: - - a. Select the *OS disk type*. - - b. Select the *Encryption type*. - - :::image type="content" source="./media/stig-disk-options.png" alt-text="Disk options section showing where you select the disk and encryption type for the virtual machine" border="false"::: - -1. Under **Networking**: - - a. Select the *Virtual Network*. Either use existing virtual network or select *Create new* (note RDP inbound is disallowed). - - b. Select *Subnet*. - - c. Application security group (optional). - - :::image type="content" source="./media/stig-network-interface.png" alt-text="Network interface section showing where you select the network and subnet for the virtual machine" border="false"::: - -1. Under **Management**: - - a. For Diagnostic settings select *Storage account* (optional, required to store diagnostic logs). - - b. Enter Log Analytics workspace (optional, required to store log analytics). - - c. Enter Custom data (optional, only applicable for RHEL 7.7/7.8 and Ubuntu 18.04). - - :::image type="content" source="./media/stig-linux-diagnostic-settings.png" alt-text="Management section showing where you select the diagnostic settings for the virtual machine" border="false"::: - -1. Select **Review + create** to review summary of all selections. - -1. Once the validation check is successful Select ***Create***. - -1. Once the creation process is started, the ***Deployment*** process page will be displayed: - - a. **Deployment** ***Overview*** tab displays the deployment process including any errors that may occur. Once deployment is - complete, this tab provides information on the deployment and provides the opportunity to download the deployment details. - - b. ***Inputs*** tab provides a list of the inputs to the deployment. - - c. ***Outputs*** tab provides information on any deployment outputs. - - d. ***Template*** tab provides downloadable access to the JSON scripts used in the template. - -1. The deployed virtual machine can be found in the resource group used for the deployment. Since inbound RDP is disallowed, Azure Bastion must be used to connect to the VM. - -## High availability and resiliency - -Our solution template creates a single instance virtual machine using premium or standard operating system disk, which supports [SLA for Virtual Machines](https://azure.microsoft.com/support/legal/sla/virtual-machines/v1_9/). - -We recommend you deploy multiple instances of virtual machines configured behind Azure Load Balancer and/or Azure Traffic Manager for higher availability and resiliency. - -## Business continuity and disaster recovery (BCDR) - -As an organization you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe, and your apps and workloads online, when planned and unplanned outages occur. - -[Azure Site Recovery](../site-recovery/site-recovery-overview.md) helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there. After the primary location is running again, you can fail back to it. - -Site Recovery can manage replication for: - -- Azure VMs replicating between Azure regions. -- On-premises VMs, Azure Stack VMs, and physical servers. - -To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](/azure/virtual-machines/backup-recovery). - -## Clean up resources - -When no longer needed, you can delete the resource group, virtual machine, and all related resources. - -Select the resource group for the virtual machine, then select **Delete**. Confirm the name of the resource group to finish deleting the resources. - -## Support - -Contact Azure support to get assistance with issues related to STIG solution templates. You can create and manage support requests in the Azure portal. For more information see, [Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request). Use the following support paths when creating a ticket: - -Azure -> Virtual Machine running Linux -> Cannot create a VM -> Troubleshoot my ARM template error - -:::image type="content" source="./media/stig-linux-support.png" alt-text="New support request for Linux STIG solution template"::: - -## Frequently asked questions - -**When will STIG-compliant VMs reach general availability (GA)?**
-The Azure STIG-compliant VM offering is expected to remain in Preview instead of reaching GA because of the release cadence for DISA STIGs. Every quarter, the offering is upgraded with latest guidance, and this process is expected to continue in the future. See previous section for support options that most customers require for production workloads, including creating support tickets. - -**Can Azure Update Management be used with STIG images?**
-Yes, [Update Management](../automation/update-management/overview.md) in Azure Automation supports STIG images. - -**What STIG settings are being applied by the template?**
-For more information, see [Deploy Azure Virtual Machine (Linux) and apply STIG](https://github.com/Azure/ato-toolkit/tree/master/stig/linux). - -## Next steps - -This quickstart showed you how to deploy a STIG-compliant Linux virtual machine (Preview) on Azure or Azure Government. For more information about creating virtual machines in: - -- Azure, see [Quickstart: Create a Linux virtual machine in the Azure portal](/azure/virtual-machines/linux/quick-create-portal). -- Azure Government, see [Tutorial: Create virtual machines](./documentation-government-quickstarts-vm.md). - -To learn more about Azure services, continue to the Azure documentation. - -> [!div class="nextstepaction"] -> [Azure documentation](../index.yml) - -For more information about Azure Government, see the following resources: - -- [Azure Government overview](./documentation-government-welcome.md) -- [Compare Azure Government and global Azure](./compare-azure-government-global-azure.md) -- [Azure Government security](./documentation-government-plan-security.md) -- [Azure Government compliance](./documentation-government-plan-compliance.md) -- [Azure Government services by audit scope](./compliance/azure-services-in-fedramp-auditscope.md#azure-government-services-by-audit-scope) -- [Azure Government DoD overview](./documentation-government-overview-dod.md) -- [FedRAMP – Azure compliance](/azure/compliance/offerings/offering-fedramp) -- [DoD Impact Level 5 – Azure compliance](/azure/compliance/offerings/offering-dod-il5) -- [Isolation guidelines for Impact Level 5 workloads](./documentation-government-impact-level-5.md) -- [Secure Azure Computing Architecture](./compliance/secure-azure-computing-architecture.md) -- [Security Technical Implementation Guides (STIGs)](https://public.cyber.mil/stigs/) diff --git a/articles/azure-government/documentation-government-stig-windows-vm.md b/articles/azure-government/documentation-government-stig-windows-vm.md deleted file mode 100644 index 8fab356dd8676..0000000000000 --- a/articles/azure-government/documentation-government-stig-windows-vm.md +++ /dev/null @@ -1,180 +0,0 @@ ---- -title: Deploy STIG-compliant Windows Virtual Machines (Preview) -description: This quickstart shows you how to deploy a STIG-compliant Windows VM (Preview) from the Azure portal or Azure Government portal. -author: EliotSeattle -ms.author: eliotgra -ms.service: azure-government -ms.topic: quickstart -ms.custom: mode-other, kr2b-contr-experiment -recommendations: false -ms.date: 06/14/2023 ---- - -# Deploy STIG-compliant Windows Virtual Machines (Preview) - -Microsoft Azure Security Technical Implementation Guides (STIGs) solution templates help you accelerate your [DoD STIG compliance](https://public.cyber.mil/stigs/) by delivering an automated solution to deploy virtual machines and apply STIGs through the Azure portal. - -This quickstart shows how to deploy a STIG-compliant Windows virtual machine (Preview) on Azure or Azure Government using the corresponding portal. - -## Prerequisites - -- Azure or Azure Government subscription -- Storage account - - If desired, must be in the same resource group/region as the VM - - Required if you plan to store Log Analytics diagnostics -- Log Analytics workspace (required if you plan to store diagnostic logs) - -## Sign in to Azure - -Sign in at the [Azure portal](https://portal.azure.com/) or [Azure Government portal](https://portal.azure.us/) depending on your subscription. - -## Create a STIG-compliant virtual machine - -1. Select *Create a resource*. -1. Type **Azure STIG Templates for Windows** in the search bar and press enter. -1. Select **Azure STIG Templates for Windows** from the search results and then **Create**. -1. In the **Basics** tab, under **Project details**: - - a. Select an existing *Subscription*. - - b. Create a new *Resource group* or enter an existing resource group. - - c. Select your *Region*. - - > [!IMPORTANT] - > Make sure to choose an empty resource group or create a new one. - - :::image type="content" source="./media/stig-project-details.png" alt-text="Project details section showing where you select the Azure subscription and the resource group for the virtual machine" border="false"::: - -1. Under **Instance details**, enter all required information: - - a. Enter the *VM name*. - - b. Select the *Availability options*. To learn about availability sets, see [Availability sets overview](/azure/virtual-machines/availability-set-overview). - - c. Select the *Windows OS version*. - - d. Select the instance *Size*. - - e. Enter the administrator account *Username*. - - f. Enter the administrator account *Password*. - - g. Confirm *Password*. - - h. Check if using an existing Windows Server license. - - :::image type="content" source="./media/stig-windows-instance-details.png" alt-text="Instance details section where you provide a name for the virtual machine and select its region, image, and size" border="false"::: - -1. Under **Disk**: - - a. Select the *OS disk type*. - - b. Select the *Encryption type*. - - :::image type="content" source="./media/stig-disk-options.png" alt-text="Disk options section showing where you select the disk and encryption type for the virtual machine" border="false"::: - -1. Under **Networking**: - - a. Select the *Virtual Network*. Either use existing virtual network or select *Create new* (note RDP inbound is disallowed). - - b. Select *Subnet*. - - c. Application security group (optional). - - :::image type="content" source="./media/stig-network-interface.png" alt-text="Network interface section showing where you select the network and subnet for the virtual machine" border="false"::: - -1. Under **Management**: - - a. For Diagnostic settings select *Storage account* (optional, required to store diagnostic logs). - - b. Enter Log Analytics workspace (optional, required to store log analytics). - - :::image type="content" source="./media/stig-windows-diagnostic-settings.png" alt-text="Management section showing where you select the diagnostic settings for the virtual machine" border="false"::: - -1. Select **Review + create** to review summary of all selections. - -1. Once the validation check is successful select ***Create***. - -1. Once the creation process is started, the ***Deployment*** process page will be displayed: - - a. **Deployment** ***Overview*** tab displays the deployment process including any errors that may occur. Once deployment is - complete, this tab provides information on the deployment and provides the opportunity to download the deployment details. - - b. ***Inputs*** tab provides a list of the inputs to the deployment. - - c. ***Outputs*** tab provides information on any deployment outputs. - - d. ***Template*** tab provides downloadable access to the JSON scripts used in the template. - -1. The deployed virtual machine can be found in the resource group used for the deployment. Since inbound RDP is disallowed, Azure Bastion must be used to connect to the VM. - -## High availability and resiliency - -Our solution template creates a single instance virtual machine using premium or standard operating system disk, which supports [SLA for Virtual Machines](https://azure.microsoft.com/support/legal/sla/virtual-machines/v1_9/). - -We recommend you deploy multiple instances of virtual machines configured behind Azure Load Balancer and/or Azure Traffic Manager for higher availability and resiliency. - -## Business continuity and disaster recovery (BCDR) - -As an organization you need to adopt a business continuity and disaster recovery (BCDR) strategy that keeps your data safe, and your apps and workloads online, when planned and unplanned outages occur. - -[Azure Site Recovery](../site-recovery/site-recovery-overview.md) helps ensure business continuity by keeping business apps and workloads running during outages. Site Recovery replicates workloads running on physical and virtual machines from a primary site to a secondary location. When an outage occurs at your primary site, you fail over to secondary location, and access apps from there. After the primary location is running again, you can fail back to it. - -Site Recovery can manage replication for: - -- Azure VMs replicating between Azure regions. -- On-premises VMs, Azure Stack VMs, and physical servers. - -To learn more about backup and restore options for virtual machines in Azure, continue to [Overview of backup options for VMs](/azure/virtual-machines/backup-recovery). - -## Clean up resources - -When no longer needed, you can delete the resource group, virtual machine, and all related resources. - -Select the resource group for the virtual machine, then select **Delete**. Confirm the name of the resource group to finish deleting the resources. - -## Support - -Contact Azure support to get assistance with issues related to STIG solution templates. You can create and manage support requests in the Azure portal. For more information see, [Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request). Use the following support paths when creating a ticket: - -Azure -> Virtual Machine running Windows -> Cannot create a VM -> Troubleshoot my ARM template error - -:::image type="content" source="./media/stig-windows-support.png" alt-text="New support request for Windows STIG solution template"::: - -## Frequently asked questions - -**When will STIG-compliant VMs reach general availability (GA)?**
-The Azure STIG-compliant VM offering is expected to remain in Preview instead of reaching GA because of the release cadence for DISA STIGs. Every quarter, the offering is upgraded with latest guidance, and this process is expected to continue in the future. See previous section for support options that most customers require for production workloads, including creating support tickets. - -**Can Azure Update Management be used with STIG images?**
-Yes, [Update Management](../automation/update-management/overview.md) in Azure Automation supports STIG images. - -**What STIG settings are being applied by the template?**
-For more information, see [Deploy Azure Virtual Machine (Windows) and apply STIG](https://github.com/Azure/ato-toolkit/tree/master/stig/windows). - -## Next steps - -This quickstart showed you how to deploy a STIG-compliant Windows virtual machine (Preview) on Azure or Azure Government. For more information about creating virtual machines in: - -- Azure, see [Quickstart: Create a Windows virtual machine in the Azure portal](/azure/virtual-machines/windows/quick-create-portal). -- Azure Government, see [Tutorial: Create virtual machines](./documentation-government-quickstarts-vm.md). - -To learn more about Azure services, continue to the Azure documentation. - -> [!div class="nextstepaction"] -> [Azure documentation](../index.yml) - -For more information about Azure Government, see the following resources: - -- [Azure Government overview](./documentation-government-welcome.md) -- [Compare Azure Government and global Azure](./compare-azure-government-global-azure.md) -- [Azure Government security](./documentation-government-plan-security.md) -- [Azure Government compliance](./documentation-government-plan-compliance.md) -- [Azure Government services by audit scope](./compliance/azure-services-in-fedramp-auditscope.md#azure-government-services-by-audit-scope) -- [Azure Government DoD overview](./documentation-government-overview-dod.md) -- [FedRAMP – Azure compliance](/azure/compliance/offerings/offering-fedramp) -- [DoD Impact Level 5 – Azure compliance](/azure/compliance/offerings/offering-dod-il5) -- [Isolation guidelines for Impact Level 5 workloads](./documentation-government-impact-level-5.md) -- [Secure Azure Computing Architecture](./compliance/secure-azure-computing-architecture.md) -- [Security Technical Implementation Guides (STIGs)](https://public.cyber.mil/stigs/) diff --git a/articles/azure-government/index.yml b/articles/azure-government/index.yml index 91464a1c9ae6f..6292bbde43ce3 100644 --- a/articles/azure-government/index.yml +++ b/articles/azure-government/index.yml @@ -39,10 +39,6 @@ landingContent: url: documentation-government-get-started-connect-with-ps.md - text: Connect using Visual Studio url: documentation-government-connect-vs.md - - text: Deploy STIG-compliant Linux VM - url: documentation-government-stig-linux-vm.md - - text: Deploy STIG-compliant Windows VM - url: documentation-government-stig-windows-vm.md # Card - title: Compliance