Deploy Enterprise Landing Zone Enterprise-Scale/README.md at main · Azure/Enterprise-Scale (github.com) Platform Management, Security & Governance • Deploy Log Analytics workspace. • Log Analytics Data Retention (days) • Select which Azure Monitor solutions you will enable for your Log Analytics workspace • Deploy Agent Health solution • Deploy Change Tracking solution • Deploy Update Management solution • Deploy Activity Log solution • Deploy VM Insights solution • Deploy Antimalware solution • Deploy Service Map solution • Deploy SQL Assessment solution • Select which Azure Security solutions you will enable. • Deploy Azure Security Center and enable security monitoring for your platform and resources • Azure Security Center Email Contact • Deploy Azure Sentinel Network Topology and connectivity • Requirements for the Hub/Spoke • Address Space for the Virtual Hub (/20 por ejemplo) • Region for the Virtual Hub • DDoS Protection Standard • Private DNS Zones for Azure PaaS • Deploy VPN Gateway • VPN Type: Route/Policy • Subnet for the Gateways (/29) • Deploy ExpressRoute Gateway • Deploy Azure Firewall Landing Zone Configuration • Which policies Will be enaled: • Prevent usage of Public Endpoints for PaaS services in the corp connected landing zones • Ensure encryption in transit is enabled for PaaS services • Ensure Azure VMs (Windows & Linux) are being monitored • Ensure Azure VMs (Windows & Linux) are enabled for Azure Backup • Prevent inbound RDP from internet • Ensure subnets are associated with NSG • Prevent IP forwarding • Ensure Azure SQL is enabled with transparent data encryption • Ensure auditing is enabled on Azure SQL • Ensure secure connections (HTTPS) to storage accounts