Azure - CIS Microsoft Windows Server 2012 R2 Benchmark Compliance

Azure - CIS Microsoft Windows Server 2012 R2 Benchmark Compliance

All virtual machines hosted in Azure should adhere to the campus Departmental IT Security Baseline. Adherence to the Departmental IT Security Baseline is the responsibility of Azure customers.

To make Departmental IT Security Baseline compliance easier, a subset of the Center for Information Security 'CIS Microsoft Windows Server 2012 R2 Benchmark (Level 1)' can applied to a VM provisioned using Microsoft's Windows Server 2012 R2 templates.

As part of the Windows Server 2012 R2 VM provisioning (recommended):
After a Windows Server 2012 R2 VM has been provisioned:
A copy of the 'Security Configuration Assessment Report for the Windows Server 2012 R2 template can be found here. In addition to the changes documented in the assessment report, Windows Firewall is configured to only allow incoming Remote Desktop connections from Well-known UW-Madison Campus IP address ranges.

To make changes to this configuration (e.g., updating the Windows Update settings), changes must be made using the Group Policy Object Editor:
  • Login to the Windows VM using Remote Desktop
  • Open the Microsoft Management Console (mmc.exe)
  • File -> Add/Remove Snap In...
  • Group Policy Object Editor
  • Add >
  • Group Policy Object: Local Computer
  • Finish
  • OK
Microsoft provide additional details on the Windows settings available for configuration via group policy at

Group Policy Settings Reference for Windows and Windows Server

About the Center for Internet Security

"The Center for Internet Security (CIS) is a 501(c)(3) organization dedicated to enhancing the cybersecurity readiness and response among public and private sector entities. Utilizing its strong industry and government partnerships, CIS combats evolving cybersecurity challenges on a global scale and helps organizations adopt key best practices to achieve immediate and effective defenses against cyber attacks. CIS is home to the Multi-State Information Sharing and Analysis Center (MS-ISAC), CIS Security Benchmarks, and CIS Critical Security Controls."

About the CIS Microsoft Windows Server 2012 R2 Benchmark

"[The CIS Microsoft Windows Server 2012 R2 Benchmark] provides prescriptive guidance for establishing a secure configuration posture for CIS Microsoft Windows Server 2012 R2.

To obtain the latest version of this [benchmark], please visit"

See Also:

If you have any questions, feedback or ideas please Contact Us

Commonly Referenced Docs:

UW Madison Public Cloud Team Events
Online Learning Classes for Cloud Vendors
What Data Elements are allowed in the Public Cloud

Keywords:azure cis center for internet security framework baseline windows server 2012r2 update group policy vm   Doc ID:68176
Owner:Steve T.Group:Public Cloud
Created:2016-11-01 10:46 CDTUpdated:2022-06-23 16:53 CDT
Sites:Public Cloud
Feedback:  0   0