Approaching security for Azure Stack Hub
As we have previously stated in this chapter, Azure Stack Hub comes hardened by default and production-ready, but there are still some changes that can be made in Azure Stack Hub regarding security. This section will run through some of this security configuration.
When approaching security for Azure Stack Hub, there are several components that should be focused on. These include areas concerning workload protection and associated controls. We should be focusing on creating custom roles for use in the role-based access control (RBAC), as discussed in Chapter 4, Exploring Azure Stack Hub Identity.
We should also be focusing on our virtual networking security and ensuring that we review the security groups and egress security, especially when it comes to software-defined networking. To cover networking in a little more detail, let's take a look at a particular component – Transport Layer Security (TLS).
