Skip to content

Add Azure security documentation and best practices for .NET Aspire deployments #4051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Jul 18, 2025
Merged

Add Azure security documentation and best practices for .NET Aspire deployments #4051

merged 3 commits into from
Jul 18, 2025

Conversation

Copilot
Copy link
Contributor

@Copilot Copilot AI commented Jul 15, 2025
edited by github-actions bot
Loading

This PR adds comprehensive Azure security documentation for .NET Aspire deployments as requested in the issue. The new article covers:

What's included

New documentation: docs/deployment/azure/azure-security-best-practices.md

Default security posture

  • Container-level security (secure base images, non-root execution, minimal surface)
  • Network security (private networking, encrypted service-to-service communication, HTTPS endpoints)
  • Identity and access management (managed identities, Azure RBAC integration)
  • Configuration and secrets management (secure configuration, environment variables)

Additional security hardening

  • Azure Key Vault integration with code examples
  • User-assigned managed identities configuration
  • Network security implementation (virtual networks, NSGs, private endpoints)
  • Comprehensive monitoring setup (Application Insights, Azure Monitor)
  • Data storage security (encryption at rest, backup retention)

Production considerations

  • Environment separation strategies
  • Secret rotation procedures
  • Access control best practices (principle of least privilege, JIT access, MFA)
  • Compliance and auditing (audit logging, vulnerability scanning)

Security monitoring and incident response

  • Continuous monitoring setup
  • Incident response planning and procedures

Changes made

  1. Created new article at docs/deployment/azure/azure-security-best-practices.md (203 lines)
  2. Updated table of contents in docs/toc.yml to include the new article in the Deploy > Azure section
  3. Validated content using markdownlint to ensure consistency with repository standards

The documentation follows the Microsoft Writing Style Guide and matches the existing documentation patterns, including proper front matter, code examples, and cross-references to related articles.

Fixes #1766.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Internal previews

📄 File 🔗 Preview link
docs/deployment/azure/azure-security-best-practices.md docs/deployment/azure/azure-security-best-practices
docs/toc.yml docs/toc

@Copilot Copilot AI changed the title [WIP] [New article]: Azure security documentation and best practices Add Azure security documentation and best practices for .NET Aspire deployments Jul 15, 2025
@Copilot Copilot AI requested a review from IEvangelist July 15, 2025 17:17
Copilot finished work on behalf of IEvangelist July 15, 2025 17:17
IEvangelist
IEvangelist requested changes Jul 17, 2025
View reviewed changes
Copilot finished work on behalf of IEvangelist July 17, 2025 20:09
@Copilot Copilot AI requested a review from IEvangelist July 17, 2025 20:09
@IEvangelist IEvangelist marked this pull request as ready for review July 18, 2025 12:50
@IEvangelist IEvangelist requested review from tdykstra and adegeo July 18, 2025 14:46
@IEvangelist IEvangelist merged commit 96df128 into main Jul 18, 2025
9 checks passed
@IEvangelist IEvangelist deleted the copilot/fix-1766 branch July 18, 2025 19:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@IEvangelist IEvangelist IEvangelist approved these changes

@adegeo adegeo adegeo approved these changes

@tdykstra tdykstra Awaiting requested review from tdykstra

Assignees

@IEvangelist IEvangelist

Copilot code review Copilot

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[New article]: Azure security documentation and best practices
3 participants
@Copilot @IEvangelist @adegeo