Traditional network guy here, I've not had a lot of exposure to managing systems (mostly keeping them running until the systems guy/gal gets back) and completely new to working on systems in the cloud.
I've staged my first bundle of servers, waiting for our db guy to build a mongo cluster. I was investigating monitoring and scratching at Log Analytics queries to put alerts on low disk space when I looked at my new servers and noticed that the OS and data disks are both deployed with "Enable public access from all networks". Wow, I definitely did not see that coming - is that the default? Please tell me I did it wrong; that cant really be the default security posture, can it??
So I have several questions: how would I connect from public space (not that I would leave it that way), but also what would I lose if I set it to "Disable public and private access"? I would expect this gives a lot of options to move data or an image directly to the disk without going through the OS to access it, is that correct? Finally, what would be the best practice for adding it to a private subnet, do you just set it in the subnet where the machine resides or segment to a separate subnet?
I'd appreciate any guidance here...
