Here are some things you should be following with respect to VMs:
- Protect VMs with secure authentication and access control
- Use the ARM Template for consistency in deployment
- Use multiple VMs for better availability, and consider putting them into availability sets
- Integrate VMs into Azure Security Center and use anti-malware
- Leverage Azure Monitor to help with visibility into resource issues
- Encrypt your disks
Note
For more details, refer the MSDN documentation, available at https://blogs.msdn.microsoft.com/plankytronixx/2015/05/01/azure-exam-prep-fault-domains-and-update-domains/
The following practices should be avoided:
- Do not give everyone admin control, useless you use Azure Privileged Identity Management
- Donot allow VMs to get behind our their patches and updates
- Do not forget to use a key encryption key (KEK) as an extra layer of encryption.