If you are planning to implement Azure Stack in your infrastructure, you should make sure you have a security concept for it. If your customers will run their company's workloads in your environment, you will have to show them that your environment is secure. Therefore, we need to take care of some important points that should be part of your security concept for Azure Stack.
As Azure Stack is delivered as an integrated system, it will be secure by default, which means every VM has integrated hardening by default. And even though everything is a VM of either Windows Server 2016 Full Server Edition or Core Server Edition, you are unable to install anything on the VMs themselves. This means that no antivirus or backup solution can be installed as you can only use the Microsoft integrated solutions (Windows Defender and InMage) with it. The ways to deal with this are described in a later chapter.