last sync: 2024-Jun-13 18:14:35 UTC

Spain ENS

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameSpain ENS
Id175daf90-21e1-4fec-b745-7b4c909aa94c
Version1.0.0
Details on versioning
CategoryRegulatory Compliance
Microsoft Learn
DescriptionThis initiative includes policies that address National Security Scheme (ENS) controls specifically for the 'CCN-STIC 884'. This policy set includes definitions that have a Deny effect by default.
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 879
Builtin Policies: 654
Static Policies: 225
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources 0961003e-5a0a-4549-abde-af6a37f2724d Security Center Default
Disabled
Allowed
AuditIfNotExists, Disabled
0 Deprecated
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Azure Key Vault Managed HSM keys should have an expiration date 1d478a74-21ba-4b9f-9d8f-8e6fced0eec5 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview
[Preview]: Azure Recovery Services vaults should use customer-managed keys for encrypting backup data 2e94d99a-8a36-4563-bc77-810d8893b671 Backup Default
Audit
Allowed
Audit, Deny, Disabled
0 Preview
[Preview]: Azure Recovery Services vaults should use private link for backup deeddb44-9f94-4903-9fa0-081d524406e3 Backup Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region 615b01c4-d565-4f6f-8c6e-d130268e3a1a Backup Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
1 Backup Contributor Preview
[Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region 958dbd4e-0e20-4385-a082-d3f20c2a6ad8 Backup Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
1 Backup Contributor Preview
[Preview]: Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory 09a1f130-7697-42bc-8d84-8a9ea17e5192 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory 09a1f130-7697-42bc-8d84-8a9ea17e5187 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Azure Connected Machine Resource Administrator Preview
[Preview]: Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory bef2d677-e829-492d-9a3d-f5a20fda818f ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Linux VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity 56d0ed2b-60fc-44bf-af81-a78c851b5fe1 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory 1142b015-2bd7-41e0-8645-a531afe09a1e ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Linux VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity b73e81f3-6303-48ad-9822-b69fc00c15ef ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure Recovery Services vaults to use private DNS zones for backup af783da1-4ad1-42be-800d-d19c70038820 Backup Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Network Contributor Preview
[Preview]: Configure Recovery Services vaults to use private endpoints for backup 8015d6ed-3641-4534-8d0b-5c67b67ff7de Backup Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Network Contributor Preview
[Preview]: Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory ef9fe2ce-a588-4edd-829c-6247069dcfdb ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory a7acfae7-9497-4a3f-a3b5-a16a50abbe2f ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Azure Connected Machine Resource Administrator Preview
[Preview]: Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory b6faa975-0add-4f35-8d1c-70bba45c4424 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Windows VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity ad1eeff9-20d7-4c82-a04e-903acab0bfc1 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory 8fd85785-1547-4a4a-bf90-d5483c9571c5 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor Preview
[Preview]: Configure Windows VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity 4485d24b-a9d3-4206-b691-1fad83bc5007 ChangeTrackingAndInventory Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Virtual Machine Contributor Preview
[Preview]: Disable Cross Subscription Restore for Backup Vaults 4d479a11-f2b5-4f0a-bb1e-d2332aa95cda Backup Default
Modify
Allowed
Modify, Disabled
1 Backup Contributor Preview
[Preview]: Immutability must be enabled for backup vaults 2514263b-bc0d-4b06-ac3e-f262c0979018 Backup Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: Immutability must be enabled for Recovery Services vaults d6f6f560-14b7-49a4-9fc8-d2c3a9807868 Backup Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: Log Analytics Extension should be enabled for listed virtual machine images 32133ab0-ee4b-4b44-98d6-042180979d50 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Soft delete should be enabled for Backup Vaults 9798d31d-6028-4dee-8643-46102185c016 Backup Default
Audit
Allowed
Audit, Disabled
0 Preview
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with owner permissions on Azure resources should be MFA enabled e3e008c3-56b9-4133-8fd7-d3347377402a Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with read permissions on Azure resources should be MFA enabled 81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with write permissions on Azure resources should be MFA enabled 931e118d-50a1-4457-a5e4-78550e086c52 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Adaptive application controls for defining safe applications should be enabled on your machines 47a6b606-51aa-4496-8bb7-64b11cf66adc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities 3cf2ab00-13f1-4d0c-8971-2ac904541a7e Guest Configuration Fixed
modify
1 Contributor GA
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity 497dff13-db2a-4c0f-8603-28fa3b331ab6 Guest Configuration Fixed
modify
1 Contributor GA
Address coding vulnerabilities 318b2bd9-9c39-9f8b-46a7-048401f33476 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Address information security issues 56fb5173-3865-5a5d-5fad-ae33e53e1577 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adhere to retention periods defined 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Alert personnel of information spillage 9622aaa9-5c49-40e2-5bf8-660b7cd23deb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
All flow log resources should be in enabled state 27960feb-a23c-4577-8d36-ef8b5f35e0be Network Default
Audit
Allowed
Audit, Disabled
0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should be injected into a virtual network 24b7a1c6-44fe-40cc-a2e6-242d2ef70e98 App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
App Service app slots should have resource logs enabled d639b3af-a535-4bef-8dcf-15078cddf5e2 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service app slots should use latest 'HTTP Version' 4dcfb8b5-05cd-4090-a931-2ec29057e1fc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should be injected into a virtual network 72d04c29-f87d-4575-9731-419ff16a2757 App Service Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
App Service apps should have authentication enabled 95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have resource logs enabled 91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should use latest 'HTTP Version' 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps that use Python should use a specified 'Python version' 7008174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Appoint a senior information security officer c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess Security Controls c423e64d-995c-9f67-0403-b540f65ba42a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign account managers 4c6df5ff-4ef2-4f17-a516-0da9189c603b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign an authorizing official (AO) e29a8f1b-149b-2fa3-969d-ebee1baa9472 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign risk designations b7897ddc-9716-2460-96f7-7757ad038cc4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign system identifiers f29b17a4-0df2-8a50-058a-8570f9979d28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit diagnostic setting for selected resource types 7f89b1eb-583c-429a-8828-af049802c1d9 Monitoring Fixed
AuditIfNotExists
0 GA
Audit flow logs configuration for every virtual network 4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Network Default
Audit
Allowed
Audit, Disabled
0 GA
Audit Linux machines that allow remote connections from accounts without passwords ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Linux machines that do not have the passwd file permissions set to 0644 e6955644-301c-44b5-a4c4-528577de6861 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Linux machines that have accounts without passwords f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default
Audit
Allowed
Audit, Disabled
0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute Fixed
audit
0 GA
Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords 5b054a0d-39e2-4d53-bea3-9734cad2c69b Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not have the maximum password age set to specified number of days 4ceb8dc2-559c-478b-a15b-733fbf1e3738 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not have the minimum password age set to specified number of days 237b38db-ca4d-4259-9e47-7882441ca2c0 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not have the password complexity setting enabled bf16e0bb-31e1-4646-8202-60a235cc7e74 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not restrict the minimum password length to specified number of characters a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Audit Windows machines that do not store passwords using reversible encryption da0f98fe-a24b-4ad5-af69-bd0400233661 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Auditing on SQL server should be enabled a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Authenticate to cryptographic module 6f1de470-79f3-1572-866e-db0771352fc8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize, monitor, and control voip e4e1f896-8a93-1151-43c7-0ad23b081ee2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate account management 2cc9c165-46bd-9762-5739-d2aae5ba90a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate approval request for proposed changes 575ed5e8-4c29-99d0-0e4d-689fb1d29827 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate implementation of approved change notifications c72fc0c8-2df8-7506-30be-6ba1971747e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to document implemented changes 43ac3ccb-4ef6-7d63-9a3f-6848485ba4e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to highlight unreviewed change proposals 92b49e92-570f-1765-804a-378e6c592e28 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate process to prohibit implementation of unapproved changes 7d10debd-4775-85a7-1a41-7e128e0e8c50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate proposed documented changes 5c40f27b-6791-18c5-3f85-7b863bd99c11 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automate remote maintenance activities b8587fce-138f-86e8-33a3-c60768bf1da6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Application Gateway should have Resource logs enabled 8a04f872-51e9-4313-97fb-fc1c3543011c Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Attestation providers should disable public network access 5e7e928c-8693-4a23-9bf3-1c77b9a8fe97 Attestation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Container Instance container group should use customer-managed key for encryption 0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Container Instance Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Azure Cosmos DB accounts should have firewall rules 862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Cosmos DB Default
Deny
Allowed
Audit, Deny, Disabled
0 GA
Azure DDoS Protection should be enabled a7aca53f-2ed4-4466-a25e-0b45ade68efd Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for open-source relational databases should be enabled 0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Resource Manager should be enabled c3d20c29-b36d-48fe-808b-99a87530ad99 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure firewall policy should enable TLS inspection within application rules a58ac66d-92cb-409c-94b8-8e48d7a96596 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Firewall Premium should configure a valid intermediate certificate to enable TLS inspection 711c24bb-7f18-4578-b192-81a6161e1f17 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Front Door should have Resource logs enabled 8a04f872-51e9-4313-97fb-fc1c35430fd8 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Front Door Standard or Premium (Plus WAF) should have resource logs enabled cd906338-3453-47ba-9334-2d654bf845af Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Key Vault should have firewall enabled 55615ac9-af46-4a59-874e-391cc3dfb490 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Kubernetes Service clusters should have Defender profile enabled a1840de2-8088-4ea8-b153-b4c723e9cb01 Kubernetes Default
Audit
Allowed
Audit, Disabled
0 GA
Azure Machine Learning compute instances should be recreated to get the latest software updates f110a506-2dcb-422e-bcea-d533fc8c35e2 Machine Learning Fixed
[parameters('effects')]
0 GA
Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters 0a15ec92-a229-4763-bb14-0ea34a568f8d Kubernetes Default
Audit
Allowed
Audit, Disabled
0 GA
Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) 090c7b07-b4ed-4561-ad20-e9075f3ccaff Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) 17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure SignalR Service should disable public network access 21a9766a-82a5-4747-abb5-650b6dbba6d0 SignalR Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure SignalR Service should enable diagnostic logs d9f1f9a9-8795-49f9-9e7b-e11db14caeb2 SignalR Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Web Application Firewall on Azure Application Gateway should have request body inspection enabled ca85ef9a-741d-461d-8b7a-18c2da82c666 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web Application Firewall on Azure Front Door should have request body inspection enabled 4598f028-de1f-4694-8751-84dceb5f86b9 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web Application Firewall should be enabled for Azure Front Door entry-points 055aa869-bc98-4af8-bafc-23f1ab6ffe2c Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web PubSub Service should disable public network access bf45113f-264e-4a87-88f9-29ac8a0aca6a Web PubSub Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web PubSub Service should enable diagnostic logs ee8a7be2-e9b5-47b9-9d37-d9b141ea78a4 Web PubSub Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Web PubSub Service should have local authentication methods disabled b66ab71c-582d-4330-adfd-ac162e78691e Web PubSub Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web PubSub Service should use a SKU that supports private link 82909236-25f3-46a6-841c-fe1020f95ae1 Web PubSub Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Web PubSub Service should use private link eb907f70-7514-460d-92b3-a5ae93b4f917 Web PubSub Default
Audit
Allowed
Audit, Disabled
0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Blocked accounts with owner permissions on Azure resources should be removed 0cfea604-3201-4e14-88fc-fae4c427a6c5 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Blocked accounts with read and write permissions on Azure resources should be removed 8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Bypass list of Intrusion Detection and Prevention System (IDPS) should be empty in Firewall Policy Premium f516dc7a-4543-4d40-aad6-98f76a706b50 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Categorize information 93fa357f-2e38-22a9-5138-8cc5124e1923 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Check for privacy and security compliance before establishing internal connections ee4bbbbb-2e52-9adb-4e3a-e641f7ac68ab Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Clear personnel with access to classified information c42f19c9-5d88-92da-0742-371a0ea03126 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Cloud Services (extended support) role instances should be configured securely a0c11ca4-5828-4384-a2f2-fd7444dd5b4d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Cloud Services (extended support) role instances should have an endpoint protection solution installed 1e378679-f122-4a96-a739-a7729c46e1aa Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Cloud Services (extended support) role instances should have system updates installed 4df26ba8-026d-45b0-9521-bffa44d741d2 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Communicate contingency plan changes a1334a65-2622-28ee-5067-9d7f5b915cc5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Compile Audit records into system wide audit 214ea241-010d-8926-44cc-b90a96d52adc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a full text analysis of logged privileged commands 8eea8c14-4d93-63a3-0c82-000343ee5204 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct backup of information system documentation b269a749-705e-8bff-055a-147744675cdf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct capacity planning 33602e78-35e3-4f06-17fb-13dd887448e4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct exit interview upon termination 496b407d-9b9e-81e8-4ba4-44bc686b016a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct incident response testing 3545c827-26ee-282d-4629-23952a12008b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct Risk Assessment 677e1da4-00c3-287a-563d-f4a1cf9b99a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and distribute its results d7c1ecc3-2980-a079-1569-91aec8ac4a77 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct risk assessment and document its results 1dbd51c2-2bd1-5e26-75ba-ed075d8f0d68 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure a private DNS Zone ID for web groupID 9adab2a5-05ba-4fbd-831a-5bf958d04218 Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Network Contributor GA
Configure a private DNS Zone ID for web_secondary groupID d19ae5f1-b303-4b82-9ca8-7682749faf0c Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Network Contributor GA
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL 65503269-6a54-4553-8a28-0065a8e6d929 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Log Analytics Contributor GA
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace da0fd392-9669-4ad4-b32c-ca46aaa6c21f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 63d03cbd-47fd-4ee1-8a1c-9ddf07303de0 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR cbdd12e1-193a-445c-9926-560118c6daaa Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor GA
Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR 2227e1f1-23dd-4c3a-85a9-7024a401d8b2 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor GA
Configure Azure Audit capabilities a3e98638-51d4-4e28-910a-60e98c1a756f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure Azure Defender for App Service to be enabled b40e7bcd-a1e5-47fe-b9cf-2f534d0bfb7d Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender for Azure SQL database to be enabled b99b73e7-074b-4089-9395-b7236f094491 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender for open-source relational databases to be enabled 44433aa3-7ec2-4002-93ea-65c65ff0310a Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender for Resource Manager to be enabled b7021b2b-08fd-4dc0-9de7-3c6ece09faf9 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender for servers to be enabled 8e86a5b6-b9bd-49d1-8e21-4bb8a0862222 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender for SQL servers on machines to be enabled 50ea7265-7d8c-429e-9a7d-ca1f410191c3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Azure Defender to be enabled on SQL managed instances c5a62eb0-c65a-4220-8a4d-f70dd4ca95dd SQL Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 SQL Security Manager GA
Configure Azure Kubernetes Service clusters to enable Defender profile 64def556-fbad-4622-930e-72d1d5589bf5 Kubernetes Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Contributor, Log Analytics Contributor GA
Configure Azure Web PubSub Service to disable local authentication 17f9d984-90c8-43dd-b7a6-76cb694815c1 Web PubSub Default
Modify
Allowed
Modify, Disabled
1 SignalR/Web PubSub Contributor GA
Configure Azure Web PubSub Service to disable public network access 5b1213e4-06e4-4ccc-81de-4201f2f7131a Web PubSub Default
Modify
Allowed
Modify, Disabled
1 SignalR/Web PubSub Contributor GA
Configure Azure Web PubSub Service to use private DNS zones 0b026355-49cb-467b-8ac4-f777874e175a Web PubSub Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Network Contributor GA
Configure Azure Web PubSub Service with private endpoints 1b9c0b58-fc7b-42c8-8010-cdfa1d1b8544 Web PubSub Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Network Contributor, SignalR/Web PubSub Contributor GA
Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy 83644c87-93dd-49fe-bf9f-6aff8fd0834e Backup Default
DeployIfNotExists
Allowed
auditIfNotExists, AuditIfNotExists, deployIfNotExists, DeployIfNotExists, disabled, Disabled
2 Backup Contributor, Virtual Machine Contributor GA
Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location 345fa903-145c-4fe1-8bcd-93ec2adccde8 Backup Default
DeployIfNotExists
Allowed
auditIfNotExists, AuditIfNotExists, deployIfNotExists, DeployIfNotExists, disabled, Disabled
2 Backup Contributor, Virtual Machine Contributor GA
Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy 98d0b9f8-fd90-49c9-88e2-d3baf3b0dd86 Backup Default
DeployIfNotExists
Allowed
auditIfNotExists, AuditIfNotExists, deployIfNotExists, DeployIfNotExists, disabled, Disabled
2 Backup Contributor, Virtual Machine Contributor GA
Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location 09ce66bc-1220-4153-8104-e3f51c936913 Backup Default
DeployIfNotExists
Allowed
auditIfNotExists, AuditIfNotExists, deployIfNotExists, DeployIfNotExists, disabled, Disabled
2 Backup Contributor, Virtual Machine Contributor GA
Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only) 17bc14a7-92e1-4551-8b8c-80f36953e166 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure detection whitelist 2927e340-60e4-43ad-6b5f-7a1468232cc2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure key vaults to enable firewall ac673a9a-f77d-4846-b2d8-a57f8e1c01dc Key Vault Default
Modify
Allowed
Modify, Disabled
1 Key Vault Contributor GA
Configure machines to receive a vulnerability assessment provider 13ce0167-8ca6-4048-8e6b-f996402e3c1b Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Microsoft Defender CSPM to be enabled 689f7782-ef2c-4270-a6d0-7664869076bd Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Owner GA
Configure Microsoft Defender for Azure Cosmos DB to be enabled 82bf5b87-728b-4a74-ba4d-6123845cf542 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Microsoft Defender for Containers to be enabled c9ddb292-b203-4738-aead-18e2716e858f Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Microsoft Defender for Key Vault plan 1f725891-01c0-420a-9059-4fa46cb770b7 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Microsoft Defender for SQL to be enabled on Synapse workspaces 951c1558-50a5-4ca3-abb6-a93e3e2367a6 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 SQL Security Manager GA
Configure Microsoft Defender for Storage (Classic) to be enabled 74c30959-af11-47b3-9ed2-a26e03f427a3 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Configure Microsoft Defender for Storage to be enabled cfdc5972-75b3-4418-8ae1-7f5c36839390 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Owner GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL ddca0ddc-4e9d-4bbb-92a1-f7c4dd7ef7ce Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
2 Log Analytics Contributor, Monitoring Contributor GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace c859b78a-a128-4376-a838-e97ce6625d16 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace 04754ef9-9ae3-4477-bf17-86ef50026304 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Configure storage accounts to disable public network access a06d0189-92e8-4dba-b0c4-08d7669fce7d Storage Default
Modify
Allowed
Modify, Disabled
1 Storage Account Contributor GA
Configure the Microsoft Defender for SQL Log Analytics workspace 242300d6-1bfc-4d64-8d01-cee583709ebd Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control maintenance and repair activities b6ad009f-5c24-1dc0-a25e-74b60e4da45f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control use of portable storage devices 36b74844-4a99-4c80-1800-b18a516d1585 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate contingency plans with related plans c5784049-959f-6067-420c-f4cefae93076 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Correlate audit records 10874318-0bf7-a41f-8463-03e395482080 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Correlate Vulnerability scan information e3905a3c-97e7-0b4f-15fb-465c0927536f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create a data inventory 043c1e56-5a16-52f8-6af8-583098ff3e60 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create configuration plan protection 874a6f2e-2098-53bc-3a16-20dcdc425a7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create separate alternate and primary storage sites 81b6267b-97a7-9aa5-51ee-d2584a160424 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define access authorizations to support separation of duties 341bc9f1-7489-07d9-4ec6-971573e1546a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define and document government oversight cbfa1bd0-714d-8d6f-0480-2ad6a53972df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define information security roles and responsibilities ef5a7059-6651-73b1-18b3-75b1b79c1565 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define information system account types 623b5f0a-8cbd-03a6-4892-201d27302f0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define mobile device requirements 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for managing assets 25a1f840-65d0-900a-43e4-bee253de04de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Deliver security assessment results 8e49107c-3338-40d1-02aa-d524178a2afe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Dependency agent should be enabled for listed virtual machine images 11ac78e3-31bc-4f0c-8434-37ab963cea07 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Deploy Defender for Storage (Classic) on storage accounts 361c2074-3595-4e5d-8cab-4f21dffc835c Storage Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data af9f6c70-eb74-4189-8d15-e4f11a7ebfd4 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Contributor GA
Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs 331e8ea8-378a-410f-a2e5-ae22f38bb0da Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs 385f5831-96d4-41db-9a3c-cd3af78aaae6 Guest Configuration Fixed
deployIfNotExists
1 Contributor GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Designate individuals to fulfill specific roles and responsibilities 8b077bff-516f-3983-6c42-c86e9a11868b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Designate personnel to supervise unauthorized maintenance activities 7a489c62-242c-5db9-74df-c073056d6fa3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine auditable events 2f67e567-03db-9d1f-67dc-b6ffb91312f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop a concept of operations (CONOPS) e7422f08-65b4-50e4-3779-d793156e0079 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop acceptable use policies and procedures 42116f15-5665-a52a-87bb-b40e64c74b6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop access control policies and procedures 59f7feff-02aa-6539-2cf7-bea75b762140 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an enterprise architecture 57adc919-9dca-817c-8197-64d812070316 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document a business continuity and disaster recovery plan bd6cbcba-4a2d-507c-53e3-296b5c238a8e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document a DDoS response plan b7306e73-0494-83a2-31f5-280e934a8f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and document application security requirements 6de65dc4-8b4f-34b7-9290-eb137a2e2929 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and establish a system security plan b2ea1058-8998-3dd1-84f1-82132ad482fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop audit and accountability policies and procedures a28323fe-276d-3787-32d2-cef6395764c4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop business classification schemes 11ba0508-58a8-44de-5f3a-9e05d80571da Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop configuration item identification plan 836f8406-3b8a-11bb-12cb-6c7fa0765668 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop configuration management plan 04837a26-2601-1982-3da7-bf463e6408f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency plan aa305b4d-8c84-1754-0c74-dec004e66be0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop contingency planning policies and procedures 75b42dcf-7840-1271-260b-852273d7906e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop information security policies and procedures af227964-5b8b-22a2-9364-06d2cb9d6d7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop organization code of conduct policy d02498e0-8a6f-6b02-8332-19adf6711d1e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop POA&M 477bd136-7dd9-55f8-48ac-bae096b86a07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security assessment plan 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop SSP that meets criteria 6b957f60-54cd-5752-44d5-ff5a64366c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disable authenticators upon termination d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Discover any indicators of compromise 07b42fb5-027e-5a3c-4915-9d9ef3020ec7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Disseminate security alerts to personnel 9c93ef57-7000-63fb-9b74-88f2e17ca5d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute information system documentation 84a01872-5318-049e-061e-d56734183e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Distribute policies and procedures eff6e4a5-3efe-94dd-2ed1-25d56a019a82 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document access privileges a08b18c7-9e0a-89f1-3696-d80902196719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and distribute a privacy policy ee67c031-57fc-53d0-0cca-96c4c04345e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and implement privacy complaint procedures eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and implement wireless access guidelines 04b3e7f6-4841-888d-4799-cda19a0084f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document customer-defined actions 8c44a0ea-9b09-4d9c-0e91-f9bee3d05bfb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document organizational access agreements c981fa70-2e58-8141-1457-e7f62ebc2ade Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document personnel acceptance of privacy requirements 271a3e58-1b38-933d-74c9-a580006b80aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security and privacy training activities 524e7136-9f6a-75ba-9089-501018151346 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security operations 2c6bee3a-2180-2430-440d-db3c7a849870 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document separation of duties e6f7b584-877a-0d69-77d4-ab8b923a9650 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the legal basis for processing personal information 79c75b38-334b-1a69-65e0-a9d929a42f75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document third-party personnel security requirements b320aa42-33b4-53af-87ce-100091d48918 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Employ a media sanitization mechanism eaaae23f-92c9-4460-51cf-913feaea4d52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ automated training environment c8aa992d-76b7-7ca0-07b3-31a58d773fa9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ automatic emergency lighting aa892c0d-2c40-200c-0dd8-eac8c4748ede Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ boundary protection to isolate information systems 311802f9-098d-0659-245a-94c5d47c0182 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ independent team for penetration testing 611ebc63-8600-50b6-a0e3-fef272457132 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable detection of network devices 426c172c-9914-10d1-25dd-669641fc1af4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable dual or joint authorization 2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub 3d034ef2-001c-46f6-a47b-e6e4a74ff89b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
2 Azure Event Hubs Data Owner, Log Analytics Contributor GA
Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics 0da6faeb-d6c6-4f6e-9f49-06277493270b Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
1 Log Analytics Contributor GA
Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage bf6af3d2-fbd5-458f-8a40-2556cf539b45 Monitoring Default
DeployIfNotExists
Allowed
DeployIfNotExists, AuditIfNotExists, Disabled
1 Log Analytics Contributor GA
Enable Microsoft Defender for Cloud on your subscription ac076320-ddcf-4066-b451-6154267e8ad2 Security Center Fixed
deployIfNotExists
1 Security Admin GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable Rate Limit rule to protect against DDoS attacks on Azure Front Door WAF e52e8487-4a97-48ac-b3e6-1c3cef45d298 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Endpoint protection health issues should be resolved on your machines 8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Endpoint protection should be installed on your machines 1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Endpoint protection solution should be installed on virtual machine scale sets 26a828e1-e88f-464e-bbb3-c134a282b9de Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Enforce a limit of consecutive failed login attempts b4409bff-2287-8407-05fd-c73175a68302 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce and audit access restrictions 8cd815bf-97e1-5144-0735-11f6ddb50a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce rules of behavior and access agreements 509552f5-6528-3540-7959-fbeae4832533 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce software execution privileges 68d2e478-3b19-23eb-1357-31b296547457 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce user uniqueness e336d5f4-4d8f-0059-759c-ae10f63d1747 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure access agreements are signed or resigned timely e7589f4e-1e8b-72c2-3692-1e14d7f3699f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure alternate storage site safeguards are equivalent to primary site 178c8b7e-1b6e-4289-44dd-2f1526b678a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure cryptographic mechanisms are under configuration management b8dad106-6444-5f55-307e-1e1cc9723e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure information system fails in known state 12af7c7a-92af-9e96-0d0c-5e732d1a3751 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure privacy program information is publicly available 1beb1269-62ee-32cd-21ad-43d6c9750eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure resources are authorized 0716f0f5-4955-2ccb-8d5e-c6be14d57c0f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure security categorization is approved 6c79c3e5-5f7b-a48a-5c7b-8c158bc01115 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure security safeguards not needed when the individuals return 1fdf0b24-4043-3c55-357e-036985d50b52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Ensure there are no unencrypted static authenticators eda0cbb7-6043-05bf-645b-67411f1a59b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a password policy d8bbd80e-3bb1-5983-06c2-428526ec6a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a privacy program 39eb03c1-97cc-11ab-0960-6209ed2869f7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a secure software development program e750ca06-1824-464a-2cf3-d0fa754d1cb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a threat intelligence program b0e3035d-6366-2e37-796e-8bcab9c649e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish alternate storage site to store and retrieve backup information 0a412110-3874-9f22-187a-c7a81c8a6704 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an alternate processing site af5ff768-a34b-720e-1224-e6b3214f3ba6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and maintain an asset inventory 27965e62-141f-8cca-426f-d09514ee5216 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish authenticator types and processes 921ae4c1-507f-5ddb-8a58-cfa9b5fd96f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish conditions for role membership 97cfd944-6f0c-7db2-3796-8e890ef70819 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish electronic signature and certificate requirements 6f3866e8-6e12-69cf-788c-809d426094a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish firewall and router configuration standards 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish information security workforce development and improvement program b544f797-a73b-1be3-6d01-6b1a085376bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish network segmentation for card holder data environment f476f3b0-4152-526e-a209-44e5f8c968d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish privacy requirements for contractors and service providers f8d141b7-4e21-62a6-6608-c79336e36bc9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish procedures for initial authenticator distribution 35963d41-4263-0ef9-98d5-70eb058f9e3c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish relationship between incident response capability and external providers b470a37a-7a47-3792-34dd-7a793140702e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for audit review and reporting b3c8cc83-20d3-3890-8bc8-5568777670f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish requirements for internet service providers 5f2e834d-7e40-a4d5-a216-e49b16955ccf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish security requirements for the manufacturing of connected devices afbecd30-37ee-a27b-8e09-6ac49951a0ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish terms and conditions for accessing resources 3c93dba1-84fd-57de-33c7-ef0400a08134 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish terms and conditions for processing resources 5715bf33-a5bd-1084-4e19-bc3c83ec1c35 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish third-party personnel security requirements 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Explicitly notify use of collaborative computing devices 62fa14f0-4cbe-762d-5469-0899a99b98aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Firewall Policy Premium should enable all IDPS signature rules to monitor all inbound and outbound traffic flows 610b6183-5f00-4d68-86d2-4ab4cb3a67a5 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS) 6484db87-a62d-4327-9f07-80a2cbdf333a Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Flow logs should be configured for every network security group c251913d-7d24-4958-af87-478ed3b9ba41 Network Default
Audit
Allowed
Audit, Disabled
0 GA
Function app slots should use latest 'HTTP Version' fa98f1b1-1f56-4179-9faf-93ad82f3458f App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should use latest 'HTTP Version' e2c1c086-2d84-4019-bff3-c44ccd95113c App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps that use Python should use a specified 'Python version' 7238174a-fd10-4ef0-817e-fc820a951d73 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Generate error messages c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Generate internal security alerts 171e377b-5224-4a97-1eaa-62a3b5231dac Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Govern and monitor audit processing activities 333b4ada-4a02-0648-3d4d-d812974f1bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Govern compliance of cloud service providers 5c33538e-02f8-0a7f-998b-a4c1e22076d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Govern policies and procedures 1a2a03a4-9992-5788-5953-d8f6615306de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Guest accounts with owner permissions on Azure resources should be removed 339353f6-2387-4a45-abe4-7f529d121046 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Guest accounts with write permissions on Azure resources should be removed 94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Identify actions allowed without authentication 92a7591f-73b3-1173-a09c-a08882d84c70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and authenticate non-organizational users e1379836-3492-6395-451d-2f5062e14136 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and manage downstream information exchanges c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and mitigate potential issues at alternate storage site 13939f8c-4cd5-a6db-9af4-9dfec35e3722 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify external service providers 46ab2c5e-6654-1f58-8c83-e97a44f39308 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify incident response personnel 037c0089-6606-2dab-49ad-437005b5035f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify individuals with security roles and responsibilities 0dcbaf2f-075e-947b-8f4c-74ecc5cd302c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a fault tolerant name/address service ced727b3-005e-3c5b-5cd5-230b79d56ee8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to protect PII cf79f602-1e60-5423-6c0c-e632c2ea1fc0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement cryptographic mechanisms 10c3a1b1-29b0-a2d5-8f4c-a284b0f07830 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement formal sanctions process 5decc032-95bd-2163-9549-a41aba83228e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement Incident handling capability 98e33927-8d7f-6d5f-44f5-2469b40b7215 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement managed interface for each external service b262e1dd-08e9-41d4-963a-258909ad794b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement methods for consumer requests b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement parameters for memorized secret verifiers 3b30aa25-0f19-6c04-5ca4-bd3f880a763d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement personnel screening e0c480bf-0d68-a42d-4cbb-b60f851f8716 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privacy notice delivery methods 06f84330-4c27-21f7-72cd-7488afd50244 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privileged access for executing vulnerability scanning activities 5b802722-71dd-a13d-2e7e-231e09589efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security directives 26d178a4-9261-6f04-a100-47ed85314c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security engineering principles of information systems df2e9507-169b-4114-3a52-877561ee3198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement the risk management strategy c6fe3856-4635-36b6-983c-070da12a953b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement training for protecting authenticators e4b00788-7e1c-33ec-0418-d048508e095b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement transaction based recovery ba02d0a0-566a-25dc-73f1-101c726a19c5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate flaw remediation into configuration management 34aac8b2-488a-2b96-7280-5b9b481a317a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate security and data privacy practices in research processing 834b7a4a-83ab-2188-1a26-9c5033d8173b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Incorporate simulated contingency training 9c954fcf-6dd8-81f1-41b5-832ae5c62caf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Information flow control using security policy filters 13ef3484-3a51-785a-9c96-500f21f84edd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Initiate contingency plan testing corrective actions 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Initiate transfer or reassignment actions b8a9bb2f-7290-3259-85ce-dca7d521302d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Install an alarm system aa0ddd99-43eb-302d-3f8f-42b499182960 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate audit review, analysis, and reporting f741c4e6-41eb-15a4-25a2-61ac7ca232f0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate cloud app security with a siem 9fdde4a9-85fa-7850-6df4-ae9c4a2e56f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Integrate risk management process into SDLC 00f12b6f-10d7-8117-9577-0f2b76488385 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
IP firewall rules on Azure Synapse workspaces should be removed 56fd377d-098c-4f02-8406-81eb055902b8 Synapse Default
Audit
Allowed
Audit, Disabled
0 GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Isolate SecurID systems, Security Incident Management systems dd6d00a8-701a-5935-a22b-c7b9c0c698b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Keys should be backed by a hardware security module (HSM) 587c79fe-dd04-4a5e-9d0b-f89598c7261b Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Keys should be the specified cryptographic type RSA or EC 75c4f823-d65c-4f29-a733-01d0077fdbcb Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Kubernetes cluster containers should only use allowed images febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Limit privileges to make changes in production environment 2af551d5-1775-326a-0589-590bfb7e9eb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Log Analytics agent should be installed on your Cloud Services (extended support) role instances 15fdbc87-8a47-4ee9-a2aa-9a2ea1f37554 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images 5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Long-term geo-redundant backup should be enabled for Azure SQL Databases d38fc420-0735-4ef3-ac11-c806f651a570 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Maintain data breach records 0fd1ca29-677b-2f12-1879-639716459160 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain list of authorized remote maintenance personnel 4ce91e4e-6dab-3c46-011a-aa14ae1561bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain records of processing of personal data 92ede480-154e-0e22-4dca-8b46a74a3a51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage a secure surveillance camera system f2222056-062d-1060-6dc2-0107a68c34b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage authenticator lifetime and reuse 29363ae1-68cd-01ca-799d-92c9197c8404 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage Authenticators 4aacaec9-0628-272c-3e83-0d68446694e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage availability and capacity edcc36f1-511b-81e0-7125-abee29752fe7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage compliance activities 4e400494-53a5-5147-6f4d-718b539c7394 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage contacts for authorities and special interest groups 5269d7e4-3768-501d-7e46-66c56c15622c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage maintenance personnel b273f1e3-79e7-13ee-5b5d-dca6c66c3d5d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage nonlocal maintenance and diagnostic activities 1fb1cb0e-1936-6f32-42fd-89970b535855 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage security state of information systems 6baae474-434f-2e91-7163-a72df30c4847 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage system and admin accounts 34d38ea7-6754-1838-7031-d7fd07099821 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the input, output, processing, and storage of data e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
MariaDB server should use a virtual network service endpoint dfbd9a64-6114-48de-a47d-90574dc2e489 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender CSPM should be enabled 1f90fc71-a595-4066-8974-d4d0802e8ef0 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for APIs should be enabled 7926a6d1-b268-4586-8197-e8ae90c877d7 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for Azure Cosmos DB should be enabled adbe85b5-83e6-4350-ab58-bf3a4f736e5e Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for Containers should be enabled 1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces d31e5c31-63b2-4f12-887b-e49456834fa1 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers 938c4981-c2c9-4168-9cd6-972b8675f906 Security Center Default
Audit
Allowed
Audit, Disabled
0 GA
Microsoft Defender for Storage should be enabled 640d2586-54d2-465f-877f-9ffc1d2109f4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals 55419419-c597-4cd4-b51e-009fd2266783 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1110 - Audit Storage Capacity 6182bfa7-0f2a-43f5-834a-a2ddf31c13c7 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity 562afd61-56be-4313-8fe4-b9564aa4ba7d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components 05938e10-cdbd-4a54-9b2b-1cbcfc141ad0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection 90b60a09-133d-45bc-86ef-b206a6134bbe Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1174 - Configuration Management Policy And Procedures 42a9a714-8fbb-43ac-b115-ea12d2bd652f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1175 - Configuration Management Policy And Procedures 6dab4254-c30d-4bb7-ae99-1d21586c063c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas 4f34f554-da4b-4786-8d66-7915c90893da Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas 5352e3e0-e63a-452e-9e5f-9c1d181cff9c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting 2a39ac75-622b-4c88-9a3f-45b7373f7ef7 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting c40f31a7-81e1-4130-99e5-a02ceea2a1d6 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting 22589a07-0007-486a-86ca-95355081ae2a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1222 - Information System Component Inventory fb39e62f-6bda-4558-8088-ec03d5670914 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1223 - Information System Component Inventory 05a1bb01-ad5a-49c1-aad3-b0c893b2ec3a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals 28cfa30b-7f72-47ce-ba3b-eed26c8d2c82 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance 8d096fe0-f510-4486-8b4d-d17dc230980b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection c158eb1c-ae7e-4081-8057-d527140c4e0c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection 03b78f5e-4877-4303-b0f4-eb6583f25768 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information 39c54140-5902-4079-8bb5-ad31936fe764 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components 03752212-103c-4ab8-a306-7e813022ca9d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1230 - Configuration Management Plan 11158848-f679-4e9b-aa7b-9fb07d945071 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1231 - Configuration Management Plan 244e0c05-cc45-4fe7-bf36-42dcf01f457d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1232 - Configuration Management Plan 396ba986-eac1-4d6d-85c4-d3fda6b78272 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1233 - Configuration Management Plan 9d79001f-95fe-45d0-8736-f217e78c1f57 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1234 - Software Usage Restrictions b293f881-361c-47ed-b997-bc4e2296bc0b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1235 - Software Usage Restrictions c49c610b-ece4-44b3-988c-2172b70d6e46 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1236 - Software Usage Restrictions 9ba3ed84-c768-4e18-b87c-34ef1aff1b57 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software e80b6812-0bfa-4383-8223-cdd86a46a890 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1238 - User-Installed Software a36cedd4-3ffd-4b1f-8b18-aa71d8d87ce1 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1239 - User-Installed Software 0be51298-f643-4556-88af-d7db90794879 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1240 - User-Installed Software 129eb39f-d79a-4503-84cd-92f036b5e429 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations eca4d7b2-65e2-4e04-95d4-c68606b063c3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures cf3b3293-667a-445e-a722-fa0b0afc0958 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures ca9a4469-d6df-4ab2-a42f-1213c396f0ec Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1244 - Contingency Plan 6a13a8f8-c163-4b1b-8554-d63569dab937 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1245 - Contingency Plan a0e45314-57b8-4623-80cd-bbb561f59516 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1246 - Contingency Plan 398eb61e-8111-40d5-a0c9-003df28f1753 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1247 - Contingency Plan 4e666db5-b2ef-4b06-aac6-09bfce49151b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1248 - Contingency Plan 50fc602d-d8e0-444b-a039-ad138ee5deb0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1249 - Contingency Plan d3bf4251-0818-42db-950b-afd5b25a51c2 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1250 - Contingency Plan 8de614d8-a8b7-4f70-a62a-6d37089a002c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans 5e2b3730-8c14-4081-8893-19dbb5de7348 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning a328fd72-8ff5-4f96-8c9c-b30ed95db4ab Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions 0afce0b3-dd9f-42bb-af28-1e4284ba8311 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions 704e136a-4fe0-427c-b829-cd69957f5d2b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions f3793f5e-937f-44f7-bfba-40647ef3efa0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets 232ab24b-810b-4640-9019-74a7d0d6a980 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1257 - Contingency Training b958b241-4245-4bd6-bd2d-b8f0779fb543 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1258 - Contingency Training 7814506c-382c-4d33-a142-249dd4a0dbff Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1259 - Contingency Training 9d9e18f7-bad9-4d30-8806-a0c9d5e26208 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1260 - Contingency Training | Simulated Events 42254fc4-2738-4128-9613-72aaa4f0d9c3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1261 - Contingency Plan Testing 65aeceb5-a59c-4cb1-8d82-9c474be5d431 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1262 - Contingency Plan Testing 831e510e-db41-4c72-888e-a0621ab62265 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1263 - Contingency Plan Testing 41472613-3b05-49f6-8fe8-525af113ce17 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans dd280d4b-50a1-42fb-a479-ece5878acf19 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site a18adb5b-1db6-4a5b-901a-7d3797d12972 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site 3b4a3eb2-c25d-40bf-ad41-5094b6f59cee Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1267 - Alternate Storage Site 4e97ba1d-be5d-4953-8da4-0cccf28f4805 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1268 - Alternate Storage Site 23f6e984-3053-4dfc-ab48-543b764781f5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site 19b9439d-865d-4474-b17d-97d2702fdb66 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives 53c76a39-2097-408a-b237-b279f7b4614d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility da3bfb53-9c46-4010-b3db-a7ba1296dada Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1272 - Alternate Processing Site ae46cf7a-e3fd-427b-9b91-44bc78e2d9d8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1273 - Alternate Processing Site e77fcbf2-a1e8-44f1-860e-ed6583761e65 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1274 - Alternate Processing Site 2aee175f-cd16-4825-939a-a85349d96210 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site a23d9d53-ad2e-45ef-afd5-e6d10900a737 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility e214e563-1206-4a43-a56b-ac5880c9c571 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service dc43e829-3d50-4a0a-aa0f-428d551862aa Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use 8e5ef485-9e16-4c53-a475-fbb8107eac59 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1279 - Telecommunications Services 7d00bcd6-963d-4c02-ad8e-b45fa50bf3b0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions fa108498-b3a8-4ffb-9e79-1107e76afad3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions 8dc459b3-0e77-45af-8d71-cfd8c9654fe2 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure 34042a97-ec6d-4263-93d2-8c1c46823b2a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers a9172e76-7f56-46e9-93bf-75d69bdb5491 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan 942b3e97-6ae3-410e-a794-c9c999b97c0b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan 01f7726b-db54-45c2-bcb5-9bd7a43796ee Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan b4f9b47a-2116-4e6f-88db-4edbf22753f1 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1287 - Information System Backup 819dc6da-289d-476e-8500-7e341ef8677d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1288 - Information System Backup 8d854c3b-a3e6-4ec9-9f0c-c7274dbaeb2f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1289 - Information System Backup 7a724864-956a-496c-b778-637cb1d762cf Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1290 - Information System Backup 92f85ce9-17b7-49ea-85ee-ea7271ea6b82 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity 6d8fd073-9c85-4ee2-a9d0-2e4ec9eb8912 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling d03516cf-0293-489f-9b32-a18f2a79f836 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information 87f7cd82-2e45-4d0f-9e2f-586b0962d142 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site 49dbe627-2c1e-438c-979e-dd7a39bbf81d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1295 - Information System Recovery And Reconstitution a895fbdb-204d-4302-9689-0a59dc42b3d9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery e57b98a0-a011-4956-a79d-5d17ed8b8e48 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period 93fd8af1-c161-4bae-9ba9-f62731f76439 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1345 - Cryptographic Module Authentication f86aa129-7c07-4aa4-bbf5-792d93ffd9ea Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1351 - Incident Response Policy And Procedures bcfb6683-05e5-4ce6-9723-c3fbe9896bdd Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1352 - Incident Response Policy And Procedures 518cb545-bfa8-43f8-a108-3b7d5037469a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1353 - Incident Response Training c785ad59-f78f-44ad-9a7f-d1202318c748 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1354 - Incident Response Training 9fd92c17-163a-4511-bb96-bbb476449796 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1355 - Incident Response Training 90e01f69-3074-4de8-ade7-0fef3e7d83e0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1356 - Incident Response Training | Simulated Events 8829f8f5-e8be-441e-85c9-85b72a5d0ef3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1357 - Incident Response Training | Automated Training Environments e4213689-05e8-4241-9d4e-8dd1cdafd105 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1358 - Incident Response Testing effbaeef-5bf4-400d-895e-ef8cbc0e64c7 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1359 - Incident Response Testing | Coordination With Related Plans 47bc7ea0-7d13-4f7c-a154-b903f7194253 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1360 - Incident Handling be5b05e7-0b82-4ebc-9eda-25e447b1a41e Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1361 - Incident Handling 03ed3be1-7276-4452-9a5d-e4168565ac67 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1362 - Incident Handling 5d169442-d6ef-439b-8dca-46c2c3248214 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1363 - Incident Handling | Automated Incident Handling Processes ea3e8156-89a1-45b1-8bd6-938abc79fdfd Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1364 - Incident Handling | Dynamic Reconfiguration 4c615c2a-dc83-4dda-8220-abce7b50c9bc Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1365 - Incident Handling | Continuity Of Operations 4116891d-72f7-46ee-911c-8056cc8dcbd5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1366 - Incident Handling | Information Correlation 06c45c30-ae44-4f0f-82be-41331da911cc Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1367 - Incident Handling | Insider Threats - Specific Capabilities 435b2547-6374-4f87-b42d-6e8dbe6ae62a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1368 - Incident Handling | Correlation With External Organizations 465f32da-0ace-4603-8d1b-7be5a3a702de Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1369 - Incident Monitoring 18cc35ed-a429-486d-8d59-cb47e87304ed Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1370 - Incident Monitoring | Automated Tracking / Data Collection / Analysis 924e1b2d-c502-478f-bfdb-a7e09a0d5c01 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1371 - Incident Reporting 9447f354-2c85-4700-93b3-ecdc6cb6a417 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1372 - Incident Reporting 25b96717-c912-4c00-9143-4e487f411726 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1373 - Incident Reporting | Automated Reporting 4cca950f-c3b7-492a-8e8f-ea39663c14f9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1374 - Incident Response Assistance cc5c8616-52ef-4e5e-8000-491634ed9249 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1375 - Incident Response Assistance | Automation Support For Availability Of Information / Support 00379355-8932-4b52-b63a-3bc6daf3451a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1376 - Incident Response Assistance | Coordination With External Providers 493a95f3-f2e3-47d0-af02-65e6d6decc2f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1377 - Incident Response Assistance | Coordination With External Providers 68434bd1-e14b-4031-9edb-a4adf5f84a67 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1378 - Incident Response Plan 97fceb70-6983-42d0-9331-18ad8253184d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1379 - Incident Response Plan 9442dd2c-a07f-46cd-b55a-553b66ba47ca Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1380 - Incident Response Plan b4319b7e-ea8d-42ff-8a67-ccd462972827 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1381 - Incident Response Plan e5368258-9684-4567-8126-269f34e65eab Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1382 - Incident Response Plan 841392b3-40da-4473-b328-4cde49db67b3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1383 - Incident Response Plan d4558451-e16a-4d2d-a066-fe12a6282bb9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1384 - Information Spillage Response 79fbc228-461c-4a45-9004-a865ca0728a7 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1385 - Information Spillage Response 3e495e65-8663-49ca-9b38-9f45e800bc58 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1386 - Information Spillage Response 5120193e-91fd-4f9d-bc6d-194f94734065 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1387 - Information Spillage Response e3007185-3857-43a9-8237-06ca94f1084c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1388 - Information Spillage Response 2c7c575a-d4c5-4f6f-bd49-dee97a8cba55 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1389 - Information Spillage Response c39e6fda-ae70-4891-a739-be7bba6d1062 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1390 - Information Spillage Response | Responsible Personnel c3b65b63-09ec-4cb5-8028-7dd324d10eb0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1391 - Information Spillage Response | Training dd6ac1a1-660e-4810-baa8-74e868e2ed47 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1392 - Information Spillage Response | Post-Spill Operations 86dc819f-15e1-43f9-a271-41ae58d4cecc Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1393 - Information Spillage Response | Exposure To Unauthorized Personnel 731856d8-1598-4b75-92de-7d46235747c0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1419 - Remote Maintenance | Cryptographic Protection b6747bf9-2b97-45b8-b162-3c8becb9937d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1464 - Monitoring Physical Access | Intrusion Alarms / Surveillance Equipment 41256567-1795-4684-b00b-a1308ce43cac Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1503 - Information Security Architecture c1fa9c2f-d439-4ab9-8b83-81fb1934f81d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1504 - Information Security Architecture 9e7c35d0-12d4-4e0c-80a2-8a352537aefd Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1505 - Information Security Architecture 813a10a7-3943-4fe3-8678-00dc52db5490 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1536 - Risk Assessment Policy And Procedures 6e40d9de-2ad4-4cb5-8945-23143326a502 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1537 - Risk Assessment Policy And Procedures b19454ca-0d70-42c0-acf5-ea1c1e5726d1 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1538 - Security Categorization 1d7658b2-e827-49c3-a2ae-6d2bd0b45874 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1539 - Security Categorization aabb155f-e7a5-4896-a767-e918bfae2ee0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1540 - Security Categorization f771f8cb-6642-45cc-9a15-8a41cd5c6977 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1541 - Risk Assessment 70f6af82-7be6-44aa-9b15-8b9231b2e434 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1542 - Risk Assessment eab340d0-3d55-4826-a0e5-feebfeb0131d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1543 - Risk Assessment fd00b778-b5b5-49c0-a994-734ea7bd3624 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1544 - Risk Assessment 43ced7c9-cd53-456b-b0da-2522649a4271 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1545 - Risk Assessment 3f4b171a-a56b-4328-8112-32cf7f947ee1 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1546 - Vulnerability Scanning 2ce1ea7e-4038-4e53-82f4-63e8859333c1 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1547 - Vulnerability Scanning 58abf9b8-c6d4-4b4b-bfb9-fe98fe295f52 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1548 - Vulnerability Scanning 3afe6c78-6124-4d95-b85c-eb8c0c9539cb Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1549 - Vulnerability Scanning d6976a08-d969-4df2-bb38-29556c2eb48a Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1550 - Vulnerability Scanning 902908fb-25a8-4225-a3a5-5603c80066c9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1551 - Vulnerability Scanning | Update Tool Capability 5bbda922-0172-4095-89e6-5b4a0bf03af7 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1552 - Vulnerability Scanning | Update By Frequency / Prior To New Scan / When Identified 43684572-e4f1-4642-af35-6b933bc506da Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1553 - Vulnerability Scanning | Breadth / Depth Of Coverage 9e5225fe-cdfb-4fce-9aec-0fe20dd53b62 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1554 - Vulnerability Scanning | Discoverable Information 10984b4e-c93e-48d7-bf20-9c03b04e9eca Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1555 - Vulnerability Scanning | Privileged Access 5afa8cab-1ed7-4e40-884c-64e0ac2059cc Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1556 - Vulnerability Scanning | Automated Trend Analyses 391ff8b3-afed-405e-9f7d-ef2f8168d5da Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1557 - Vulnerability Scanning | Review Historic Audit Logs 36fbe499-f2f2-41b6-880e-52d7ea1d94a5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1558 - Vulnerability Scanning | Correlate Scanning Information 65592b16-4367-42c5-a26e-d371be450e17 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1589 - External Information System Services | Risk Assessments / Organizational Approvals 86ec7f9b-9478-40ff-8cfd-6a0d510081a8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1590 - External Information System Services | Risk Assessments / Organizational Approvals bf296b8c-f391-4ea4-9198-be3c9d39dd1f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1594 - Developer Configuration Management 042ba2a1-8bb8-45f4-b080-c78cf62b90e9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1595 - Developer Configuration Management 1e0414e7-6ef5-4182-8076-aa82fbb53341 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1596 - Developer Configuration Management 21e25e01-0ae0-41be-919e-04ce92b8e8b8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1597 - Developer Configuration Management 68b250ec-2e4f-4eee-898a-117a9fda7016 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1598 - Developer Configuration Management ae7e1f5e-2d63-4b38-91ef-bce14151cce3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1599 - Developer Configuration Management | Software / Firmware Integrity Verification 0004bbf0-5099-4179-869e-e9ffe5fb0945 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1606 - Developer Security Testing And Evaluation | Threat And Vulnerability Analyses baa8a9a4-5bbe-4c72-98f6-a3a47ae2b1ca Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1608 - Supply Chain Protection b73b7b3b-677c-4a2a-b949-ad4dc4acd89f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1612 - Developer Security Architecture And Design a2037b3d-8b04-4171-8610-e6d4f1d08db5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1613 - Developer Security Architecture And Design fe2ad78b-8748-4bff-a924-f74dfca93f30 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1614 - Developer Security Architecture And Design 8154e3b3-cc52-40be-9407-7756581d71f6 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1641 - Transmission Confidentiality And Integrity | Cryptographic Or Alternate Physical Protection d39d4f68-7346-4133-8841-15318a714a24 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1643 - Cryptographic Key Establishment And Management 6d8d492c-dd7a-46f7-a723-fa66a425b87c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1644 - Cryptographic Key Establishment And Management | Availability a7211477-c970-446b-b4af-062f37461147 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1645 - Cryptographic Key Establishment And Management | Symmetric Keys afbd0baf-ff1a-4447-a86f-088a97347c0c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1659 - Architecture And Provisioning For Name / Address Resolution Service 35a4102f-a778-4a2e-98c2-971056288df8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1664 - Protection Of Information At Rest | Cryptographic Protection a2cdf6b8-9505-4619-b579-309ba72037ac Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1690 - Information System Monitoring | System-Wide Intrusion Detection System a2567a23-d1c3-4783-99f3-d471302a4d6b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1695 - Information System Monitoring | Wireless Intrusion Detection 13fcf812-ec82-4eda-9b89-498de9efd620 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1698 - Information System Monitoring | Individuals Posing Greater Risk 31b752c1-05a9-432a-8fce-c39b56550119 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1712 - Software & Information Integrity 44e543aa-41db-42aa-98eb-8a5eb1db53f0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1713 - Software & Information Integrity | Integrity Checks 0d87c70b-5012-48e9-994b-e70dd4b8def0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1714 - Software & Information Integrity | Automated Notifications Of Integrity Violations e12494fa-b81e-4080-af71-7dbacc2da0ec Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1715 - Software & Information Integrity | Automated Response To Integrity Violations dd469ae0-71a8-4adc-aafc-de6949ca3339 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1716 - Software & Information Integrity | Integration Of Detection And Response e54c325e-42a0-4dcf-b105-046e0f6f590f Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1717 - Software & Information Integrity | Binary Or Machine Executable Code 967773fc-d9ab-4a4e-8ff6-f5e9e3f5dbef Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1718 - Software & Information Integrity | Binary Or Machine Executable Code 0dced7ab-9ce5-4137-93aa-14c13e06ab17 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1728 - Incident Handling 05a32666-d134-4842-a8cb-5c299f4bc099 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1739 - Information System Inventory 74520428-3aa8-449c-938d-93f51940759e Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1741 - Enterprise Architecture 9870806c-153f-4fa5-aafa-c5f5eeb72292 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1743 - Risk Management Strategy 66a56404-7b65-4e33-b371-28d069172dd4 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1744 - Risk Management Strategy 07458826-9325-4481-abaf-bc9ed043459d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1745 - Risk Management Strategy a36eb487-cbd1-4fe7-a3df-2efc6aa2c2b6 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1802 - Governance And Privacy Program 6bfe6405-805c-4c9b-a9d3-f209237bb95d Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1803 - Governance And Privacy Program f3739612-c86c-4b2e-bbe6-0d0869aec19c Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1804 - Governance And Privacy Program 0afb38a3-5e1c-4339-9ab4-df6a3dfc7da2 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1805 - Governance And Privacy Program 9834600a-668a-482c-9310-a89861b29e06 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1806 - Governance And Privacy Program 956b00aa-7977-4214-a0f5-e0428c1f9bff Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1807 - Governance And Privacy Program 7cb8a3d2-a208-4b6f-95e8-e8f0bb85a7a6 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1808 - Privacy Impact And Risk Assessment cd6120c1-d069-416d-9753-fbe84bca4b01 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1809 - Privacy Impact And Risk Assessment 6b04f815-52d7-4ff6-94bf-a4f22c07d5ae Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1810 - Privacy Requirements for Contractors And Service Providers 395736bb-aa8b-45f0-b9cc-06af26b2b1d4 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1811 - Privacy Requirements for Contractors And Service Providers 4d1d4ce2-71ea-4578-bbb4-fe76215d45ac Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1812 - Privacy Monitoring And Auditing f7161f06-5260-4f0f-aeae-4bbfb8612a10 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1813 - Privacy Awareness And Training 4b0d8d1d-7800-4b62-b4bf-6eecde12b2af Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1814 - Privacy Awareness And Training 5b61f773-2042-46a8-b489-106d850d6d4e Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1815 - Privacy Awareness And Training 20ea0798-d19e-4925-afd0-53d583815818 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1816 - Privacy Reporting 58f477bf-287b-43ef-ab49-dffde92130a0 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1817 - Privacy-Enhanced System Design And Development d2fc426a-4b67-464b-87c9-2134b8762ddf Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1818 - Accounting of Disclosures d39620a4-95c6-4d4f-8aa4-83c0c6a2c640 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1819 - Accounting of Disclosures c6c43097-8552-4279-8b38-7dcabff781d3 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1820 - Accounting of Disclosures 106618ad-fe3e-49b4-bfef-01009f6770d8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1829 - Data Integrity And Data Integrity Board | Publish Agreements on Website 66632c7c-d0b3-4945-a8ae-e5c62cbea386 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1834 - Data Retention And Disposal 12a4a4dd-6c65-4900-9d7e-63fed5da791e Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1835 - Data Retention And Disposal 56a838e0-0a5d-49a8-ab74-bf6be81b32f5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1836 - Data Retention And Disposal 5bef3414-50bc-4fc0-b3db-372bb8fe0796 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1837 - Data Retention And Disposal | System Configuration d7d66d05-bf34-4555-b5f2-8b749def4098 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1840 - Minimization of PII Used in Testing, Training, And Research | Risk Minimization Techniques 3a02bf7a-8fb7-4c97-bd55-4a8592764cc8 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1854 - Inventory of Personally Identifiable Information 952a545c-6dc5-4999-aeb6-51ed27dc7ea5 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1855 - Inventory of Personally Identifiable Information 0a2119c1-f068-4bfe-9f03-db94317e8db9 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1856 - Privacy Incident Response 2d5600ed-575a-4723-9ff4-52d694be0a59 Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1857 - Privacy Incident Response fb845c34-808d-4c17-a0ce-85a530e9164b Regulatory Compliance Fixed
audit
0 GA
Microsoft Managed Control 1865 - System of Records Notices And Privacy Act Statements | Public Website Publication c3e4fa5d-c0c4-46c4-9a13-bb9b9f0b003f Regulatory Compliance Fixed
audit
0 GA
Migrate WAF from WAF Config to WAF Policy on Application Gateway 882e19a6-996f-400e-a30f-c090887254f4 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Modify access authorizations upon personnel transfer 979ed3b6-83f9-26bc-4b86-5b05464700bf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Modify Azure SignalR Service resources to disable public network access 62a3ae95-8169-403e-a2d2-b82141448092 SignalR Default
Modify
Allowed
Modify, Disabled
1 SignalR/Web PubSub Contributor GA
Monitor access across the organization 48c816c5-2190-61fc-8806-25d6f3df162f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor account activity 7b28ba4f-0a87-46ac-62e1-46b7c09202a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor missing Endpoint Protection in Azure Security Center af6cd1bd-1635-48cb-bde7-5b15693900b9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor security and privacy training completion 82bd024a-5c99-05d6-96ff-01f539676a1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor third-party provider compliance f8ded0c6-a668-9371-6bb6-661d58787198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
MySQL server should use a virtual network service endpoint 3375856c-3824-4e0e-ae6a-79e011dd4c47 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Not allow for information systems to accompany with individuals 41172402-8d73-64c7-0921-909083c086b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify Account Managers of customer controlled accounts 4b8fd5da-609b-33bf-9724-1c946285a14c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify personnel upon sanctions 6228396e-2ace-7ca5-3247-45767dbf52f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify upon termination or transfer c79d378a-2521-822a-0407-57454f8d2c74 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify users of system logon or access fe2dff43-0a8c-95df-0432-cb1c794b17d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify when account is not needed 8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obscure feedback information during authentication process 1ff03f2a-974b-3272-34f2-f6cd51420b30 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain Admin documentation 3f1216b0-30ee-1ac9-3899-63eb744e85f5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain consent prior to collection or processing of personal data 069101ac-4578-31da-0cd4-ff083edd3eb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain legal opinion for monitoring system activities d9af7f88-686a-5a8b-704b-eafdab278977 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain user security function documentation be1c34ab-295a-07a6-785c-36f63c1d223e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform disposition review b5a4be05-3997-1731-3260-98be653610f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform information input validation 8b1f29eb-1b22-4217-5337-9207cb55231e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Plan for continuance of essential business functions d9edcea6-6cb8-0266-a48c-2061fbac4310 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Plan for resumption of essential business functions 7ded6497-815d-6506-242b-e043e0273928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
PostgreSQL server should use a virtual network service endpoint 3c14b034-bcb6-4905-94e7-5b8e98a47b65 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Prevent identifier reuse for the defined time period 4781e5fd-76b8-7d34-6df3-a0a7fca47665 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prevent split tunneling for remote devices 66e5cb69-9f1c-8b8d-8fbd-b832466d5aa8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce complete records of remote maintenance activities 74041cfe-3f87-1d17-79ec-34ca5f895542 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce Security Assessment report 70a7a065-a060-85f8-7863-eb7850ed2af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute asymmetric cryptographic keys de077e7e-0cc8-65a6-6e08-9ab46c827b05 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Produce, control and distribute symmetric cryptographic keys 16c54e01-9e65-7524-7c33-beda48a75779 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit remote activation of collaborative computing devices 678ca228-042d-6d8e-a598-c58d5670437d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit unfair practices 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect administrator and user documentation 09960521-759e-5d12-086f-4192a72a5e92 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect against and prevent data theft from departing employees 80a97208-264e-79da-0cc7-4fca179a0c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect audit information 0e696f5a-451f-5c15-5532-044136538491 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect incident response plan 2401b496-7f23-79b2-9f80-89bb5abf3d4a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect the information security program plan 2e7a98c9-219f-0d58-38dc-d69038224442 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect wireless access d42a8f69-a193-6cbc-48b9-04a9e29961f1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide contingency training de936662-13dc-204c-75ec-1af80f994088 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide information spillage training 2d4d0e90-32d9-4deb-2166-a00d51ed57c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide monitoring information as needed 7fc1f0da-0050-19bb-3d75-81ae15940df6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy notice 098a7b84-1031-66d8-4e78-bd15b5fd2efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based security training 4c385143-09fd-3a34-790c-a5fd9ec77ddc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide secure name and address resolution services bbb2e6d6-085f-5a35-a55d-e45daad38933 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide timely maintenance support eb598832-4bcc-658d-4381-3ecbe17b9866 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Public IP addresses should have resource logs enabled for Azure DDoS Protection 752154a7-1e0f-45c6-a880-ac75a7e4f648 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, DeployIfNotExists, Disabled
1 Log Analytics Contributor GA
Public network access on Azure Data Explorer should be disabled 43bc7be6-5e69-4b0d-a2bb-e815557ca673 Azure Data Explorer Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access on Azure SQL Database should be disabled 1b8ca024-1d5c-4dec-8995-b1a932b41780 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for IoT Central cd870362-211d-4cad-9ad9-11e5ea4ebbc1 Internet of Things Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MariaDB servers fdccbe47-f3e3-4213-ad5d-ea459b2fa077 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MySQL flexible servers c9299215-ae47-4f50-9c54-8a392f68a052 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for MySQL servers d9844e8a-1437-4aeb-a32c-0c992f056095 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for PostgreSQL flexible servers 5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Public network access should be disabled for PostgreSQL servers b52376f7-9612-48a1-81cd-1ffe4b61032c SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Publish access procedures in SORNs b2c723e8-a1a0-8e38-5cf1-f5a20ffe4f51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Publish Computer Matching Agreements on public website cdcb825f-a0fb-31f9-29c1-ab566718499a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Publish rules and regulations accessing Privacy Act records ad1d562b-a04b-15d3-6770-ed310b601cb5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Queue Storage should use customer-managed key for encryption f0e5abd0-2554-4736-b7c0-4ffef23475ef Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Reassign or remove user privileges as needed 7805a343-275c-41be-9d62-7215b96212d8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reauthenticate or terminate a user session d6653f89-7cb5-24a4-9d71-51581038231b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reevaluate access upon personnel transfer e89436d8-6a93-3b62-4444-1d2a42ad56b2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Refresh authenticators 3ae68d9a-5696-8c32-62d3-c6f9c52e437c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reissue authenticators for changed groups and accounts 2f204e72-1896-3bf8-75c9-9128b8683a36 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Report atypical behavior of user accounts e4054c0e-1184-09e6-4c5e-701e0bc90f81 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require compliance with intellectual property rights 725164e5-3b21-1ec2-7e42-14f077862841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to build security architecture f131c8c5-a54a-4888-1efc-158928924bc1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to describe accurate security functionality 3e37c891-840c-3eb4-78d2-e2e0bb5063e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to document approved changes and potential impact 3a868d0c-538f-968b-0191-bddb44da5b75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to implement only approved changes 085467a6-9679-5c65-584a-f55acefd0d43 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to manage change integrity b33d61c1-7463-7025-0ec0-a47585b59147 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to produce evidence of security assessment plan execution f8a63511-66f1-503f-196d-d6217ee0823a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require developers to provide unified security protection approach 7a114735-a420-057d-a651-9a73cd0416ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require external service providers to comply with security requirements 4e45863d-9ea9-32b4-a204-2680bc6007a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require interconnection security agreements 096a7055-30cb-2db4-3fda-41b20ac72667 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require notification of third-party personnel transfer or termination afd5d60a-48d2-8073-1ec2-6687e22f2ddd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require third-party providers to comply with personnel security policies and procedures e8c31e15-642d-600f-78ab-bad47a5787e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require users to sign access agreement 3af53f59-979f-24a8-540f-d7cdbc366607 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Rescreen individuals at a defined frequency c6aeb800-0b19-944d-92dc-59b893722329 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Resource logs in Azure Key Vault Managed HSM should be enabled a2a5b911-5617-447e-a49e-59dbe0e0434b Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Azure Kubernetes Service should be enabled 245fc9df-fa96-4414-9a0b-3738c2f7341c Kubernetes Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Azure Machine Learning Workspaces should be enabled afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Machine Learning Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Azure Stream Analytics should be enabled f9be5368-9bf5-4b84-9e0a-7850da98bb46 Stream Analytics Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Batch accounts should be enabled 428256e6-1fac-4f48-a757-df34c2b3336d Batch Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Data Lake Analytics should be enabled c95c74d9-38fe-4f0d-af86-0c7d626a315c Data Lake Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Event Hub should be enabled 83a214f7-d01a-484b-91a9-ed54470c9a6a Event Hub Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in IoT Hub should be enabled 383856f8-de7f-44a2-81fc-e5135b5c2aa4 Internet of Things Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Key Vault should be enabled cf820ca0-f99e-4f3e-84fb-66e913812d21 Key Vault Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Search services should be enabled b4330a05-a843-4bc8-bf9a-cacce50c67f4 Search Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Resource logs in Service Bus should be enabled f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Service Bus Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict communications 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict media use 6122970b-8d4a-7811-0278-4c6c68f61e4f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict unauthorized software and firmware installation 4ee5975d-2507-5530-a20a-83a725889c6f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict use of open source software 08c11b48-8745-034d-1c1b-a144feec73b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Resume all mission and business functions 91a54089-2d69-0f56-62dc-b6371a1671c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain security policies and procedures efef28d0-3226-966a-a1e8-70e89c1b30bc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain terminated user data 7c7032fe-9ce6-9092-5890-87a1a3755db1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Retain training records 3153d9c0-2584-14d3-362d-578b01358aeb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Reveal error messages 20762f1e-85fb-31b0-a600-e833633f10fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review access control policies and procedures 03d550b4-34ee-03f4-515f-f2e2faf7a413 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review administrator assignments weekly f27a298f-9443-014a-0d40-fef12adf0259 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and reevaluate privileges 585af6e9-90c0-4575-67a7-2f9548972e32 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and sign revised rules of behavior 6c0a312f-04c5-5c97-36a5-e56763a02b6b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update configuration management policies and procedures eb8a8df9-521f-3ccd-7e2c-3d1fcc812340 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update contingency planning policies and procedures e9c60c37-65b0-2d72-6c3c-af66036203ae Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update incident response policies and procedures b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update information integrity policies and procedures 6bededc0-2985-54d5-4158-eb8bad8070a0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update media protection policies and procedures b4e19d22-8c0e-7cad-3219-c84c62dc250f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update personnel security policies and procedures e5c5fc78-4aa5-3d6b-81bc-5fcc88b318e9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update physical and environmental policies and procedures 91cf132e-0c9f-37a8-a523-dc6a92cd2fb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update planning policies and procedures 28aa060e-25c7-6121-05d8-a846f11433df Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update risk assessment policies and procedures 20012034-96f0-85c2-4a86-1ae1eb457802 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system and communications protection policies and procedures adf517f3-6dcd-3546-9928-34777d0c277e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system and services acquisition policies and procedures f49925aa-9b11-76ae-10e2-6e973cc60f37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update system maintenance policies and procedures 2067b904-9552-3259-0cdd-84468e284b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update the events defined in AU-02 a930f477-9dcb-2113-8aa7-45bb6fc90861 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update the information security architecture ced291b8-1d3d-7e27-40cf-829e9dd523c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review audit data 6625638f-3ba1-7404-5983-0ea33d719d34 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review changes for any unauthorized changes c246d146-82b0-301f-32e7-1065dcd248b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud identity report overview 8aec4343-9153-9641-172c-defb201f56b3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review cloud service provider's compliance with policies and agreements ffea18d9-13de-6505-37f3-4c1f88070ad7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review contingency plan 53fc1282-0ee3-2764-1319-e20143bb0ea5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review controlled folder access events f48b60c6-4b37-332f-7288-b6ea50d300eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review development process, standards and tools 1e876c5c-0f2a-8eb6-69f7-5f91e7918ed6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review file and folder activity ef718fe4-7ceb-9ddf-3198-0ee8f6fe9cba Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review label activity and analytics e23444b9-9662-40f3-289e-6d25c02b48fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review role group changes weekly 70fe686f-1f91-7dab-11bf-bca4201e183b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review security assessment and authorization policies and procedures a4493012-908c-5f48-a468-1e243be884ce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review the results of contingency plan testing 5d3abfea-a130-1208-29c0-e57de80aa6b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review threat protection status weekly fad161f5-5261-401a-22dd-e037bae011bd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Route traffic through managed network access points bab9ef1d-a16d-421a-822d-3fa94e808156 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure the interface to external systems ff1efad2-6b09-54cc-01bf-d386c4d558a8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Security Center standard pricing tier should be selected a1181c5f-672a-477a-979a-7d58aa086233 Security Center Default
Audit
Allowed
Audit, Disabled
0 GA
Select additional testing for security control assessments f78fc35e-1268-0bca-a798-afcba9d2330a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separate duties of individuals 60ee1260-97f0-61bb-8155-5d8b75743655 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separate user and information system management functionality 8a703eb5-4e53-701b-67e4-05ba2f7930c8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separately store backup information fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Service Fabric clusters should only use Azure Active Directory for client authentication b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Setup subscriptions to transition to an alternative vulnerability assessment solution 766e621d-ba95-4e43-a6f2-e945db3d7888 Security Center Default
DeployIfNotExists
Allowed
DeployIfNotExists, Disabled
1 Security Admin GA
SQL Database should avoid using GRS backup redundancy b219b9cf-f672-4f96-9ab0-f5a3ac5e1c13 SQL Default
Deny
Allowed
Deny, Disabled
0 GA
SQL databases should have vulnerability findings resolved feedbf84-6b99-488c-acc2-71c829aa5ffc Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
SQL Managed Instances should avoid using GRS backup redundancy a9934fd7-29f2-4e6d-ab3d-607ea38e9079 SQL Default
Deny
Allowed
Deny, Disabled
0 GA
SQL servers on machines should have vulnerability findings resolved 6ba6d016-e7c3-4842-b8f2-4992ebc0d72d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
SQL servers with auditing to storage account destination should be configured with 90 days retention or higher 89099bee-89e0-4b26-a5f4-165451757743 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Storage accounts should be migrated to new Azure Resource Manager resources 37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should disable public network access b2982f36-99f2-4db5-8eff-283140c09693 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default
Audit
Allowed
Audit, Disabled
0 GA
Subscription should configure the Azure Firewall Premium to provide additional layer of protection f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Support personal verification credentials issued by legal authorities 1d39b5d9-0392-8954-8359-575ce1957d1a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Synapse workspaces with SQL auditing to storage account destination should be configured with 90 days retention or higher 529ea018-6afc-4ed4-95bd-7c9ee47b00bc Synapse Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
System updates should be installed on your machines 86b3d65f-7626-441e-b690-81a8b71cff60 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Table Storage should use customer-managed key for encryption 7c322315-e26d-4174-a99e-f49d351b4688 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Terminate customer controlled account credentials 76d66b5c-85e4-93f5-96a5-ebb2fad61dc6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Terminate user session automatically 4502e506-5f35-0df4-684f-b326e3cc7093 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Test contingency plan at an alternate processing location ba99d512-3baa-1c38-8b0b-ae16bbd34274 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Test the business continuity and disaster recovery plan 58a51cde-008b-1a5d-61b5-d95849770677 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Track software license usage 77cc89bb-774f-48d7-8a84-fb8c322c3000 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Train personnel on disclosure of nonpublic information 97f0d974-1486-01e2-2088-b888f46c0589 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transfer backup information to an alternate storage site 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update contingency plan 14a4fd0a-9100-1e12-1362-792014a28155 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update information security policies 5226dee6-3420-711b-4709-8e675ebd828f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update interconnection security agreements d48a6f19-a284-6fc6-0623-3367a74d3f50 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update organizational access agreements e21f91d1-2803-0282-5f2d-26ebc4b170ef Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update POA&M items cc057769-01d9-95ad-a36f-1e62a7f9540b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update privacy plan, policies, and procedures 96333008-988d-4add-549b-92b3a8c42063 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements 6610f662-37e9-2f71-65be-502bdc2f554d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements every 3 years 7ad83b58-2042-085d-08f0-13e946f26f89 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use dedicated machines for administrative tasks b8972f60-8d77-1cb8-686f-9c9f4cdd8a59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use system clocks for audit records 1ee4c7eb-480a-0007-77ff-4ba370776266 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify identity before distributing authenticators 72889284-15d2-90b2-4b39-a1e9541e1152 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify personal data is deleted at the end of processing c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify security controls for external information systems dc7ec756-221c-33c8-0afe-c48e10e42321 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Virtual machines should be migrated to new Azure Resource Manager resources 1d84d5fb-01f6-4d12-ba4f-4a26081d403d Compute Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet 77e8b146-0078-4fb2-b002-e112381199f0 SQL Fixed
AuditIfNotExists
0 GA
Virtual networks should be protected by Azure DDoS Protection 94de2ad3-e0c1-4caf-ad78-5d47bbc83d3d Network Default
Modify
Allowed
Modify, Audit, Disabled
1 Network Contributor GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on your Synapse workspaces 0049a6b3-a662-4f3e-8635-39cf44ace45a Synapse Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Web Application Firewall (WAF) should be enabled for Application Gateway 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Web Application Firewall (WAF) should enable all firewall rules for Application Gateway 632d3993-e2c0-44ea-a7db-2eca131f356d Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Web Application Firewall (WAF) should use the specified mode for Application Gateway 12430be1-6cc8-4527-a9a8-e3d38f250096 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Web Application Firewall (WAF) should use the specified mode for Azure Front Door Service 425bea59-a659-4cbb-8d31-34499bd030b8 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Windows Defender Exploit Guard should be enabled on your machines bed48b13-6647-468e-aa2f-1af1d3f4dd40 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should configure Windows Defender to update protection signatures within one day d96163de-dbe0-45ac-b803-0e9ca0f5764e Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should enable Windows Defender Real-time protection b3248a42-b1c1-41a4-87bc-8bad3d845589 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements for 'Windows Firewall Properties' 35d9882c-993d-44e6-87d2-db66ce21b636 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should schedule Windows Defender to perform a scheduled scan every day 3810e389-1d92-4f77-9267-33bdcf0bd225 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used Total Roles usage: 85
Total Roles unique usage: 14
Role Role Id Policies count Policies
Key Vault Contributor f25e0fa2-a7c8-4377-a976-54943a77a395 1 Configure key vaults to enable firewall
Azure Event Hubs Data Owner f526a384-b230-433a-b45c-95f59c4a2dec 1 Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub
Storage Account Contributor 17d1049b-9a84-46fb-8f53-869881c3d3ab 1 Configure storage accounts to disable public network access
Contributor b24988ac-6180-42a0-ab88-20f7382dd24c 11 Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace, Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace, Configure Azure Kubernetes Service clusters to enable Defender profile, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a Log Analytics workspace, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL and DCR with a user-defined LA workspace, Configure the Microsoft Defender for SQL Log Analytics workspace, Deploy export to Event Hub as a trusted service for Microsoft Defender for Cloud data, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs
Security Admin fb1c8493-542b-48eb-b624-b4c8fea62acd 15 Configure Azure Defender for App Service to be enabled, Configure Azure Defender for Azure SQL database to be enabled, Configure Azure Defender for open-source relational databases to be enabled, Configure Azure Defender for Resource Manager to be enabled, Configure Azure Defender for servers to be enabled, Configure Azure Defender for SQL servers on machines to be enabled, Configure basic Microsoft Defender for Storage to be enabled (Activity Monitoring only), Configure machines to receive a vulnerability assessment provider, Configure Microsoft Defender for Azure Cosmos DB to be enabled, Configure Microsoft Defender for Containers to be enabled, Configure Microsoft Defender for Key Vault plan, Configure Microsoft Defender for Storage (Classic) to be enabled, Deploy Defender for Storage (Classic) on storage accounts, Enable Microsoft Defender for Cloud on your subscription, Setup subscriptions to transition to an alternative vulnerability assessment solution
SQL Security Manager 056cd41c-7e88-42e1-933e-88ba6a50c9c3 2 Configure Azure Defender to be enabled on SQL managed instances, Configure Microsoft Defender for SQL to be enabled on Synapse workspaces
Azure Connected Machine Resource Administrator cd570a14-e51a-42ad-bac8-bafd67325302 2 [Preview]: Configure Linux Arc-enabled machines to to install AMA for ChangeTracking and Inventory, [Preview]: Configure Windows Arc-enabled machines to install AMA for ChangeTracking and Inventory
Owner 8e3af657-a8ff-443c-a75c-2fe8c4bcb635 2 Configure Microsoft Defender CSPM to be enabled, Configure Microsoft Defender for Storage to be enabled
Network Contributor 4d97b98b-1d4f-4787-a291-c67834d212e7 7 [Preview]: Configure Recovery Services vaults to use private DNS zones for backup, [Preview]: Configure Recovery Services vaults to use private endpoints for backup, Configure a private DNS Zone ID for web groupID, Configure a private DNS Zone ID for web_secondary groupID, Configure Azure Web PubSub Service to use private DNS zones, Configure Azure Web PubSub Service with private endpoints, Virtual networks should be protected by Azure DDoS Protection
SignalR/Web PubSub Contributor 8cf5e20a-e4b2-4e9d-b3a1-5ceb692c2761 4 Configure Azure Web PubSub Service to disable local authentication, Configure Azure Web PubSub Service to disable public network access, Configure Azure Web PubSub Service with private endpoints, Modify Azure SignalR Service resources to disable public network access
Backup Contributor 5e467623-bb1f-42f4-a55d-6e525e11384b 7 [Preview]: Configure backup for blobs on storage accounts with a given tag to an existing backup vault in the same region, [Preview]: Configure blob backup for all storage accounts that do not contain a given tag to a backup vault in the same region, [Preview]: Disable Cross Subscription Restore for Backup Vaults, Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy, Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location, Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy, Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location
Virtual Machine Contributor 9980e02c-c2be-4d73-94e8-173b1dc7cf3c 8 [Preview]: Configure Linux VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity, [Preview]: Configure Linux VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity, [Preview]: Configure Windows VMs to install AMA for ChangeTracking and Inventory with user-assigned managed identity, [Preview]: Configure Windows VMSS to install AMA for ChangeTracking and Inventory with user-assigned managed identity, Configure backup on virtual machines with a given tag to a new recovery services vault with a default policy, Configure backup on virtual machines with a given tag to an existing recovery services vault in the same location, Configure backup on virtual machines without a given tag to a new recovery services vault with a default policy, Configure backup on virtual machines without a given tag to an existing recovery services vault in the same location
Monitoring Contributor 749f88d5-cbae-40b8-bcfc-e573ddc772fa 9 [Preview]: Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory, Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR, Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL
Log Analytics Contributor 92aaf0da-9dab-42b6-94a3-d43ce8d16293 15 [Preview]: Configure Linux Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Linux Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Linux VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows Arc-enabled machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows Virtual Machines to be associated with a Data Collection Rule for ChangeTracking and Inventory, [Preview]: Configure Windows VMSS to be associated with a Data Collection Rule for ChangeTracking and Inventory, Configure Arc-enabled SQL Servers to automatically install Microsoft Defender for SQL, Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL DCR, Configure Arc-enabled SQL Servers with Data Collection Rule Association to Microsoft Defender for SQL user-defined DCR, Configure Azure Kubernetes Service clusters to enable Defender profile, Configure SQL Virtual Machines to automatically install Microsoft Defender for SQL, Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Event Hub, Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Log Analytics, Enable logging by category group for Web PubSub Service (microsoft.signalrservice/webpubsub) to Storage, Public IP addresses should have resource logs enabled for Azure DDoS Protection
History
Date/Time (UTC ymd) (i) Changes
2024-05-15 17:48:20 add Initiative 175daf90-21e1-4fec-b745-7b4c909aa94c
JSON compare n/a
JSON
api-version=2021-06-01
EPAC