last sync: 2024-Dec-05 18:53:40 UTC

SOC 2 Type 2

Azure BuiltIn Policy Initiative (PolicySet)

Source Azure Portal
Display nameSOC 2 Type 2
Id4054785f-702b-4a98-9215-009cbd58b141
Version1.10.0
Details on versioning
Versioning Versions supported for Versioning: 7
1.4.0
1.5.0
1.6.0
1.7.0
1.8.0
1.9.0
1.10.0
Built-in Versioning [Preview]
CategoryRegulatory Compliance
Microsoft Learn
DescriptionA System and Organization Controls (SOC) 2 is a report based on the Trust Service Principles and Criteria established by the American Institute of Certified Public Accountants (AICPA). The Report evaluates an organization's information system relevant to the following principles: security, availability, processing integrity, confidentiality and privacy. These policies address a subset of SOC 2 Type 2 controls. For more information, visit https://docs.microsoft.com/azure/compliance/offerings/offering-soc-2
TypeBuiltIn
DeprecatedFalse
PreviewFalse
Policy count Total Policies: 311
Builtin Policies: 311
Static Policies: 0
Policy used
Policy DisplayName Policy Id Category Effect Roles# Roles State
[Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled eaebaea7-8013-4ceb-9d14-7eb32271373c App Service Default
Disabled
Allowed
Audit, Disabled
0 Deprecated
[Preview]: All Internet traffic should be routed via your deployed Azure Firewall fc5e4038-4584-4632-8c85-c0448d374b2c Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed 8dfab9c4-fe7b-49ad-85e4-1e9be085358f Kubernetes Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines 672fe5a1-2fcd-42d7-b85d-902b6e28c6ff Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets a21f8c92-9e22-4f09-b759-50500d1d2dda Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines 1cb4d9c2-f88f-4069-bee0-dba239a57b09 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets f655e522-adff-494d-95c2-52d4f6d56a42 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 Preview
[Preview]: Secure Boot should be enabled on supported Windows virtual machines 97566dd7-78ae-4997-8b36-1c7bfe0d8121 Security Center Default
Audit
Allowed
Audit, Disabled
0 Preview
[Preview]: vTPM should be enabled on supported virtual machines 1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 Security Center Default
Audit
Allowed
Audit, Disabled
0 Preview
A maximum of 3 owners should be designated for your subscription 4f11b553-d42e-4e3a-89be-32ca364cad4c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
A vulnerability assessment solution should be enabled on your virtual machines 501541f7-f7e7-4cd6-868c-4190fdad3ac9 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with owner permissions on Azure resources should be MFA enabled e3e008c3-56b9-4133-8fd7-d3347377402a Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with read permissions on Azure resources should be MFA enabled 81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Accounts with write permissions on Azure resources should be MFA enabled 931e118d-50a1-4457-a5e4-78550e086c52 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Adhere to retention periods defined 1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Adopt biometric authentication mechanisms 7d7a8356-5c34-9a95-3118-1424cfaf192a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
All network ports should be restricted on network security groups associated to your virtual machine 9daedab3-fb2d-461e-b861-71790eead4f6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
An activity log alert should exist for specific Administrative operations b954148f-4c11-4c38-8221-be76711e194a Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
An activity log alert should exist for specific Policy operations c5447c04-a4d7-4ba8-a263-c9ee321a6858 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
An activity log alert should exist for specific Security operations 3b980d31-7904-4bb7-8575-5665739a8052 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have Client Certificates (Incoming client certificates) enabled 19dd1db6-f442-49cf-a838-b0786b4401ef App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should have remote debugging turned off cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should not have CORS configured to allow every resource to access your apps 5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should only be accessible over HTTPS a4af4a39-4135-47fb-b175-47fbdf85311d App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
App Service apps should require FTPS only 4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
App Service apps should use latest 'HTTP Version' 8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Appoint a senior information security officer c6cf9f2c-5fd8-3f16-a1f1-f0b69c904928 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess information security events 37b0045b-3887-367b-8b4d-b9a6fa911bb9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess risk in third party relationships 0d04cb93-a0f1-2f4b-4b1b-a72a1b510d08 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assess Security Controls c423e64d-995c-9f67-0403-b540f65ba42a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Assign account managers 4c6df5ff-4ef2-4f17-a516-0da9189c603b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit privileged functions f26af0b1-65b6-689a-a03f-352ad2d00f98 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit usage of custom RBAC roles a451c1ef-c6ca-483d-87ed-f49761e3ffb5 General Default
Audit
Allowed
Audit, Disabled
0 GA
Audit user account status 49c23d9b-02b0-0e42-4f94-e8cef1b8381b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Audit VMs that do not use managed disks 06a78e20-9358-41c9-923c-fb736d382a4d Compute Fixed
audit
0 GA
Authentication to Linux machines should require SSH keys 630c64f9-8b6b-4c64-b511-6544ceff6fd6 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Authorize access to security functions and information aeed863a-0f56-429f-945d-8bb66bd06841 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize and manage access 50e9324a-7410-0539-0662-2c1e775538b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Authorize remote access dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Automation account variables should be encrypted 3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) 67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed 6b2122c1-8120-4ff5-801b-17625a355590 Kubernetes Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Backup should be enabled for Virtual Machines 013e242c-8828-4970-87b3-ab247555486d Backup Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest 1f905d99-2ab7-462c-a6b0-f709acca6c8f Cosmos DB Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Azure Defender for App Service should be enabled 2913021d-f2fd-4f3d-b958-22354e2bdbcb Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Azure SQL Database servers should be enabled 7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Key Vault should be enabled 0e6763cc-5078-4e64-889d-ff4d9a839047 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for open-source relational databases should be enabled 0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for Resource Manager should be enabled c3d20c29-b36d-48fe-808b-99a87530ad99 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for servers should be enabled 4da35fc9-c9e7-4960-aec9-797fe7d9051d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL servers on machines should be enabled 6581d072-105e-4418-827f-bd446d56421b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL should be enabled for unprotected Azure SQL servers abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Defender for SQL should be enabled for unprotected SQL Managed Instances abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Azure Kubernetes Service clusters should have Defender profile enabled a1840de2-8088-4ea8-b153-b4c723e9cb01 Kubernetes Default
Audit
Allowed
Audit, Disabled
0 GA
Azure Machine Learning workspaces should be encrypted with a customer-managed key ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Machine Learning Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters 0a15ec92-a229-4763-bb14-0ea34a568f8d Kubernetes Default
Audit
Allowed
Audit, Disabled
0 GA
Azure Web Application Firewall should be enabled for Azure Front Door entry-points 055aa869-bc98-4af8-bafc-23f1ab6ffe2c Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Block untrusted and unsigned processes that run from USB 3d399cf3-8fc6-0efc-6ab0-1412f1198517 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Blocked accounts with owner permissions on Azure resources should be removed 0cfea604-3201-4e14-88fc-fae4c427a6c5 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Blocked accounts with read and write permissions on Azure resources should be removed 8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Categorize information 93fa357f-2e38-22a9-5138-8cc5124e1923 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Certificates should have the specified maximum validity period 0a075868-4c26-42ef-914c-5bc007359560 Key Vault Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Collect PII directly from the individual 964b340a-43a4-4798-2af5-7aedf6cb001b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct a security impact analysis 203101f5-99a3-1491-1b56-acccd9b66a9e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct capacity planning 33602e78-35e3-4f06-17fb-13dd887448e4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Conduct incident response testing 3545c827-26ee-282d-4629-23952a12008b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure actions for noncompliant devices b53aa659-513e-032c-52e6-1ce0ba46582f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure detection whitelist 2927e340-60e4-43ad-6b5f-7a1468232cc2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Configure workstations to check for digital certificates 26daf649-22d1-97e9-2a8a-01b182194d59 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Confirm quality and integrity of PII 8bb40df9-23e4-4175-5db3-8dba86349b73 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Container registries should be encrypted with a customer-managed key 5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container Registry Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Control information flow 59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Control physical access 55a7f9a0-6397-7589-05ef-5ed59a8149e7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate contingency plans with related plans c5784049-959f-6067-420c-f4cefae93076 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Coordinate with external organizations to achieve cross org perspective d4e6a629-28eb-79a9-000b-88030e4823ca Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Create a data inventory 043c1e56-5a16-52f8-6af8-583098ff3e60 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define a physical key management process 51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define cryptographic use c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define mobile device requirements 9ca3a3ea-3a1f-8ba0-31a8-6aed0fe1a7a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define organizational requirements for cryptographic key management d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define requirements for supplying goods and services 2b2f3a72-9e68-3993-2b69-13dcdecf8958 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Define the duties of processors 52375c01-4d4c-7acc-3aa4-5b3d53a047ec Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Deliver security assessment results 8e49107c-3338-40d1-02aa-d524178a2afe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Design an access control model 03b6427e-6072-4226-4bd9-a410ab65317e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Detect network services that have not been authorized or approved 86ecd378-a3a0-5d5b-207c-05e6aaca43fc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine assertion requirements 7a0ecd94-3699-5273-76a5-edb8499f655a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine information protection needs dbcef108-7a04-38f5-8609-99da110a2a57 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine legal authority to collect PII 7d70383a-32f4-a0c2-61cf-a134851968c2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Determine supplier contract obligations 67ada943-8539-083d-35d0-7af648974125 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop acceptable use policies and procedures 42116f15-5665-a52a-87bb-b40e64c74b6c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop an incident response plan 2b4e134f-1e4c-2bff-573e-082d85479b6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and establish a system security plan b2ea1058-8998-3dd1-84f1-82132ad482fd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain a vulnerability management standard 055da733-55c6-9e10-8194-c40731057ec4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop and maintain baseline configurations 2f20840e-7925-221c-725d-757442753e7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop business classification schemes 11ba0508-58a8-44de-5f3a-9e05d80571da Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop organization code of conduct policy d02498e0-8a6f-6b02-8332-19adf6711d1e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security assessment plan 1c258345-5cd4-30c8-9ef3-5ee4dd5231d6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop security safeguards 423f6d9c-0c73-9cc6-64f4-b52242490368 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Develop SSP that meets criteria 6b957f60-54cd-5752-44d5-ff5a64366c93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document access privileges a08b18c7-9e0a-89f1-3696-d80902196719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document acquisition contract acceptance criteria 0803eaa7-671c-08a7-52fd-ac419f775e75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and distribute a privacy policy ee67c031-57fc-53d0-0cca-96c4c04345e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document and implement privacy complaint procedures eab4450d-9e5c-4f38-0656-2ff8c78c83f3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document mobility training 83dfb2b8-678b-20a0-4c44-5c75ada023e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document personnel acceptance of privacy requirements 271a3e58-1b38-933d-74c9-a580006b80aa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document process to ensure integrity of PII 18e7906d-4197-20fa-2f14-aaac21864e71 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of personal data in acquisition contracts f9ec3263-9562-1768-65a1-729793635a8d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document protection of security information in acquisition contracts d78f95ba-870a-a500-6104-8a5ce2534f19 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document remote access guidelines 3d492600-27ba-62cc-a1c3-66eb919f6a0d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document requirements for the use of shared data in contracts 0ba211ef-0e85-2a45-17fc-401d1b3f8f85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security assurance requirements in acquisition contracts 13efd2d7-3980-a2a4-39d0-527180c009e8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security documentation requirements in acquisition contract a465e8e9-0095-85cb-a05f-1dd4960d02af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security functional requirements in acquisition contracts 57927290-8000-59bf-3776-90c468ac5b4b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document security strength requirements in acquisition contracts ebb0ba89-6d8c-84a7-252b-7393881e43de Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the information system environment in acquisition contracts c148208b-1a6f-a4ac-7abc-23b1d41121b1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the legal basis for processing personal information 79c75b38-334b-1a69-65e0-a9d929a42f75 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Document the protection of cardholder data in third party contracts 77acc53d-0f67-6e06-7d04-5750653d4629 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Email notification for high severity alerts should be enabled 6e2593d9-add6-4083-9c9b-4b7d2188c899 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Email notification to subscription owner for high severity alerts should be enabled 0b15565f-aa9e-48ba-8619-45960f2c314d Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Employ a media sanitization mechanism eaaae23f-92c9-4460-51cf-913feaea4d52 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ automatic emergency lighting aa892c0d-2c40-200c-0dd8-eac8c4748ede Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ flow control mechanisms of encrypted information 79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Employ least privilege access 1bc7fd64-291f-028e-4ed6-6e07886e163f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable detection of network devices 426c172c-9914-10d1-25dd-669641fc1af4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enable network protection 8c255136-994b-9616-79f5-ae87810e0dcf Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce logical access 10c4210b-3ec9-9603-050d-77e4d26c7ebb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce mandatory and discretionary access control policies b1666a13-8f67-9c47-155e-69e027ff6823 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce rules of behavior and access agreements 509552f5-6528-3540-7959-fbeae4832533 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce security configuration settings 058e9719-1ff9-3653-4230-23f76b6492e0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Enforce SSL connection should be enabled for MySQL database servers e802a67a-daf5-4436-9ea6-f6d821dd0c5d SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Enforce SSL connection should be enabled for PostgreSQL database servers d158790f-bfb0-486c-8631-2dc6b4e8e6af SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Ensure privacy program information is publicly available 1beb1269-62ee-32cd-21ad-43d6c9750eb6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Eradicate contaminated information 54a9c072-4a93-2a03-6a43-a060d30383d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a configuration control board 7380631c-5bf5-0e3a-4509-0873becd8a63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a data leakage management procedure 3c9aa856-6b86-35dc-83f4-bc72cec74dea Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish a risk management strategy d36700f2-2f0d-7c2a-059c-bdadd1d79f70 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an alternate processing site af5ff768-a34b-720e-1224-e6b3214f3ba6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish an information security program 84245967-7882-54f6-2d34-85059f725b47 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document a configuration management plan 526ed90e-890f-69e7-0386-ba5c0f1f784f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish and document change control processes bd4dc286-2f30-5b95-777c-681f3a7913d3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish backup policies and procedures 4f23967c-a74b-9a09-9dc2-f566f61a87b9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish conditions for role membership 97cfd944-6f0c-7db2-3796-8e890ef70819 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish configuration management requirements for developers 8747b573-8294-86a0-8914-49e9b06a5ace Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish firewall and router configuration standards 398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish network segmentation for card holder data environment f476f3b0-4152-526e-a209-44e5f8c968d7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish policies for supply chain risk management 9150259b-617b-596d-3bf5-5ca3fce20335 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish privacy requirements for contractors and service providers f8d141b7-4e21-62a6-6608-c79336e36bc9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish security requirements for the manufacturing of connected devices afbecd30-37ee-a27b-8e09-6ac49951a0ee Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Establish third-party personnel security requirements 3881168c-5d38-6f04-61cc-b5d87b2c4c58 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Evaluate and review PII holdings regularly b6b32f80-a133-7600-301e-398d688e7e0c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Execute actions in response to information spills ba78efc6-795c-64f4-7a02-91effbd34af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Function apps should have remote debugging turned off 0e60b895-3786-45da-8377-9c6b4b6ac5f9 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should not have CORS configured to allow every resource to access your apps 0820b7b9-23aa-4725-a1ce-ae4558f718e5 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should only be accessible over HTTPS 6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab App Service Default
Audit
Allowed
Audit, Disabled, Deny
0 GA
Function apps should require FTPS only 399b2637-a50f-4f95-96f8-3a145476eb15 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should use latest 'HTTP Version' e2c1c086-2d84-4019-bff3-c44ccd95113c App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Function apps should use the latest TLS version f9d614c5-c173-4d56-95a7-b4437057d193 App Service Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Generate error messages c2cb4658-44dc-9d11-3dad-7c6802dd5ba3 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MariaDB 0ec47710-77ff-4a3d-9181-6aa50af424d0 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for MySQL 82339799-d096-41ae-8538-b108becf0970 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Geo-redundant backup should be enabled for Azure Database for PostgreSQL 48af4db5-9b8b-401c-8e74-076be876a430 SQL Default
Audit
Allowed
Audit, Disabled
0 GA
Govern and monitor audit processing activities 333b4ada-4a02-0648-3d4d-d812974f1bb2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Guest accounts with owner permissions on Azure resources should be removed 339353f6-2387-4a45-abe4-7f529d121046 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Guest accounts with read permissions on Azure resources should be removed e9ac8f8e-ce22-4355-8f04-99b911d6be52 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Guest accounts with write permissions on Azure resources should be removed 94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Guest Configuration extension should be installed on your machines ae89ebca-1c92-4898-ac2c-9f63decb045c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Identify and authenticate network devices ae5345d5-8dab-086a-7290-db43a3272198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify and manage downstream information exchanges c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Identify classes of Incidents and Actions taken 23d1a569-2d1e-7f43-9e22-1f94115b7dd5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement a penetration testing methodology c2eabc28-1e5c-78a2-a712-7cc176c44c07 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement an automated configuration management tool 33832848-42ab-63f3-1a55-c0ad309d44cd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure all media e435f7e3-0dd9-58c9-451f-9b44b96c0232 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement controls to secure alternate work sites cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement formal sanctions process 5decc032-95bd-2163-9549-a41aba83228e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement incident handling 433de59e-7a53-a766-02c2-f80f8421469a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement methods for consumer requests b8ec9ebb-5b7f-8426-17c1-2bc3fcd54c6e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement physical security for offices, working areas, and secure areas 05ec66a2-137c-14b8-8e75-3d7a2bef07f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement privacy notice delivery methods 06f84330-4c27-21f7-72cd-7488afd50244 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement security engineering principles of information systems df2e9507-169b-4114-3a52-877561ee3198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Implement system boundary protection 01ae60e2-38bb-0a32-7b20-d3a091423409 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Include dynamic reconfig of customer deployed resources 1e0d5ba8-a433-01aa-829c-86b06c9631ec Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Information security and personal data protection 34738025-5925-51f9-1081-f2d0060133ed Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Initiate contingency plan testing corrective actions 8bfdbaa6-6824-3fec-9b06-7961bf7389a6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Install an alarm system aa0ddd99-43eb-302d-3f8f-42b499182960 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Internet-facing virtual machines should be protected with network security groups f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
IP Forwarding on your virtual machine should be disabled bd352bd5-2853-4985-bf0d-73806b4a5744 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Issue guidelines for ensuring data quality and integrity 0a24f5dc-8c40-94a7-7aee-bb7cd4781d37 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Issue public key certificates 97d91b33-7050-237b-3e23-a77d57d84e13 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Keep accurate accounting of disclosures of information 0bbfd658-93ab-6f5e-1e19-3c1c1da62d01 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Key Vault keys should have an expiration date 152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Key Vault secrets should have an expiration date 98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Key vaults should have deletion protection enabled 0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Key vaults should have soft delete enabled 1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key Vault Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should not share host process ID or host IPC namespace 47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed AppArmor profiles 511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed capabilities c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should only use allowed images febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster containers should run with a read only root file system df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pod hostPath volumes should only use allowed host paths 098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods and containers should only run with approved user and group IDs f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster pods should only use approved host network and port range 82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster services should listen only on allowed ports 233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes cluster should not allow privileged containers 95edb821-ddaf-4404-9732-666045e056b4 Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should be accessible only over HTTPS 1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes Default
Deny
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should disable automounting API credentials 423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should not allow container privilege escalation 1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Kubernetes clusters should not use the default namespace 9f061a12-e40d-4183-a00e-171812443373 Kubernetes Default
Audit
Allowed
audit, Audit, deny, Deny, disabled, Disabled
0 GA
Linux machines should meet requirements for the Azure compute security baseline fc9b3da7-8347-4380-8e70-0a0361d8dedd Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Maintain incident response plan 37546841-8ea1-5be0-214d-8ac599588332 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Maintain records of processing of personal data 92ede480-154e-0e22-4dca-8b46a74a3a51 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Make accounting of disclosures available upon request d4f70530-19a2-2a85-6e0c-0c3c465e3325 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage gateways 63f63e71-6c3f-9add-4c43-64de23e554a7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage symmetric cryptographic keys 9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the input, output, processing, and storage of data e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Manage the transportation of assets 4ac81669-00e2-9790-8648-71bc11bc91eb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Management ports of virtual machines should be protected with just-in-time network access control b0f33259-77d7-4c9e-aac6-3aabcfae693c Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Management ports should be closed on your virtual machines 22730e10-96f6-4aac-ad84-9383d35b5917 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for Containers should be enabled 1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Microsoft Defender for Storage should be enabled 640d2586-54d2-465f-877f-9ffc1d2109f4 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Monitor privileged role assignment ed87d27a-9abf-7c71-714c-61d881889da4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Monitor third-party provider compliance f8ded0c6-a668-9371-6bb6-661d58787198 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
MySQL servers should use customer-managed keys to encrypt data at rest 83cef61d-dbd1-4b20-a4fc-5fbc7da10833 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Network Watcher should be enabled b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Non-internet-facing virtual machines should be protected with network security groups bb91dfba-c30d-4263-9add-9c2384e659a6 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Notify personnel upon sanctions 6228396e-2ace-7ca5-3247-45767dbf52f4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Notify users of system logon or access fe2dff43-0a8c-95df-0432-cb1c794b17d0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Obtain consent prior to collection or processing of personal data 069101ac-4578-31da-0cd4-ff083edd3eb4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Only approved VM extensions should be installed c0e996f8-39cf-4af9-9f45-83fbde810432 Compute Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Only secure connections to your Azure Cache for Redis should be enabled 22bee202-a82f-4305-9a2a-6d7f44d4dedb Cache Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Perform a privacy impact assessment d18af1ac-0086-4762-6dc8-87cdded90e39 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a risk assessment 8c5d3d8d-5cba-0def-257c-5ab9ea9644dc Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform a trend analysis on threats 50e81644-923d-33fc-6ebb-9733bc8d1a06 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform audit for configuration change control 1282809c-9001-176b-4a81-260a085f4872 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform disposition review b5a4be05-3997-1731-3260-98be653610f6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform information input validation 8b1f29eb-1b22-4217-5337-9207cb55231e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Perform vulnerability scans 3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
PostgreSQL servers should use customer-managed keys to encrypt data at rest 18adea5e-f416-4d0f-8aa8-d24321e3e274 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Produce Security Assessment report 70a7a065-a060-85f8-7863-eb7850ed2af9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Prohibit unfair practices 5fe84a4c-1b0c-a738-2aba-ed49c9069d3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect data in transit using encryption b11697e8-9515-16f1-7a35-477d5c8a1344 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect passwords with encryption b2d3e5a2-97ab-5497-565a-71172a729d93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Protect special information a315c657-4a00-8eba-15ac-44692ad24423 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic role-based security training 9ac8621d-9acd-55bf-9f99-ee4212cc3d85 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide periodic security awareness training 516be556-1353-080d-2c2f-f46f000d5785 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy notice 098a7b84-1031-66d8-4e78-bd15b5fd2efb Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy notice to the public and to individuals 5023a9e7-8e64-2db6-31dc-7bce27f796af Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide privacy training 518eafdd-08e5-37a9-795b-15a8d798056d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide role-based practical exercises d041726f-00e0-41ca-368c-b1a122066482 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training before providing access 2b05dca2-25ec-9335-495c-29155f785082 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Provide security training for new users 1cb7bf71-841c-4741-438a-67c65fdd7194 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Publish rules and regulations accessing Privacy Act records ad1d562b-a04b-15d3-6770-ed310b601cb5 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Record disclosures of PII to third parties 8b1da407-5e60-5037-612e-2caa1b590719 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Recover and reconstitute resources after any disruption f33c3238-11d2-508c-877c-4262ec1132e1 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Remediate information system flaws be38a620-000b-21cf-3cb3-ea151b704c3b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require approval for account creation de770ba6-50dd-a316-2932-e0d972eaa734 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Require third-party providers to comply with personnel security policies and procedures e8c31e15-642d-600f-78ab-bad47a5787e6 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Respond to complaints, concerns, or questions timely 6ab47bbf-867e-9113-7998-89b58f77326a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Respond to rectification requests 27ab3ac0-910d-724d-0afa-1a2a01e996c0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to private keys 8d140e8b-76c7-77de-1d46-ed1b2e112444 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict access to privileged accounts 873895e8-0e3a-6492-42e9-22cd030e9fcd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Restrict communications 5020f3f4-a579-2f28-72a8-283c5a0b15f9 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review account provisioning logs a830fe9e-08c9-a4fb-420c-6f6bf1702395 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and sign revised rules of behavior 6c0a312f-04c5-5c97-36a5-e56763a02b6b Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review and update incident response policies and procedures b28c8687-4bbd-8614-0b96-cdffa1ac6d9c Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review label activity and analytics e23444b9-9662-40f3-289e-6d25c02b48fa Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review malware detections report weekly 4a6f5cbd-6c6b-006f-2bb1-091af1441bce Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review the results of contingency plan testing 5d3abfea-a130-1208-29c0-e57de80aa6b0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review threat protection status weekly fad161f5-5261-401a-22dd-e037bae011bd Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user accounts 79f081c7-1634-01a1-708e-376197999289 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user groups and applications with access to sensitive data eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Review user privileges f96d2186-79df-262d-3f76-f371e3b71798 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Revoke privileged roles as appropriate 32f22cfa-770b-057c-965b-450898425519 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Role-Based Access Control (RBAC) should be used on Kubernetes Services ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Security Center Default
Audit
Allowed
Audit, Disabled
0 GA
Run simulation attacks a8f9c283-9a66-3eb3-9e10-bdba95b85884 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Secure transfer to storage accounts should be enabled 404c3081-a854-4457-ae30-26a93ef643f9 Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Select additional testing for security control assessments f78fc35e-1268-0bca-a798-afcba9d2330a Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Separately store backup information fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign 617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Set automated notifications for new and trending cloud applications in your organization af38215f-70c4-0cd6-40c2-c52d86690a45 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
SQL managed instances should use customer-managed keys to encrypt data at rest ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
SQL servers should use customer-managed keys to encrypt data at rest 0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage account containing the container with activity logs must be encrypted with BYOK fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Monitoring Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Storage accounts should allow access from trusted Microsoft services c9d007d0-c057-4772-b18c-01e546713bcd Storage Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Storage accounts should use customer-managed key for encryption 6fac406b-40ca-413b-bf8e-0bf964659c25 Storage Default
Audit
Allowed
Audit, Disabled
0 GA
Subnets should be associated with a Network Security Group e71308d3-144b-4262-b144-efdc3cc90517 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Subscriptions should have a contact email address for security issues 4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Test the business continuity and disaster recovery plan 58a51cde-008b-1a5d-61b5-d95849770677 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
There should be more than one owner assigned to your subscription 09024ccc-0c5f-475e-9457-b7c0d9ed487b Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Train staff on PII sharing and its consequences 8019d788-713d-90a1-5570-dac5052f517d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transfer backup information to an alternate storage site 7bdb79ea-16b8-453e-4ca4-ad5b16012414 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Transparent Data Encryption on SQL databases should be enabled 17k78e20-9358-41c9-923c-fb736d382a12 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Turn on sensors for endpoint security solution 5fc24b95-53f7-0ed1-2330-701b539b97fe Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Undergo independent security review 9b55929b-0101-47c0-a16e-d6ac5c7d21f8 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update antivirus definitions ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements 6610f662-37e9-2f71-65be-502bdc2f554d Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Update rules of behavior and access agreements every 3 years 7ad83b58-2042-085d-08f0-13e946f26f89 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Use privileged identity management e714b481-8fac-64a2-14a9-6f079b2501a4 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify inaccurate or outdated PII 0461cacd-0b3b-4f66-11c5-81c9b19a3d22 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify personal data is deleted at the end of processing c6b877a6-5d6d-1862-4b7f-3ccc30b25b63 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Verify software, firmware and information integrity db28735f-518f-870e-15b4-49623cbe3aa0 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and configure system diagnostic data 0123edae-3567-a05a-9b05-b53ebe9d3e7e Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
View and investigate restricted users 98145a9b-428a-7e81-9d14-ebb154a24f93 Regulatory Compliance Default
Manual
Allowed
Manual, Disabled
0 GA
Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity d26f7642-7545-4e18-9b75-8c9bbdee3a9a Security Center Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on SQL Managed Instance 1b7aa243-30e4-4c9e-bca8-d0d3022b634a SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Vulnerability assessment should be enabled on your SQL servers ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 SQL Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Web Application Firewall (WAF) should be enabled for Application Gateway 564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Network Default
Audit
Allowed
Audit, Deny, Disabled
0 GA
Windows Defender Exploit Guard should be enabled on your machines bed48b13-6647-468e-aa2f-1af1d3f4dd40 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should be configured to use secure communication protocols 5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Windows machines should meet requirements of the Azure compute security baseline 72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Guest Configuration Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
0 GA
Roles used No Roles used
History
Date/Time (UTC ymd) (i) Changes
2024-09-23 17:50:57 Version change: '1.9.0' to '1.10.0'
remove Policy [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center (af6cd1bd-1635-48cb-bde7-5b15693900b9)
2024-09-05 17:48:45 Version change: '1.8.0' to '1.9.0'
remove Policy [Deprecated]: Adaptive network hardening recommendations should be applied on internet facing virtual machines (08e6af2d-db70-460a-bfe9-d5bd474ba9d6)
remove Policy [Deprecated]: Adaptive application controls for defining safe applications should be enabled on your machines (47a6b606-51aa-4496-8bb7-64b11cf66adc)
remove Policy [Deprecated]: Allowlist rules in your adaptive application control policy should be updated (123a3936-f020-408a-ba0c-47873faf1534)
2024-08-29 17:47:54 Version change: '1.7.0' to '1.8.0'
remove Policy [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets (26a828e1-e88f-464e-bbb3-c134a282b9de)
remove Policy [Deprecated]: Endpoint protection should be installed on your machines (1f7c564c-0a90-4d44-b7e1-9d456cffaee8)
remove Policy [Deprecated]: Endpoint protection health issues should be resolved on your machines (8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2)
2024-06-06 18:16:34 Version change: '1.6.0' to '1.7.0'
remove Policy [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources (0961003e-5a0a-4549-abde-af6a37f2724d)
2023-12-12 19:47:53 add Policy App Service apps should have Client Certificates (Incoming client certificates) enabled (19dd1db6-f442-49cf-a838-b0786b4401ef)
Version change: '1.5.0' to '1.6.0'
remove Policy [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled (5bb220d9-2698-4ee4-8404-b9c30c9df609)
2023-12-07 18:54:02 add Policy Microsoft Defender for Storage should be enabled (640d2586-54d2-465f-877f-9ffc1d2109f4)
Version change: '1.4.0' to '1.5.0'
remove Policy [Deprecated]: Microsoft Defender for Storage (Classic) should be enabled (308fbb08-4ab8-4e67-9b29-592e93fb94fa)
2023-06-14 17:46:13 Version change: '1.3.0' to '1.4.0'
remove Policy [Deprecated]: Kubernetes clusters should gate deployment of vulnerable images (13cd7ae3-5bc0-4ac4-a62d-4f7c120b9759)
2023-05-10 17:45:01 Version change: '1.2.0' to '1.3.0'
2023-05-04 17:45:12 add Policy Blocked accounts with read and write permissions on Azure resources should be removed (8d7e1fde-fe26-4b5f-8108-f8e432cbc2be)
add Policy Guest accounts with owner permissions on Azure resources should be removed (339353f6-2387-4a45-abe4-7f529d121046)
add Policy Guest accounts with write permissions on Azure resources should be removed (94e1c2ac-cbbe-4cac-a2b5-389c812dee87)
add Policy Accounts with owner permissions on Azure resources should be MFA enabled (e3e008c3-56b9-4133-8fd7-d3347377402a)
add Policy Blocked accounts with owner permissions on Azure resources should be removed (0cfea604-3201-4e14-88fc-fae4c427a6c5)
add Policy Accounts with write permissions on Azure resources should be MFA enabled (931e118d-50a1-4457-a5e4-78550e086c52)
add Policy Accounts with read permissions on Azure resources should be MFA enabled (81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4)
add Policy Guest accounts with read permissions on Azure resources should be removed (e9ac8f8e-ce22-4355-8f04-99b911d6be52)
Version change: '1.1.0' to '1.2.0'
remove Policy [Deprecated]: MFA should be enabled on accounts with read permissions on your subscription (e3576e28-8b17-4677-84c3-db2990658d64)
remove Policy [Deprecated]: MFA should be enabled for accounts with write permissions on your subscription (9297c21d-2ed6-4474-b48f-163f75654ce3)
remove Policy [Deprecated]: External accounts with owner permissions should be removed from your subscription (f8456c1c-aa66-4dfb-861a-25d127b775c9)
remove Policy [Deprecated]: MFA should be enabled on accounts with owner permissions on your subscription (aa633080-8b72-40c4-a2d7-d00c03e80bed)
remove Policy [Deprecated]: External accounts with read permissions should be removed from your subscription (5f76cf89-fbf2-47fd-a3f4-b891fa780b60)
remove Policy [Deprecated]: Deprecated accounts should be removed from your subscription (6b1cbf55-e8b6-442f-ba4c-7246b6381474)
remove Policy [Deprecated]: External accounts with write permissions should be removed from your subscription (5c607a2e-c700-4744-8254-d77e7c9eb5e4)
remove Policy [Deprecated]: Deprecated accounts with owner permissions should be removed from your subscription (ebb62a0c-3560-49e1-89ed-27e074e9f8ad)
2023-01-19 18:07:18 Version change: '1.0.0' to '1.1.0'
remove Policy [Deprecated]: Vulnerability Assessment settings for SQL server should contain an email address to receive scan reports (057d6cfe-9c4f-4a6d-bc60-14420ea1f1a9)
2022-09-16 16:31:45 add Initiative 4054785f-702b-4a98-9215-009cbd58b141
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC