AzComplianceAdvertizer

last sync: 2025-Mar-14 18:30:15 UTC

Compliance controls by Policy

Id DisplayName Category Control Domain Control Name MetadataId Title PolicySet
d6545c6b-dd9d-4265-91e6-0b451e2f1c50 App Service Environment should have TLS 1.0 and 1.1 disabled App Service ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
c02729e5-e5e7-4458-97fa-2b5ad0661f28 Windows virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed Monitoring ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
cfaf0007-99c7-4b01-b36b-4048872ac978 Azure Synapse Analytics dedicated SQL pools should enable encryption Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1260 AU_ISM_1260 AU ISM 1260 Database administrator accounts - 1260 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1261 AU_ISM_1261 AU ISM 1261 Database administrator accounts - 1261 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1262 AU_ISM_1262 AU ISM 1262 Database administrator accounts - 1262 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1263 AU_ISM_1263 AU ISM 1263 Database administrator accounts - 1263 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL AU_ISM 1264 AU_ISM_1264 AU ISM 1264 Database administrator accounts - 1264 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service AU_ISM 1424 AU_ISM_1424 AU ISM 1424 Web browser-based security controls - 1424 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL AU_ISM 1425 AU_ISM_1425 AU ISM 1425 Protecting database server contents - 1425 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center AU_ISM 1431 AU_ISM_1431 AU ISM 1431 Denial of service strategies - 1431 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute AU_ISM 1511 AU_ISM_1511 AU ISM 1511 Performing backups - 1511 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage AU_ISM 520 AU_ISM_520 AU ISM 520 Network access controls - 520 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
fd4726f4-a5fc-4540-912d-67c96fc992d5 [Preview]: Automanage Configuration Profile Assignment should be Conformant Automanage Automanage Best Practices Automanage Best Practices 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
e4953962-5ae4-43eb-bb92-d66fd5563487 [Preview]: A managed identity should be enabled on your machines Automanage Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.2 Azure_Security_Benchmark_v1.0_1.2 Azure Security Benchmark 1.2 Monitor and log the configuration and traffic of Vnets, Subnets, and NICs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v1.0 1.5 Azure_Security_Benchmark_v1.0_1.5 Azure Security Benchmark 1.5 Record network packets and flow logs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v1.0 10.4 Azure_Security_Benchmark_v1.0_10.4 Azure Security Benchmark 10.4 Provide security incident contact details and configure alert notifications for security incidents [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Guest Configuration Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v1.0 2.5 Azure_Security_Benchmark_v1.0_2.5 Azure Security Benchmark 2.5 Configure security log storage retention [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Microsoft Entra ID [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2c89a2e5-7285-40fe-afe0-ae8654b92fb2 [Deprecated]: Unattached disks should be encrypted Compute Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Azure_Security_Benchmark_v1.0 4.9 Azure_Security_Benchmark_v1.0_4.9 Azure Security Benchmark 4.9 Log and alert on changes to critical Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v1.0 5.3 Azure_Security_Benchmark_v1.0_5.3 Azure Security Benchmark 5.3 Deploy automated third-party software patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 7.11 Azure_Security_Benchmark_v1.0_7.11 Azure Security Benchmark 7.11 Manage Azure secrets securely [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Azure_Security_Benchmark_v1.0 8.3 Azure_Security_Benchmark_v1.0_8.3 Azure Security Benchmark 8.3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v1.0 9.4 Azure_Security_Benchmark_v1.0_9.4 Azure Security Benchmark 9.4 Ensure protection of backups and customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d [Deprecated]: Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Security Center Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 ES-1 Azure_Security_Benchmark_v2.0_ES-1 Azure Security Benchmark ES-1 Use Endpoint Detection and Response (EDR) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de [Deprecated]: Endpoint protection solution should be installed on virtual machine scale sets Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 [Deprecated]: Monitor missing Endpoint Protection in Azure Security Center Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Microsoft Entra ID as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e3e008c3-56b9-4133-8fd7-d3347377402a [Deprecated]: Accounts with owner permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
931e118d-50a1-4457-a5e4-78550e086c52 [Deprecated]: Accounts with write permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 [Deprecated]: Accounts with read permissions on Azure resources should be MFA enabled Security Center Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Microsoft Entra ID based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Compute Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7d092e0a-7acd-40d2-a975-dca21cae48c4 [Deprecated]: Azure Cache for Redis should reside within a virtual network Cache Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2c89a2e5-7285-40fe-afe0-ae8654b92fab [Deprecated]: SSH access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e372f825-a257-4fb8-9175-797a8a8627d6 [Deprecated]: RDP access from the Internet should be blocked Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v2.0 NS-5 Azure_Security_Benchmark_v2.0_NS-5 Azure Security Benchmark NS-5 Deploy intrusion detection/intrusion prevention systems (IDS/IPS) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9 [Deprecated]: Custom subscription owner roles should not exist General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5f0f936f-2f01-4bf5-b6be-d423792fa562 [Deprecated]: Azure registry container images should have vulnerabilities resolved (powered by Qualys) Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
86b3d65f-7626-441e-b690-81a8b71cff60 [Deprecated]: System updates should be installed on your machines Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Compute Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c8acafaf-3d23-44d1-9624-978ef0f8652c API endpoints that are unused should be disabled and removed from the Azure API Management service Security Center Azure_Security_Benchmark_v3.0 AM-3 Azure_Security_Benchmark_v3.0_AM-3 Microsoft cloud security benchmark AM-3 Ensure security of asset lifecycle management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Backup Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB SQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-1 Azure_Security_Benchmark_v3.0_DP-1 Microsoft cloud security benchmark DP-1 Discover, classify, and label sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
36f0d6bc-a253-4df8-b25b-c3a5023ff443 [Preview]: Host and VM networking should be protected on Azure Stack HCI systems Stack HCI Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols API Management Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Kubernetes Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Service Fabric Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Automation Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc4d8e41-e223-45ea-9bf5-eada37891d87 Virtual machines and virtual machine scale sets should have encryption at host enabled Compute Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Cosmos DB Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee8ca833-1583-4d24-837e-96c2af9488a4 [Preview]: Azure Stack HCI systems should have encrypted volumes Stack HCI Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Machine Learning Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Azure AI Services resources should encrypt data at rest with a customer-managed key (CMK) Cognitive Services Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Container Registry Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Azure_Security_Benchmark_v3.0 DP-7 Azure_Security_Benchmark_v3.0_DP-7 Microsoft cloud security benchmark DP-7 Use a secure certificate management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 ES-1 Azure_Security_Benchmark_v3.0_ES-1 Microsoft cloud security benchmark ES-1 Use Endpoint Detection and Response (EDR) Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ea81a52-5ca7-4575-9669-eaa910b7edf8 Synapse Workspaces should have Microsoft Entra-only authentication enabled Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
71ef260a-8f18-47b7-abcb-62d0673d94dc Azure AI Services resources should have key access disabled (disable local authentication) Azure Ai Services Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0c28c3fb-c244-42d5-a9bf-f35f2999577b Azure SQL Managed Instance should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fa498b91-8a7e-4710-9578-da944c68d1fe [Preview]: Azure PostgreSQL flexible server should have Microsoft Entra Only Authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b3a22bc9-66de-45fb-98fa-00f5df42f41a Azure SQL Database should have Microsoft Entra-only authentication enabled SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated API Management Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Guest Configuration Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network Azure_Security_Benchmark_v3.0 IR-4 Azure_Security_Benchmark_v3.0_IR-4 Microsoft cloud security benchmark IR-4 Detection and analysis - investigate an incident Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c6283572-73bb-4deb-bf2c-7a2b8f7462cb SQL server-targeted autoprovisioning should be enabled for SQL servers on machines plan Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b4d1c4e-934c-4703-944c-27c82c06bebb Diagnostic logs in Azure AI services resources should be enabled Azure Ai Services Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure Databricks Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Monitoring Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL Azure_Security_Benchmark_v3.0 LT-6 Azure_Security_Benchmark_v3.0_LT-6 Microsoft cloud security benchmark LT-6 Configure log storage retention Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Azure AI Services resources should restrict network access Azure Ai Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure Databricks Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cddd188c-4b82-4c48-a19d-ddf74ee66a01 [Deprecated]: Cognitive Services should use private link Cognitive Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link App Configuration Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Container Registry Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Event Grid Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link VM Image Builder Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Machine Learning Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Security Center Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Network Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center Azure_Security_Benchmark_v3.0 NS-5 Azure_Security_Benchmark_v3.0_NS-5 Microsoft cloud security benchmark NS-5 Deploy DDOS protection Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center Azure_Security_Benchmark_v3.0 PA-2 Azure_Security_Benchmark_v3.0_PA-2 Microsoft cloud security benchmark PA-2 Avoid standing access for accounts and permissions Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs API Management Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ab6a902f-9493-453b-928d-62c30b11b5a6 Function apps should have Client Certificates (Incoming client certificates) enabled App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1dc2fc00-2245-4143-99f4-874c937f13ef Azure API Management platform version should be stv2 API Management Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Guest Configuration Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
dad3a6b9-4451-492f-a95c-69efc6f3fada [Preview]: Azure Stack HCI servers should have consistently enforced application control policies Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5e6bf724-0154-49bc-985f-27b2e07e636b [Preview]: Azure Stack HCI servers should meet Secured-core requirements Stack HCI Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e765b5de-1225-4ba3-bd56-1ac6695af988 Allowed locations for resource groups General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e56962a6-4747-49cd-b67b-bf8b01975c4c Allowed locations General B.01.3 - Legal, statutory, regulatory requirements B.01.3 - Legal, statutory, regulatory requirements 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage B.09.1 - Security aspects and stages B.09.1 - Security aspects and stages 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.2 - Security function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.2 - Security function B.10.2 - Security function 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.3 - Organisational position B.10.3 - Organisational position 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center B.10.4 - Tasks, responsibilities and powers B.10.4 - Tasks, responsibilities and powers 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb97d6e1-5c98-4743-a439-23e0977bad9e [Preview]: Boot Diagnostics should be enabled on virtual machines Automanage Boot Diagnostics Boot Diagnostics 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.3 - Timelines C.04.3 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.6 - Timelines C.04.6 - Timelines 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Guest Configuration C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7238174a-fd10-4ef0-817e-fc820a951d73 Function apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
496223c3-ad65-4ecd-878a-bae78737e9ed App Service apps that use Java should use a specified 'Java version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center C.04.7 - Evaluated C.04.7 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center C.04.8 - Evaluated C.04.8 - Evaluated 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center C.05.5 - Monitored and reported C.05.5 - Monitored and reported 404 not found NL BIO Cloud Theme (6ce73208-883e-490f-a2ac-44aac3b3687f)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_1 Canada_Federal_PBMM_3-1-2020_AC_1 Canada Federal PBMM 3-1-2020 AC 1 Access Control Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 AC_11(1) Canada_Federal_PBMM_3-1-2020_AC_11(1) Canada Federal PBMM 3-1-2020 AC 11(1) Session Lock | Pattern-Hiding Displays Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_14 Canada_Federal_PBMM_3-1-2020_AC_14 Canada Federal PBMM 3-1-2020 AC 14 Permitted Actions without Identification or Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17 Canada_Federal_PBMM_3-1-2020_AC_17 Canada Federal PBMM 3-1-2020 AC 17 Remote Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17 Canada_Federal_PBMM_3-1-2020_AC_17 Canada Federal PBMM 3-1-2020 AC 17 Remote Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(1) Canada_Federal_PBMM_3-1-2020_AC_17(1) Canada Federal PBMM 3-1-2020 AC 17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(1) Canada_Federal_PBMM_3-1-2020_AC_17(1) Canada Federal PBMM 3-1-2020 AC 17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_17(100) Canada_Federal_PBMM_3-1-2020_AC_17(100) Canada Federal PBMM 3-1-2020 AC 17(100) Remote Access | Remote Access to Privileged Accounts using Dedicated Management Console Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(2) Canada_Federal_PBMM_3-1-2020_AC_17(2) Canada Federal PBMM 3-1-2020 AC 17(2) Remote Access | Protection of Confidentiality / Integrity using Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(2) Canada_Federal_PBMM_3-1-2020_AC_17(2) Canada Federal PBMM 3-1-2020 AC 17(2) Remote Access | Protection of Confidentiality / Integrity using Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(3) Canada_Federal_PBMM_3-1-2020_AC_17(3) Canada Federal PBMM 3-1-2020 AC 17(3) Remote Access | Managed Access Control Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(3) Canada_Federal_PBMM_3-1-2020_AC_17(3) Canada Federal PBMM 3-1-2020 AC 17(3) Remote Access | Managed Access Control Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(4) Canada_Federal_PBMM_3-1-2020_AC_17(4) Canada Federal PBMM 3-1-2020 AC 17(4) Remote Access | Privileged Commands / Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(4) Canada_Federal_PBMM_3-1-2020_AC_17(4) Canada Federal PBMM 3-1-2020 AC 17(4) Remote Access | Privileged Commands / Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_17(9) Canada_Federal_PBMM_3-1-2020_AC_17(9) Canada Federal PBMM 3-1-2020 AC 17(9) Remote Access | Disconnect / Disable Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_17(9) Canada_Federal_PBMM_3-1-2020_AC_17(9) Canada Federal PBMM 3-1-2020 AC 17(9) Remote Access | Disconnect / Disable Access Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 AC_18(1) Canada_Federal_PBMM_3-1-2020_AC_18(1) Canada Federal PBMM 3-1-2020 AC 18(1) Wireless Access | Authentication and Encryption Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2 Canada_Federal_PBMM_3-1-2020_AC_2 Canada Federal PBMM 3-1-2020 AC 2 Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_2(1) Canada_Federal_PBMM_3-1-2020_AC_2(1) Canada Federal PBMM 3-1-2020 AC 2(1) Account Management | Automated System Account Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(10) Canada_Federal_PBMM_3-1-2020_AC_2(10) Canada Federal PBMM 3-1-2020 AC 2(10) Account Management | Shared / Group Account Credential Termination Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(2) Canada_Federal_PBMM_3-1-2020_AC_2(2) Canada Federal PBMM 3-1-2020 AC 2(2) Account Management | Removal of Temporary / Emergency Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(3) Canada_Federal_PBMM_3-1-2020_AC_2(3) Canada Federal PBMM 3-1-2020 AC 2(3) Account Management | Disable Inactive Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11ac78e3-31bc-4f0c-8434-37ab963cea07 Dependency agent should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d550e854-df1a-4de9-bf44-cd894b39a95e Azure Monitor Logs for Application Insights should be linked to a Log Analytics workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(4) Canada_Federal_PBMM_3-1-2020_AC_2(4) Canada Federal PBMM 3-1-2020 AC 2(4) Account Management | Automated Audit Actions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_2(7) Canada_Federal_PBMM_3-1-2020_AC_2(7) Canada Federal PBMM 3-1-2020 AC 2(7) Account Management | Role-Based Schemes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_2(9) Canada_Federal_PBMM_3-1-2020_AC_2(9) Canada Federal PBMM 3-1-2020 AC 2(9) Account Management | Restrictions on Use of Shared Groups / Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_20 Canada_Federal_PBMM_3-1-2020_AC_20 Canada Federal PBMM 3-1-2020 AC 20 Use of External Information Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_20 Canada_Federal_PBMM_3-1-2020_AC_20 Canada Federal PBMM 3-1-2020 AC 20 Use of External Information Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_20(1) Canada_Federal_PBMM_3-1-2020_AC_20(1) Canada Federal PBMM 3-1-2020 AC 20(1) Use of External Information Systems | Limits of Authorized Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_20(1) Canada_Federal_PBMM_3-1-2020_AC_20(1) Canada Federal PBMM 3-1-2020 AC 20(1) Use of External Information Systems | Limits of Authorized Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AC_22 Canada_Federal_PBMM_3-1-2020_AC_22 Canada Federal PBMM 3-1-2020 AC 22 Publicly Accessible Content Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_3 Canada_Federal_PBMM_3-1-2020_AC_3 Canada Federal PBMM 3-1-2020 AC 3 Access Enforcement Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 AC_4(21) Canada_Federal_PBMM_3-1-2020_AC_4(21) Canada Federal PBMM 3-1-2020 AC 4(21) Information Flow Enforcement | Physical / Logical Separation of Information Flows Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Microsoft Entra Only Authentication enabled SQL Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_5 Canada_Federal_PBMM_3-1-2020_AC_5 Canada Federal PBMM 3-1-2020 AC 5 Separation of Duties Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6 Canada_Federal_PBMM_3-1-2020_AC_6 Canada Federal PBMM 3-1-2020 AC 6 Least Privilege Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(1) Canada_Federal_PBMM_3-1-2020_AC_6(1) Canada Federal PBMM 3-1-2020 AC 6(1) Least Privilege | Authorize Access to Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(10) Canada_Federal_PBMM_3-1-2020_AC_6(10) Canada Federal PBMM 3-1-2020 AC 6(10) Least Privilege | Prohibit Non-Privileged Users from Executing Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(2) Canada_Federal_PBMM_3-1-2020_AC_6(2) Canada Federal PBMM 3-1-2020 AC 6(2) Least Privilege | Non-Privileged Access for Non-Security Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(5) Canada_Federal_PBMM_3-1-2020_AC_6(5) Canada Federal PBMM 3-1-2020 AC 6(5) Least Privilege | Privileged Accounts Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AC_6(9) Canada_Federal_PBMM_3-1-2020_AC_6(9) Canada Federal PBMM 3-1-2020 AC 6(9) Least Privilege | Auditing Use of Privileged Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_1 Canada_Federal_PBMM_3-1-2020_AT_1 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_2 Canada_Federal_PBMM_3-1-2020_AT_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_2(2) Canada_Federal_PBMM_3-1-2020_AT_2(2) 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 AT_3 Canada_Federal_PBMM_3-1-2020_AT_3 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_1 Canada_Federal_PBMM_3-1-2020_AU_1 Canada Federal PBMM 3-1-2020 AU 1 Audit and Accountability Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_12 Canada_Federal_PBMM_3-1-2020_AU_12 Canada Federal PBMM 3-1-2020 AU 12 Audit Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_2 Canada_Federal_PBMM_3-1-2020_AU_2 Canada Federal PBMM 3-1-2020 AU 2 Audit Events Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_2(3) Canada_Federal_PBMM_3-1-2020_AU_2(3) Canada Federal PBMM 3-1-2020 AU 2(3) Audit Events | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_3 Canada_Federal_PBMM_3-1-2020_AU_3 Canada Federal PBMM 3-1-2020 AU 3 Content of Audit Records Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_3(1) Canada_Federal_PBMM_3-1-2020_AU_3(1) Canada Federal PBMM 3-1-2020 AU 3(1) Content of Audit Records | Additional Audit Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6 Canada_Federal_PBMM_3-1-2020_AU_6 Canada Federal PBMM 3-1-2020 AU 6 Audit Review, Analysis, and Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(1) Canada_Federal_PBMM_3-1-2020_AU_6(1) Canada Federal PBMM 3-1-2020 AU 6(1) Audit Review, Analysis, and Reporting | Process Integration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_6(3) Canada_Federal_PBMM_3-1-2020_AU_6(3) Canada Federal PBMM 3-1-2020 AU 6(3) Audit Review, Analysis, and Reporting | Correlate Audit Repositories Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 AU_7 Canada_Federal_PBMM_3-1-2020_AU_7 Canada Federal PBMM 3-1-2020 AU 7 Audit Reduction and Report Generation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 AU_9(2) Canada_Federal_PBMM_3-1-2020_AU_9(2) Canada Federal PBMM 3-1-2020 AU 9(2) Protection of Audit Information | Audit Backup on Separate Physical Systems / Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 AU_9(4) Canada_Federal_PBMM_3-1-2020_AU_9(4) Canada Federal PBMM 3-1-2020 AU 9(4) Protection of Audit Information | Access by Subset of Privileged Users Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_2 Canada_Federal_PBMM_3-1-2020_CA_2 Canada Federal PBMM 3-1-2020 CA 2 Security Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CA_2(2) Canada_Federal_PBMM_3-1-2020_CA_2(2) Canada Federal PBMM 3-1-2020 CA 2(2) Security Assessments | Specialized Assessments Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3 Canada_Federal_PBMM_3-1-2020_CA_3 Canada Federal PBMM 3-1-2020 CA 3 System Interconnections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3(3) Canada_Federal_PBMM_3-1-2020_CA_3(3) Canada Federal PBMM 3-1-2020 CA 3(3) System Interconnections | Classified Non-National Security System Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_3(5) Canada_Federal_PBMM_3-1-2020_CA_3(5) Canada Federal PBMM 3-1-2020 CA 3(5) System Interconnections | Restrictions on External Network Connections Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CA_7 Canada_Federal_PBMM_3-1-2020_CA_7 Canada Federal PBMM 3-1-2020 CA 7 Continuous Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2 Canada_Federal_PBMM_3-1-2020_CM_2 Canada Federal PBMM 3-1-2020 CM 2 Baseline Configuration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(1) Canada_Federal_PBMM_3-1-2020_CM_2(1) Canada Federal PBMM 3-1-2020 CM 2(1) Baseline Configuration | Reviews and Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_2(2) Canada_Federal_PBMM_3-1-2020_CM_2(2) Canada Federal PBMM 3-1-2020 CM 2(2) Baseline Configuration | Automation Support for Accuracy / Currency Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CM_2(3) Canada_Federal_PBMM_3-1-2020_CM_2(3) Canada Federal PBMM 3-1-2020 CM 2(3) Baseline Configuration | Retention of Previous Configurations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_3 Canada_Federal_PBMM_3-1-2020_CM_3 Canada Federal PBMM 3-1-2020 CM 3 Configuration Change Control Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 CM_3(6) Canada_Federal_PBMM_3-1-2020_CM_3(6) Canada Federal PBMM 3-1-2020 CM 3(6) Configuration Change Control | Cryptography Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 CM_5 Canada_Federal_PBMM_3-1-2020_CM_5 Canada Federal PBMM 3-1-2020 CM 5 Access Restrictions for Change Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Kubernetes Canada_Federal_PBMM_3-1-2020 CM_5(1) Canada_Federal_PBMM_3-1-2020_CM_5(1) Canada Federal PBMM 3-1-2020 CM 5(1) Access Restrictions for Change | Automated Access Enforcement / Auditing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CM_5(5) Canada_Federal_PBMM_3-1-2020_CM_5(5) Canada Federal PBMM 3-1-2020 CM 5(5) Access Restrictions for Change | Limit Production / Operational Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 CM_5(6) Canada_Federal_PBMM_3-1-2020_CM_5(6) Canada Federal PBMM 3-1-2020 CM 5(6) Access Restrictions for Change | Limit Library Privileges Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6 Canada_Federal_PBMM_3-1-2020_CM_6 Canada Federal PBMM 3-1-2020 CM 6 Configuration Settings Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6(1) Canada_Federal_PBMM_3-1-2020_CM_6(1) Canada Federal PBMM 3-1-2020 CM 6(1) Configuration Settings | Automated Central Management / Application / Verification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_6(2) Canada_Federal_PBMM_3-1-2020_CM_6(2) Canada Federal PBMM 3-1-2020 CM 6(2) Configuration Settings | Respond to Unauthorized Changes Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7 Canada_Federal_PBMM_3-1-2020_CM_7 Canada Federal PBMM 3-1-2020 CM 7 Least Functionality Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_7(1) Canada_Federal_PBMM_3-1-2020_CM_7(1) Canada Federal PBMM 3-1-2020 CM 7(1) Least Functionality | Periodic Review Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8 Canada_Federal_PBMM_3-1-2020_CM_8 Canada Federal PBMM 3-1-2020 CM 8 Information System Component Inventory Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8(1) Canada_Federal_PBMM_3-1-2020_CM_8(1) Canada Federal PBMM 3-1-2020 CM 8(1) Information System Component Inventory | Updates During Installations / Removals Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
146412e9-005c-472b-9e48-c87b72ac229e A Microsoft Entra administrator should be provisioned for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Microsoft Entra identities for authentication during workspace creation Synapse Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 CM_8(2) Canada_Federal_PBMM_3-1-2020_CM_8(2) Canada Federal PBMM 3-1-2020 CM 8(2) Information System Component Inventory | Automated Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(3) Canada_Federal_PBMM_3-1-2020_CM_8(3) Canada Federal PBMM 3-1-2020 CM 8(3) Information System Component Inventory | Automated Unauthorized Component Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 CM_8(5) Canada_Federal_PBMM_3-1-2020_CM_8(5) Canada Federal PBMM 3-1-2020 CM 8(5) Information System Component Inventory | No Duplicate Accounting of Components Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 CM_9 Canada_Federal_PBMM_3-1-2020_CM_9 Canada Federal PBMM 3-1-2020 CM 9 Configuration Management Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10 Canada_Federal_PBMM_3-1-2020_CP_10 Canada Federal PBMM 3-1-2020 CP 10 Information System Recovery and Reconstitution Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(2) Canada_Federal_PBMM_3-1-2020_CP_10(2) Canada Federal PBMM 3-1-2020 CP 10(2) Information System Recovery and Reconstitution | Transaction Recovery Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_10(4) Canada_Federal_PBMM_3-1-2020_CP_10(4) Canada Federal PBMM 3-1-2020 CP 10(4) Information System Recovery and Reconstitution | Restore within Time Period Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(3) Canada_Federal_PBMM_3-1-2020_CP_2(3) Canada Federal PBMM 3-1-2020 CP 2(3) Contingency Plan | Resume Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(4) Canada_Federal_PBMM_3-1-2020_CP_2(4) Canada Federal PBMM 3-1-2020 CP 2(4) Contingency Plan | Resume All Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(5) Canada_Federal_PBMM_3-1-2020_CP_2(5) Canada Federal PBMM 3-1-2020 CP 2(5) Contingency Plan | Continue Essential Missions / Business Functions Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7bdb79ea-16b8-453e-4ca4-ad5b16012414 Transfer backup information to an alternate storage site Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ebb67efd-3c46-49b0-adfe-5599eb944998 Audit Windows machines that don't have the specified applications installed Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Kubernetes Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fc26e2fd-3149-74b4-5988-d64bb90f8ef7 Separately store backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 CP_2(6) Canada_Federal_PBMM_3-1-2020_CP_2(6) Canada Federal PBMM 3-1-2020 CP 2(6) Contingency Plan | Alternate Processing / Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 CP_4 Canada_Federal_PBMM_3-1-2020_CP_4 Canada Federal PBMM 3-1-2020 CP 4 Contingency Plan Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6 Canada_Federal_PBMM_3-1-2020_CP_6 Canada Federal PBMM 3-1-2020 CP 6 Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(1) Canada_Federal_PBMM_3-1-2020_CP_6(1) Canada Federal PBMM 3-1-2020 CP 6(1) Alternate Storage Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_6(3) Canada_Federal_PBMM_3-1-2020_CP_6(3) Canada Federal PBMM 3-1-2020 CP 6(3) Alternate Storage Site | Accessibility Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7 Canada_Federal_PBMM_3-1-2020_CP_7 Canada Federal PBMM 3-1-2020 CP 7 Alternative Processing Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7(1) Canada_Federal_PBMM_3-1-2020_CP_7(1) Canada Federal PBMM 3-1-2020 CP 7(1) Alternative Processing Site | Separation from Primary Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_7(3) Canada_Federal_PBMM_3-1-2020_CP_7(3) Canada Federal PBMM 3-1-2020 CP 7(3) Alternative Processing Site | Priority of Service Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9 Canada_Federal_PBMM_3-1-2020_CP_9 Canada Federal PBMM 3-1-2020 CP 9 Information System Backup Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(1) Canada_Federal_PBMM_3-1-2020_CP_9(1) Canada Federal PBMM 3-1-2020 CP 9(1) Information System Backup | Testing for Reliability / Integrity Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(2) Canada_Federal_PBMM_3-1-2020_CP_9(2) Canada Federal PBMM 3-1-2020 CP 9(2) Information System Backup | Test Restoration using Sampling Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(3) Canada_Federal_PBMM_3-1-2020_CP_9(3) Canada Federal PBMM 3-1-2020 CP 9(3) Information System Backup | Separate Storage for Critical Information Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 CP_9(5) Canada_Federal_PBMM_3-1-2020_CP_9(5) Canada Federal PBMM 3-1-2020 CP 9(5) Information System Backup | Transfer to Alternate Storage Site Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_1 Canada_Federal_PBMM_3-1-2020_IA_1 Canada Federal PBMM 3-1-2020 IA 1 Identification and Authentication Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_2 Canada_Federal_PBMM_3-1-2020_IA_2 Canada Federal PBMM 3-1-2020 IA 2 Identification and Authentication (Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_4(2) Canada_Federal_PBMM_3-1-2020_IA_4(2) Canada Federal PBMM 3-1-2020 IA 4(2) Identifier Management | Supervisor Authorization Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_4(3) Canada_Federal_PBMM_3-1-2020_IA_4(3) Canada Federal PBMM 3-1-2020 IA 4(3) Identifier Management | Multiple Forms of Certification Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5 Canada_Federal_PBMM_3-1-2020_IA_5 Canada Federal PBMM 3-1-2020 IA 5 Authenticator Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 IA_5(11) Canada_Federal_PBMM_3-1-2020_IA_5(11) Canada Federal PBMM 3-1-2020 IA 5(11) Authenticator Management | Hardware Token-Based Authentication Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e068b215-0026-4354-b347-8fb2766f73a2 Windows machines should meet requirements for 'User Rights Assignment' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_5(3) Canada_Federal_PBMM_3-1-2020_IA_5(3) Canada Federal PBMM 3-1-2020 IA 5(3) Authenticator Management | In-Person or Trusted Third-Party Registration Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 A Microsoft Entra administrator should be provisioned for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82067dbb-e53b-4e06-b631-546d197452d9 Keys using RSA cryptography should have a specified minimum key size Key Vault Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
21a6bc25-125e-4d13-b82d-2e19b7208ab7 VPN gateways should use only Azure Active Directory (Azure AD) authentication for point-to-site users Network Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Security Center Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 IA_8 Canada_Federal_PBMM_3-1-2020_IA_8 Canada Federal PBMM 3-1-2020 IA 8 Identification and Authentication (Non-Organizational Users) Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_2 Canada_Federal_PBMM_3-1-2020_IR_2 Canada Federal PBMM 3-1-2020 IR 2 Incident Response Training Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_3 Canada_Federal_PBMM_3-1-2020_IR_3 Canada Federal PBMM 3-1-2020 IR 3 Incident Response Testing Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_6 Canada_Federal_PBMM_3-1-2020_IR_6 Canada Federal PBMM 3-1-2020 IR 6 Incident Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center Canada_Federal_PBMM_3-1-2020 IR_6(1) Canada_Federal_PBMM_3-1-2020_IR_6(1) Canada Federal PBMM 3-1-2020 IR 6(1) Incident Reporting | Automated Reporting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(1) Canada_Federal_PBMM_3-1-2020_IR_9(1) Canada Federal PBMM 3-1-2020 IR 9(1) Information Spillage Response | Responsible Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(3) Canada_Federal_PBMM_3-1-2020_IR_9(3) Canada Federal PBMM 3-1-2020 IR 9(3) Information Spillage Response | Post-Spill Operations Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 IR_9(4) Canada_Federal_PBMM_3-1-2020_IR_9(4) Canada Federal PBMM 3-1-2020 IR 9(4) Information Spillage Response | Exposure to Unauthorized Personnel Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_1 Canada_Federal_PBMM_3-1-2020_MA_1 Canada Federal PBMM 3-1-2020 MA 1 System Maintenance Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_1 Canada_Federal_PBMM_3-1-2020_MA_1 Canada Federal PBMM 3-1-2020 MA 1 System Maintenance Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_2 Canada_Federal_PBMM_3-1-2020_MA_2 Canada Federal PBMM 3-1-2020 MA 2 Controlled Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_2 Canada_Federal_PBMM_3-1-2020_MA_2 Canada Federal PBMM 3-1-2020 MA 2 Controlled Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_3 Canada_Federal_PBMM_3-1-2020_MA_3 Canada Federal PBMM 3-1-2020 MA 3 Maintenance Tools Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_3 Canada_Federal_PBMM_3-1-2020_MA_3 Canada Federal PBMM 3-1-2020 MA 3 Maintenance Tools Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 MA_4(2) Canada_Federal_PBMM_3-1-2020_MA_4(2) Canada Federal PBMM 3-1-2020 MA 4(2) Nonlocal Maintenance | Document Nonlocal Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration Canada_Federal_PBMM_3-1-2020 MA_4(2) Canada_Federal_PBMM_3-1-2020_MA_4(2) Canada Federal PBMM 3-1-2020 MA 4(2) Nonlocal Maintenance | Document Nonlocal Maintenance Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 MP_1 Canada_Federal_PBMM_3-1-2020_MP_1 Canada Federal PBMM 3-1-2020 MP 1 Media Protection Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 MP_2 Canada_Federal_PBMM_3-1-2020_MP_2 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_10 Canada_Federal_PBMM_3-1-2020_PE_10 Canada Federal PBMM 3-1-2020 PE 10 Emergency Shutoff Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_10 Canada_Federal_PBMM_3-1-2020_PE_10 Canada Federal PBMM 3-1-2020 PE 10 Emergency Shutoff Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_11 Canada_Federal_PBMM_3-1-2020_PE_11 Canada Federal PBMM 3-1-2020 PE 11 Emergency Power Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_11 Canada_Federal_PBMM_3-1-2020_PE_11 Canada Federal PBMM 3-1-2020 PE 11 Emergency Power Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_12 Canada_Federal_PBMM_3-1-2020_PE_12 Canada Federal PBMM 3-1-2020 PE 12 Emergency Lighting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_12 Canada_Federal_PBMM_3-1-2020_PE_12 Canada Federal PBMM 3-1-2020 PE 12 Emergency Lighting Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_13 Canada_Federal_PBMM_3-1-2020_PE_13 Canada Federal PBMM 3-1-2020 PE 13 Fire Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_13 Canada_Federal_PBMM_3-1-2020_PE_13 Canada Federal PBMM 3-1-2020 PE 13 Fire Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 PE_13(2) Canada_Federal_PBMM_3-1-2020_PE_13(2) Canada Federal PBMM 3-1-2020 PE 13(2) Fire Protection | Suppression Devices / Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 PE_13(2) Canada_Federal_PBMM_3-1-2020_PE_13(2) Canada Federal PBMM 3-1-2020 PE 13(2) Fire Protection | Suppression Devices / Systems Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 PL_1 Canada_Federal_PBMM_3-1-2020_PL_1 Canada Federal PBMM 3-1-2020 PL 1 Security Planning Policy and Procedures Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Machine Learning Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e2dd799a-a932-4e9d-ac17-d473bc3c6c10 Dependency agent should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute Canada_Federal_PBMM_3-1-2020 PL_2 Canada_Federal_PBMM_3-1-2020_PL_2 Canada Federal PBMM 3-1-2020 PL 2 System Security Plan Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring Canada_Federal_PBMM_3-1-2020 PS_6 Canada_Federal_PBMM_3-1-2020_PS_6 Canada Federal PBMM 3-1-2020 PS 6 Access Agreements Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Kubernetes Canada_Federal_PBMM_3-1-2020 PS_6 Canada_Federal_PBMM_3-1-2020_PS_6 Canada Federal PBMM 3-1-2020 PS 6 Access Agreements Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f85bf3e0-d513-442e-89c3-1784ad63382b System updates should be installed on your machines (powered by Update Center) Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 RA_5(1) Canada_Federal_PBMM_3-1-2020_RA_5(1) Canada Federal PBMM 3-1-2020 RA 5(1) Vulnerability Scanning | Update Tool Capability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_10 Canada_Federal_PBMM_3-1-2020_SA_10 Canada Federal PBMM 3-1-2020 SA 10 Developer Configuration Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_4(9) Canada_Federal_PBMM_3-1-2020_SA_4(9) Canada Federal PBMM 3-1-2020 SA 4(9) Acquisition Process | Functions / Ports / Protocols / Services in Use Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a9b99dd8-06c5-4317-8629-9d86a3c6e7d9 Deploy network watcher when virtual networks are created Network Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e345b6c3-24bd-4c93-9bbb-7e5e49a17b78 Azure VPN gateways should not use 'basic' SKU Network Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
934345e1-4dfb-4c70-90d7-41990dc9608b Audit Windows machines that do not contain the specified certificates in Trusted Root Guest Configuration Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SA_9(2) Canada_Federal_PBMM_3-1-2020_SA_9(2) Canada Federal PBMM 3-1-2020 SA 9(2) External Information System Services | Identification of Functions / Ports / Protocols / Services Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12 Canada_Federal_PBMM_3-1-2020_SC_12 Canada Federal PBMM 3-1-2020 SC 12 Cryptographic Key Establishment and Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
967a4b4b-2da9-43c1-b7d0-f98d0d74d0b1 App Configuration should use a customer-managed key App Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0aa61e00-0a01-4a3c-9945-e93cffedf0e6 Azure Container Instance container group should use customer-managed key for encryption Container Instance Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
75c4f823-d65c-4f29-a733-01d0077fdbcb Keys should be the specified cryptographic type RSA or EC Key Vault Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
56a5ee18-2ae6-4810-86f7-18e39ce5629b Azure Automation accounts should use customer-managed keys to encrypt data at rest Automation Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
87ba29ef-1ab3-4d82-b763-87fcd4f531f7 Azure Stream Analytics jobs should use customer-managed keys to encrypt data Stream Analytics Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d461a302-a187-421a-89ac-84acdb4edc04 Managed disks should use a specific set of disk encryption sets for the customer-managed key encryption Compute Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ff25f3c8-b739-4538-9d07-3d6d25cfb255 Keys using elliptic curve cryptography should have the specified curve names Key Vault Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3dc5edcd-002d-444c-b216-e123bbfa37c0 Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
81e74cea-30fd-40d5-802f-d72103c2aaaa Azure Data Explorer encryption at rest should use a customer-managed key Azure Data Explorer Canada_Federal_PBMM_3-1-2020 SC_12(1) Canada_Federal_PBMM_3-1-2020_SC_12(1) Canada Federal PBMM 3-1-2020 SC 12(1) Cryptographic Key Establishment and Management | Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_2 Canada_Federal_PBMM_3-1-2020_SC_2 Canada Federal PBMM 3-1-2020 SC 2 Application Partitioning Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_5 Canada_Federal_PBMM_3-1-2020_SC_5 Canada Federal PBMM 3-1-2020 SC 5 Denial of Service Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_6 Canada_Federal_PBMM_3-1-2020_SC_6 Canada Federal PBMM 3-1-2020 SC 6 Resource Availability Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7 Canada_Federal_PBMM_3-1-2020_SC_7 Canada Federal PBMM 3-1-2020 SC 7 Boundary Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(12) Canada_Federal_PBMM_3-1-2020_SC_7(12) Canada Federal PBMM 3-1-2020 SC 7(12) Boundary Protection | Host-Based Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(3) Canada_Federal_PBMM_3-1-2020_SC_7(3) Canada Federal PBMM 3-1-2020 SC 7(3) Boundary Protection | Access Points Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(5) Canada_Federal_PBMM_3-1-2020_SC_7(5) Canada Federal PBMM 3-1-2020 SC 7(5) Boundary Protection | Deny by Default / Allow by Exception Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(7) Canada_Federal_PBMM_3-1-2020_SC_7(7) Canada Federal PBMM 3-1-2020 SC 7(7) Boundary Protection | Prevent Split Tunneling for Remote Devices Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f71be03e-e25b-4d0f-b8bc-9b3e309b66c0 Windows machines should meet requirements for 'Security Options - Recovery console' Guest Configuration Canada_Federal_PBMM_3-1-2020 SC_7(8) Canada_Federal_PBMM_3-1-2020_SC_7(8) Canada Federal PBMM 3-1-2020 SC 7(8) Boundary Protection | Route Traffic to Authenticated Proxy Servers Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_10 Canada_Federal_PBMM_3-1-2020_SI_10 Canada Federal PBMM 3-1-2020 SI 10 Information Input Validation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_10 Canada_Federal_PBMM_3-1-2020_SI_10 Canada Federal PBMM 3-1-2020 SI 10 Information Input Validation Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL SQL Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a412110-3874-9f22-187a-c7a81c8a6704 Establish alternate storage site to store and retrieve backup information Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL SQL Canada_Federal_PBMM_3-1-2020 SI_16 Canada_Federal_PBMM_3-1-2020_SI_16 404 not found Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps App Service Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3 Canada_Federal_PBMM_3-1-2020_SI_3 Canada Federal PBMM 3-1-2020 SI 3 Malicious Code Protection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(1) Canada_Federal_PBMM_3-1-2020_SI_3(1) Canada Federal PBMM 3-1-2020 SI 3(1) Malicious Code Protection | Central Management Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(2) Canada_Federal_PBMM_3-1-2020_SI_3(2) Canada Federal PBMM 3-1-2020 SI 3(2) Malicious Code Protection | Automatic Updates Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_3(7) Canada_Federal_PBMM_3-1-2020_SI_3(7) Canada Federal PBMM 3-1-2020 SI 3(7) Malicious Code Protection | Non Signature-Based Detection Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4 Canada_Federal_PBMM_3-1-2020_SI_4 Canada Federal PBMM 3-1-2020 SI 4 Information System Monitoring Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4(1) Canada_Federal_PBMM_3-1-2020_SI_4(1) Canada Federal PBMM 3-1-2020 SI 4(1) Information System Monitoring | System-Wide Intrusion Detection System Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3e596b57-105f-48a6-be97-03e9243bad6e Azure Monitor solution 'Security and Audit' must be deployed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
245fc9df-fa96-4414-9a0b-3738c2f7341c Resource logs in Azure Kubernetes Service should be enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2a7a701e-dff3-4da9-9ec5-42cb98594c0b Windows machines should meet requirements for 'System Audit Policies - Policy Change' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Security Center Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_4(2) Canada_Federal_PBMM_3-1-2020_SI_4(2) Canada Federal PBMM 3-1-2020 SI 4(2) Information System Monitoring | Automated Tools for Real-Time Analysis Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
b8564268-eb4a-4337-89be-a19db070c59d Event Hub namespaces should use private link Event Hub Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35d9882c-993d-44e6-87d2-db66ce21b636 Windows machines should meet requirements for 'Windows Firewall Properties' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ee984370-154a-4ee8-9726-19d900e56fc0 Windows machines should meet requirements for 'Security Options - Accounts' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instances should have Microsoft Entra-only authentication enabled during creation SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints API Management Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fea8f8a-4169-495d-8307-30ec335f387d CORS should not allow every domain to access your API for FHIR API for FHIR Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
17f4b1cc-c55c-4d94-b1f9-2978f6ac2957 Azure running container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
11e3da8c-1d68-4392-badd-0ff3c43ab5b0 [Preview]: Recovery Services vaults should use private link Site Recovery Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9dfea752-dd46-4766-aed1-c355fa93fb91 Azure SQL Managed Instances should disable public network access SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
13a6c84f-49a5-410a-b5df-5b880c3fe009 [Preview]: Linux virtual machines should use only signed and trusted boot components Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2835b622-407b-4114-9198-6f7064cbe0dc Deploy default Microsoft IaaSAntimalware extension for Windows Server Compute Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af99038c-02fd-4a2f-ac24-386b62bf32de [Preview]: Machines should have ports closed that might expose attack vectors Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Azure registry container images should have vulnerabilities resolved (powered by Microsoft Defender Vulnerability Management) Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection App Platform Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
47031206-ce96-41f8-861b-6a915f3de284 [Preview]: IoT Hub device provisioning service data should be encrypted using customer-managed keys (CMK) Internet of Things Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
35f9c03a-cc27-418e-9c0c-539ff999d010 Gateway subnets should not be configured with a network security group Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1afada58-8b34-7ac2-a38a-983218635201 Define acceptable and unacceptable mobile code technologies Regulatory Compliance Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Network Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
a1181c5f-672a-477a-979a-7d58aa086233 Security Center standard pricing tier should be selected Security Center Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
8af8f826-edcb-4178-b35f-851ea6fea615 Azure Container Instance container group should deploy into a virtual network Container Instance Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration Canada_Federal_PBMM_3-1-2020 SI_8(1) Canada_Federal_PBMM_3-1-2020_SI_8(1) Canada Federal PBMM 3-1-2020 SI 8(1) Spam Protection | Central Management of Protection Mechanisms Canada Federal PBMM 3-1-2020 (f8f5293d-df94-484a-a3e7-6b422a999d91)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off App Service CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Service Fabric CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps App Service CCCS AC-4 CCCS_AC-4 CCCS AC-4 Information Flow Enforcement Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Security Center CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Monitoring CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CCCS CP-7 CCCS_CP-7 CCCS CP-7 Alternative Processing Site Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 Guest Configuration CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Guest Configuration CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection should be enabled Security Center CCCS SC-5 CCCS_SC-5 CCCS SC-5 Denial of Service Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Security Center CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(3) CCCS_SC-7(3) CCCS SC-7(3) Boundary Protection | Access Points Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CCCS SC-7(4) CCCS_SC-7(4) CCCS SC-7(4) Boundary Protection | External Telecommunications Services Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows machines should be configured to use secure communication protocols Guest Configuration CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Cache CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Security Center CIS_Azure_1.1.0 2.10 CIS_Azure_1.1.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Security Center CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.1.0 2.16 CIS_Azure_1.1.0_2.16 CIS Microsoft Azure Foundations Benchmark recommendation 2.16 Ensure that 'Security contact emails' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.18 CIS_Azure_1.1.0_2.18 CIS Microsoft Azure Foundations Benchmark recommendation 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Security Center CIS_Azure_1.1.0 2.19 CIS_Azure_1.1.0_2.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.8 CIS_Azure_1.1.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure ASC Default policy setting "Monitor Web Application Firewall" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Security Center CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 2.9 CIS_Azure_1.1.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure ASC Default policy setting "Enable Next Generation Firewall(NGFW) Monitoring" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.1 CIS_Azure_1.1.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 3.2 CIS_Azure_1.1.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 3.3 CIS_Azure_1.1.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.1.0 3.4 CIS_Azure_1.1.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 3.5 CIS_Azure_1.1.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that shared access signature tokens are allowed only over https CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.1.0 3.6 CIS_Azure_1.1.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.1.0 3.7 CIS_Azure_1.1.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.1.0 3.8 CIS_Azure_1.1.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.1 CIS_Azure_1.1.0_4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.10 CIS_Azure_1.1.0_4.10 CIS Microsoft Azure Foundations Benchmark recommendation 4.10 Ensure SQL server's TDE protector is encrypted with BYOK (Use your own key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.11 CIS_Azure_1.1.0_4.11 CIS Microsoft Azure Foundations Benchmark recommendation 4.11 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.12 CIS_Azure_1.1.0_4.12 CIS Microsoft Azure Foundations Benchmark recommendation 4.12 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.13 CIS_Azure_1.1.0_4.13 CIS Microsoft Azure Foundations Benchmark recommendation 4.13 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.14 CIS_Azure_1.1.0_4.14 CIS Microsoft Azure Foundations Benchmark recommendation 4.14 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.15 CIS_Azure_1.1.0_4.15 CIS Microsoft Azure Foundations Benchmark recommendation 4.15 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.16 CIS_Azure_1.1.0_4.16 CIS Microsoft Azure Foundations Benchmark recommendation 4.16 Ensure server parameter 'log_duration' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.17 CIS_Azure_1.1.0_4.17 CIS Microsoft Azure Foundations Benchmark recommendation 4.17 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.18 CIS_Azure_1.1.0_4.18 CIS Microsoft Azure Foundations Benchmark recommendation 4.18 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.19 CIS_Azure_1.1.0_4.19 CIS Microsoft Azure Foundations Benchmark recommendation 4.19 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities SQL CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 4.2 CIS_Azure_1.1.0_4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2 Ensure that 'AuditActionGroups' in 'auditing' policy for a SQL server is set properly CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.1.0 4.3 CIS_Azure_1.1.0_4.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.1.0 4.4 CIS_Azure_1.1.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that 'Advanced Data Security' on a SQL server is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 4.5 CIS_Azure_1.1.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that 'Threat Detection types' is set to 'All' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.6 CIS_Azure_1.1.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure that 'Send alerts to' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 4.7 CIS_Azure_1.1.0_4.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.7 Ensure that 'Email service and co-administrators' is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 4.8 CIS_Azure_1.1.0_4.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.8 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.1.0 4.9 CIS_Azure_1.1.0_4.9 CIS Microsoft Azure Foundations Benchmark recommendation 4.9 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Azure_1.1.0 5.1.1 CIS_Azure_1.1.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a Log Profile exists CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b02aacc0-b073-424e-8298-42b22829ee0a Activity log should be retained for at least one year Monitoring CIS_Azure_1.1.0 5.1.2 CIS_Azure_1.1.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure that Activity Log Retention is set 365 days or greater CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Monitoring CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.3 CIS_Azure_1.1.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure audit profile captures all the activities CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Monitoring CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 5.1.4 CIS_Azure_1.1.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the log profile captures activity logs for all regions including global CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.1.0 5.1.5 CIS_Azure_1.1.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.1.0 5.1.6 CIS_Azure_1.1.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.1.0 5.1.7 CIS_Azure_1.1.0_5.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.7 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.1 CIS_Azure_1.1.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.2 CIS_Azure_1.1.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.3 CIS_Azure_1.1.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.4 CIS_Azure_1.1.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.5 CIS_Azure_1.1.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.6 CIS_Azure_1.1.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.7 CIS_Azure_1.1.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.8 CIS_Azure_1.1.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.1.0 5.2.9 CIS_Azure_1.1.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Update Security Policy CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.1.0 6.3 CIS_Azure_1.1.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.1.0 6.4 CIS_Azure_1.1.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.1.0 6.5 CIS_Azure_1.1.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.1 CIS_Azure_1.1.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure that 'OS disk' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.2 CIS_Azure_1.1.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'Data disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.1.0 7.3 CIS_Azure_1.1.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.1.0 7.4 CIS_Azure_1.1.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 7.5 CIS_Azure_1.1.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.1.0 7.6 CIS_Azure_1.1.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.1.0 8.1 CIS_Azure_1.1.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.1.0 8.2 CIS_Azure_1.1.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.1.0 8.3 CIS_Azure_1.1.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c39ba22d-4428-4149-b981-70acb31fc383 Azure Key Vault Managed HSM should have purge protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.1.0 8.4 CIS_Azure_1.1.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.1.0 8.5 CIS_Azure_1.1.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.1.0 9.1 CIS_Azure_1.1.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.10 CIS_Azure_1.1.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.2 CIS_Azure_1.1.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.1.0 9.3 CIS_Azure_1.1.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.1.0 9.4 CIS_Azure_1.1.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.1.0 9.5 CIS_Azure_1.1.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.6 CIS_Azure_1.1.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that '.Net Framework' version is the latest, if used as a part of the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.7 CIS_Azure_1.1.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.8 CIS_Azure_1.1.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.1.0 9.9 CIS_Azure_1.1.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.1 CIS_Azure_1.3.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.10 CIS_Azure_1.3.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.11 CIS_Azure_1.3.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.12 CIS_Azure_1.3.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.13 CIS_Azure_1.3.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.14 CIS_Azure_1.3.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.15 CIS_Azure_1.3.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.16 CIS_Azure_1.3.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Restrict user ability to access groups features in the Access Pane' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.17 CIS_Azure_1.3.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.18 CIS_Azure_1.3.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.19 CIS_Azure_1.3.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Microsoft 365 groups in Azure Portals' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.2 CIS_Azure_1.3.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.20 CIS_Azure_1.3.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.21 CIS_Azure_1.3.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.22 CIS_Azure_1.3.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 1.23 CIS_Azure_1.3.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure Custom Role is assigned for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.3.0 1.3 CIS_Azure_1.3.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.3.0 1.4 CIS_Azure_1.3.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.6 CIS_Azure_1.3.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to "0" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.7 CIS_Azure_1.3.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 1.8 CIS_Azure_1.3.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 1.9 CIS_Azure_1.3.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.3.0 2.1 CIS_Azure_1.3.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Azure Defender is set to On for Servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.10 CIS_Azure_1.3.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Cloud App Security (MCAS) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 2.11 CIS_Azure_1.3.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.3.0 2.12 CIS_Azure_1.3.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure any of the ASC Default policy setting is not set to "Disabled" CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.3.0 2.13 CIS_Azure_1.3.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is configured with a security contact email CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.3.0 2.14 CIS_Azure_1.3.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure that 'Notify about alerts with the following severity' is set to 'High' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.2 CIS_Azure_1.3.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Azure Defender is set to On for App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.3 CIS_Azure_1.3.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Azure Defender is set to On for Azure SQL database servers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.4 CIS_Azure_1.3.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Azure Defender is set to On for SQL servers on machines CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.5 CIS_Azure_1.3.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Azure Defender is set to On for Storage CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.6 CIS_Azure_1.3.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Azure Defender is set to On for Kubernetes CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.7 CIS_Azure_1.3.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Azure Defender is set to On for Container Registries CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.8 CIS_Azure_1.3.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Azure Defender is set to On for Key Vault CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 2.9 CIS_Azure_1.3.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Windows Defender ATP (WDATP) integration with Security Center is selected CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 3.1 CIS_Azure_1.3.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.10 CIS_Azure_1.3.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is enabled for Blob service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.11 CIS_Azure_1.3.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage logging is enabled for Table service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 3.2 CIS_Azure_1.3.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that storage account access keys are periodically regenerated CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 3.3 CIS_Azure_1.3.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage logging is enabled for Queue service for read, write, and delete requests CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.3.0 3.4 CIS_Azure_1.3.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that shared access signature tokens expire within an hour CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 3.5 CIS_Azure_1.3.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.3.0 3.6 CIS_Azure_1.3.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure default network access rule for Storage Accounts is set to deny CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 3.7 CIS_Azure_1.3.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' is enabled for Storage Account access CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 3.9 CIS_Azure_1.3.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure storage for critical data are encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.3.0 4.1.1 CIS_Azure_1.3.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.1.2 CIS_Azure_1.3.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.1.3 CIS_Azure_1.3.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.3.0 4.2.1 CIS_Azure_1.3.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL server is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.2 CIS_Azure_1.3.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.3 CIS_Azure_1.3.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting Periodic Recurring Scans is enabled on a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.4 CIS_Azure_1.3.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting Send scan reports to is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.3.0 4.2.5 CIS_Azure_1.3.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that VA setting 'Also send email notifications to admins and subscription owners' is set for a SQL server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.1 CIS_Azure_1.3.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 4.3.2 CIS_Azure_1.3.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure 'Enforce SSL connection' is set to 'ENABLED' for MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.3 CIS_Azure_1.3.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.4 CIS_Azure_1.3.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.5 CIS_Azure_1.3.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 4.3.6 CIS_Azure_1.3.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 4.3.7 CIS_Azure_1.3.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 4.3.8 CIS_Azure_1.3.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 4.4 CIS_Azure_1.3.0_4.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.4 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.3.0 4.5 CIS_Azure_1.3.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.1 CIS_Azure_1.3.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.2 CIS_Azure_1.3.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.3.0 5.1.3 CIS_Azure_1.3.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.3.0 5.1.4 CIS_Azure_1.3.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.1.5 CIS_Azure_1.3.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.1 CIS_Azure_1.3.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.2 CIS_Azure_1.3.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.3 CIS_Azure_1.3.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.4 CIS_Azure_1.3.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.5 CIS_Azure_1.3.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.6 CIS_Azure_1.3.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.7 CIS_Azure_1.3.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.3.0 5.2.8 CIS_Azure_1.3.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.3.0 5.2.9 CIS_Azure_1.3.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 5.3 CIS_Azure_1.3.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs are enabled for all services which support it. CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.3.0 6.3 CIS_Azure_1.3.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.3.0 6.4 CIS_Azure_1.3.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.3.0 6.5 CIS_Azure_1.3.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.3.0 7.1 CIS_Azure_1.3.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.2 CIS_Azure_1.3.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.3 CIS_Azure_1.3.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.3.0 7.4 CIS_Azure_1.3.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that only approved extensions are installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 7.5 CIS_Azure_1.3.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.3.0 7.6 CIS_Azure_1.3.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.3.0 7.7 CIS_Azure_1.3.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are encrypted CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.1 CIS_Azure_1.3.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the expiration date is set on all keys CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 8.2 CIS_Azure_1.3.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the expiration date is set on all Secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.3.0 8.3 CIS_Azure_1.3.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that Resource Locks are set for mission critical Azure resources CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 8.4 CIS_Azure_1.3.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.3.0 8.5 CIS_Azure_1.3.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.3.0 9.1 CIS_Azure_1.3.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set on Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.10 CIS_Azure_1.3.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are disabled CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.3.0 9.11 CIS_Azure_1.3.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are used to store secrets CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.2 CIS_Azure_1.3.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure web app redirects all HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.3.0 9.3 CIS_Azure_1.3.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure web app is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.3.0 9.4 CIS_Azure_1.3.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.3.0 9.5 CIS_Azure_1.3.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.6 CIS_Azure_1.3.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure that 'PHP version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.7 CIS_Azure_1.3.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.8 CIS_Azure_1.3.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.3.0 9.9 CIS_Azure_1.3.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the latest, if used to run the web app CIS Microsoft Azure Foundations Benchmark v1.3.0 (612b5213-9160-4969-8578-1518bd2a000c)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.1 CIS_Azure_1.4.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.10 CIS_Azure_1.4.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.11 CIS_Azure_1.4.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.12 CIS_Azure_1.4.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.13 CIS_Azure_1.4.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.14 CIS_Azure_1.4.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Restrict access to Azure AD administration portal' is Set to "Yes" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.15 CIS_Azure_1.4.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.16 CIS_Azure_1.4.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.17 CIS_Azure_1.4.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.18 CIS_Azure_1.4.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.19 CIS_Azure_1.4.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.2 CIS_Azure_1.4.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.20 CIS_Azure_1.4.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure That No Custom Subscription Owner Roles Are Created CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 1.21 CIS_Azure_1.4.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.22 CIS_Azure_1.4.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_1.4.0 1.3 CIS_Azure_1.4.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure guest users are reviewed on a monthly basis CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_1.4.0 1.4 CIS_Azure_1.4.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.6 CIS_Azure_1.4.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.7 CIS_Azure_1.4.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 1.8 CIS_Azure_1.4.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 1.9 CIS_Azure_1.4.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.1 CIS_Azure_1.4.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that Microsoft Defender for Servers is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.10 CIS_Azure_1.4.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 2.11 CIS_Azure_1.4.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure That Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_1.4.0 2.12 CIS_Azure_1.4.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure Any of the ASC Default Policy Setting is Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_1.4.0 2.13 CIS_Azure_1.4.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_1.4.0 2.14 CIS_Azure_1.4.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.2 CIS_Azure_1.4.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that Microsoft Defender for App Service is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.3 CIS_Azure_1.4.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure that Microsoft Defender for Azure SQL Databases is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_1.4.0 2.4 CIS_Azure_1.4.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure that Microsoft Defender for SQL servers on machines is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.5 CIS_Azure_1.4.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure that Microsoft Defender for Storage is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.6 CIS_Azure_1.4.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure that Microsoft Defender for Kubernetes is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_1.4.0 2.7 CIS_Azure_1.4.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure that Microsoft Defender for Container Registries is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.8 CIS_Azure_1.4.0_2.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.8 Ensure that Microsoft Defender for Key Vault is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_1.4.0 2.9 CIS_Azure_1.4.0_2.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.9 Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.1 CIS_Azure_1.4.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.10 CIS_Azure_1.4.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.11 CIS_Azure_1.4.0_3.11 CIS Microsoft Azure Foundations Benchmark recommendation 3.11 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 3.12 CIS_Azure_1.4.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure the "Minimum TLS version" is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 3.2 CIS_Azure_1.4.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure That Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 3.3 CIS_Azure_1.4.0_3.3 CIS Microsoft Azure Foundations Benchmark recommendation 3.3 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_1.4.0 3.4 CIS_Azure_1.4.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 3.5 CIS_Azure_1.4.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure that 'Public access level' is set to Private for blob containers CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_1.4.0 3.6 CIS_Azure_1.4.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 3.7 CIS_Azure_1.4.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure 'Trusted Microsoft Services' are Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 3.9 CIS_Azure_1.4.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_1.4.0 4.1.1 CIS_Azure_1.4.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.1.2 CIS_Azure_1.4.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.1.3 CIS_Azure_1.4.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_1.4.0 4.2.1 CIS_Azure_1.4.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Advanced Threat Protection (ATP) on a SQL Server is Set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_1.4.0 4.2.2 CIS_Azure_1.4.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.3 CIS_Azure_1.4.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.4 CIS_Azure_1.4.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that VA setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 4.2.5 CIS_Azure_1.4.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.1 CIS_Azure_1.4.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.2 CIS_Azure_1.4.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.3 CIS_Azure_1.4.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.4 CIS_Azure_1.4.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 4.3.5 CIS_Azure_1.4.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 4.3.6 CIS_Azure_1.4.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure server parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 4.3.7 CIS_Azure_1.4.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.3.8 CIS_Azure_1.4.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.1 CIS_Azure_1.4.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.4.2 CIS_Azure_1.4.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 4.5 CIS_Azure_1.4.0_4.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.5 Ensure that Azure Active Directory Admin is configured CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_1.4.0 4.6 CIS_Azure_1.4.0_4.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.6 Ensure SQL server's TDE protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.1 CIS_Azure_1.4.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostics Setting' exists CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.2 CIS_Azure_1.4.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.3 CIS_Azure_1.4.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the storage container storing the activity logs is not publicly accessible CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_1.4.0 5.1.4 CIS_Azure_1.4.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.1.5 CIS_Azure_1.4.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure KeyVault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.1 CIS_Azure_1.4.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.2 CIS_Azure_1.4.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.3 CIS_Azure_1.4.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.4 CIS_Azure_1.4.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.5 CIS_Azure_1.4.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.6 CIS_Azure_1.4.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that activity log alert exists for the Delete Network Security Group Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.7 CIS_Azure_1.4.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.8 CIS_Azure_1.4.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_1.4.0 5.2.9 CIS_Azure_1.4.0_5.2.9 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.9 Ensure that Activity Log Alert exists for Create or Update or Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_1.4.0 5.3 CIS_Azure_1.4.0_5.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.3 Ensure that Diagnostic Logs Are Enabled for All Services that Support it. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_1.4.0 6.3 CIS_Azure_1.4.0_6.3 CIS Microsoft Azure Foundations Benchmark recommendation 6.3 Ensure no SQL Databases allow ingress 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_1.4.0 6.4 CIS_Azure_1.4.0_6.4 CIS Microsoft Azure Foundations Benchmark recommendation 6.4 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_1.4.0 6.5 CIS_Azure_1.4.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_1.4.0 7.1 CIS_Azure_1.4.0_7.1 CIS Microsoft Azure Foundations Benchmark recommendation 7.1 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.2 CIS_Azure_1.4.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.3 CIS_Azure_1.4.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'Unattached disks' are encrypted with CMK CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_1.4.0 7.4 CIS_Azure_1.4.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 7.5 CIS_Azure_1.4.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_1.4.0 7.6 CIS_Azure_1.4.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that the endpoint protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_1.4.0 7.7 CIS_Azure_1.4.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 Ensure that VHD's are Encrypted CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.1 CIS_Azure_1.4.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.2 CIS_Azure_1.4.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.3 CIS_Azure_1.4.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 8.4 CIS_Azure_1.4.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_1.4.0 8.5 CIS_Azure_1.4.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure that Resource Locks are set for Mission Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_1.4.0 8.6 CIS_Azure_1.4.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Ensure the key vault is recoverable CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Security Center CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_1.4.0 8.7 CIS_Azure_1.4.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Enable role-based access control (RBAC) within Azure Kubernetes Services CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_1.4.0 9.1 CIS_Azure_1.4.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.10 CIS_Azure_1.4.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_1.4.0 9.11 CIS_Azure_1.4.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Keyvaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_1.4.0 9.2 CIS_Azure_1.4.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_1.4.0 9.3 CIS_Azure_1.4.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
19dd1db6-f442-49cf-a838-b0786b4401ef App Service apps should have Client Certificates (Incoming client certificates) enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_1.4.0 9.4 CIS_Azure_1.4.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_1.4.0 9.5 CIS_Azure_1.4.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.6 CIS_Azure_1.4.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.7 CIS_Azure_1.4.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.8 CIS_Azure_1.4.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_1.4.0 9.9 CIS_Azure_1.4.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v1.4.0 (c3f5c4d9-9a1d-4a99-85c0-7f93e384d5c5)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.1 CIS_Azure_2.0.0_1.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.1 Ensure Security Defaults is enabled on Azure Active Directory CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.2 CIS_Azure_2.0.0_1.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.3 CIS_Azure_2.0.0_1.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.1.4 CIS_Azure_2.0.0_1.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.10 CIS_Azure_2.0.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.11 CIS_Azure_2.0.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure `User consent for applications` is set to `Do not allow user consent` CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.13 CIS_Azure_2.0.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.14 CIS_Azure_2.0.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure That 'Users Can Register Applications' Is Set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.15 CIS_Azure_2.0.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.16 CIS_Azure_2.0.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Guest invite restrictions' is set to "Only users assigned to specific admin roles can invite guest users" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.17 CIS_Azure_2.0.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.18 CIS_Azure_2.0.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.19 CIS_Azure_2.0.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.20 CIS_Azure_2.0.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.21 CIS_Azure_2.0.0_1.21 CIS Microsoft Azure Foundations Benchmark recommendation 1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices Regulatory Compliance CIS_Azure_2.0.0 1.22 CIS_Azure_2.0.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles General CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.23 CIS_Azure_2.0.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure That No Custom Subscription Administrator Roles Exist CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 1.24 CIS_Azure_2.0.0_1.24 CIS Microsoft Azure Foundations Benchmark recommendation 1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Security Center CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79f081c7-1634-01a1-708e-376197999289 Review user accounts Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 1.5 CIS_Azure_2.0.0_1.5 CIS Microsoft Azure Foundations Benchmark recommendation 1.5 Ensure Guest Users Are Reviewed on a Regular Basis CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.8 CIS_Azure_2.0.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators Regulatory Compliance CIS_Azure_2.0.0 1.9 CIS_Azure_2.0.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes Regulatory Compliance CIS_Azure_2.0.0 10.1 CIS_Azure_2.0.0_10.1 CIS Microsoft Azure Foundations Benchmark recommendation 10.1 Ensure that Resource Locks are set for Mission-Critical Azure Resources CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Security Center CIS_Azure_2.0.0 2.1.1 CIS_Azure_2.0.0_2.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Security Center CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.10 CIS_Azure_2.0.0_2.1.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bdc59948-5574-49b3-bb91-76b7c986428d [Deprecated]: Azure Defender for DNS should be enabled Security Center CIS_Azure_2.0.0 2.1.11 CIS_Azure_2.0.0_2.1.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Security Center CIS_Azure_2.0.0 2.1.12 CIS_Azure_2.0.0_2.1.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.12 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Azure_2.0.0 2.1.13 CIS_Azure_2.0.0_2.1.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.13 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
33832848-42ab-63f3-1a55-c0ad309d44cd Implement an automated configuration management tool Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
526ed90e-890f-69e7-0386-ba5c0f1f784f Establish and document a configuration management plan Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b53aa659-513e-032c-52e6-1ce0ba46582f Configure actions for noncompliant devices Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f20840e-7925-221c-725d-757442753e7c Develop and maintain baseline configurations Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
058e9719-1ff9-3653-4230-23f76b6492e0 Enforce security configuration settings Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7380631c-5bf5-0e3a-4509-0873becd8a63 Establish a configuration control board Regulatory Compliance CIS_Azure_2.0.0 2.1.14 CIS_Azure_2.0.0_2.1.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.14 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 2.1.15 CIS_Azure_2.0.0_2.1.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.15 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.17 CIS_Azure_2.0.0_2.1.17 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_2.0.0 2.1.19 CIS_Azure_2.0.0_2.1.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.19 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Security Center CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.2 CIS_Azure_2.0.0_2.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_2.0.0 2.1.20 CIS_Azure_2.0.0_2.1.20 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.20 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.21 CIS_Azure_2.0.0_2.1.21 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.22 CIS_Azure_2.0.0_2.1.22 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.3 CIS_Azure_2.0.0_2.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.4 CIS_Azure_2.0.0_2.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.5 CIS_Azure_2.0.0_2.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Azure_2.0.0 2.1.6 CIS_Azure_2.0.0_2.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
640d2586-54d2-465f-877f-9ffc1d2109f4 Microsoft Defender for Storage should be enabled Security Center CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.7 CIS_Azure_2.0.0_2.1.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Azure_2.0.0 2.1.8 CIS_Azure_2.0.0_2.1.8 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
adbe85b5-83e6-4350-ab58-bf3a4f736e5e Microsoft Defender for Azure Cosmos DB should be enabled Security Center CIS_Azure_2.0.0 2.1.9 CIS_Azure_2.0.0_2.1.9 CIS Microsoft Azure Foundations Benchmark recommendation 2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.1 CIS_Azure_2.0.0_3.1 CIS Microsoft Azure Foundations Benchmark recommendation 3.1 Ensure that 'Secure transfer required' is set to 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Storage CIS_Azure_2.0.0 3.10 CIS_Azure_2.0.0_3.10 CIS Microsoft Azure Foundations Benchmark recommendation 3.10 Ensure Private Endpoints are used to access Storage Accounts CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Storage CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.12 CIS_Azure_2.0.0_3.12 CIS Microsoft Azure Foundations Benchmark recommendation 3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.13 CIS_Azure_2.0.0_3.13 CIS Microsoft Azure Foundations Benchmark recommendation 3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.14 CIS_Azure_2.0.0_3.14 CIS Microsoft Azure Foundations Benchmark recommendation 3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 3.15 CIS_Azure_2.0.0_3.15 CIS Microsoft Azure Foundations Benchmark recommendation 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4733ea7b-a883-42fe-8cac-97454c2a9e4a Storage accounts should have infrastructure encryption Storage CIS_Azure_2.0.0 3.2 CIS_Azure_2.0.0_3.2 CIS Microsoft Azure Foundations Benchmark recommendation 3.2 Ensure that ‘Enable Infrastructure Encryption’ for Each Storage Account in Azure Storage is Set to ‘enabled’ CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 3.4 CIS_Azure_2.0.0_3.4 CIS Microsoft Azure Foundations Benchmark recommendation 3.4 Ensure that Storage Account Access Keys are Periodically Regenerated CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 3.5 CIS_Azure_2.0.0_3.5 CIS Microsoft Azure Foundations Benchmark recommendation 3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d9d48ffb-0d8c-0bd5-5f31-5a5826d19f10 Disable authenticators upon termination Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4502e506-5f35-0df4-684f-b326e3cc7093 Terminate user session automatically Regulatory Compliance CIS_Azure_2.0.0 3.6 CIS_Azure_2.0.0_3.6 CIS Microsoft Azure Foundations Benchmark recommendation 3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access Regulatory Compliance CIS_Azure_2.0.0 3.7 CIS_Azure_2.0.0_3.7 CIS Microsoft Azure Foundations Benchmark recommendation 3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Storage CIS_Azure_2.0.0 3.8 CIS_Azure_2.0.0_3.8 CIS Microsoft Azure Foundations Benchmark recommendation 3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c9d007d0-c057-4772-b18c-01e546713bcd Storage accounts should allow access from trusted Microsoft services Storage CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 3.9 CIS_Azure_2.0.0_3.9 CIS Microsoft Azure Foundations Benchmark recommendation 3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.1.1 CIS_Azure_2.0.0_4.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.1.2 CIS_Azure_2.0.0_4.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest SQL CIS_Azure_2.0.0 4.1.3 CIS_Azure_2.0.0_4.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers SQL CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 4.1.4 CIS_Azure_2.0.0_4.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled SQL CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.1.5 CIS_Azure_2.0.0_4.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.1.6 CIS_Azure_2.0.0_4.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Azure_2.0.0 4.2.1 CIS_Azure_2.0.0_4.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.2 CIS_Azure_2.0.0_4.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.3 CIS_Azure_2.0.0_4.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.4 CIS_Azure_2.0.0_4.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e3905a3c-97e7-0b4f-15fb-465c0927536f Correlate Vulnerability scan information Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Security Center CIS_Azure_2.0.0 4.2.5 CIS_Azure_2.0.0_4.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.1 CIS_Azure_2.0.0_4.3.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e43d Log checkpoints should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.2 CIS_Azure_2.0.0_4.3.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e442 Log connections should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.3 CIS_Azure_2.0.0_4.3.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eb6f77b9-bd53-4e35-a23d-7f65d5f0e446 Disconnections should be logged for PostgreSQL database servers. SQL CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.4 CIS_Azure_2.0.0_4.3.4 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5345bb39-67dc-4960-a1bf-427e16b9a0bd Connection throttling should be enabled for PostgreSQL database servers SQL CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 4.3.5 CIS_Azure_2.0.0_4.3.5 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 4.3.6 CIS_Azure_2.0.0_4.3.6 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c7fddb0e-3f44-8635-2b35-dc6b8e740b7c Identify and manage downstream information exchanges Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f476f3b0-4152-526e-a209-44e5f8c968d7 Establish network segmentation for card holder data environment Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
398fdbd8-56fd-274d-35c6-fa2d3b2755a1 Establish firewall and router configuration standards Regulatory Compliance CIS_Azure_2.0.0 4.3.7 CIS_Azure_2.0.0_4.3.7 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
24fba194-95d6-48c0-aea7-f65bf859c598 Infrastructure encryption should be enabled for Azure Database for PostgreSQL servers SQL CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 4.3.8 CIS_Azure_2.0.0_4.3.8 CIS Microsoft Azure Foundations Benchmark recommendation 4.3.8 Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.1 CIS_Azure_2.0.0_4.4.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 4.4.2 CIS_Azure_2.0.0_4.4.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.4.2 Ensure 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Cosmos DB CIS_Azure_2.0.0 4.5.1 CIS_Azure_2.0.0_4.5.1 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
58440f8a-10c5-4151-bdce-dfbaad4a20b7 CosmosDB accounts should use private link Cosmos DB CIS_Azure_2.0.0 4.5.2 CIS_Azure_2.0.0_4.5.2 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.2 Ensure That Private Endpoints Are Used Where Possible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Azure_2.0.0 4.5.3 CIS_Azure_2.0.0_4.5.3 CIS Microsoft Azure Foundations Benchmark recommendation 4.5.3 Use Azure Active Directory (AAD) Client Authentication and Azure RBAC where possible. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.1 CIS_Azure_2.0.0_5.1.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.1 Ensure that a 'Diagnostic Setting' exists CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3b980d31-7904-4bb7-8575-5665739a8052 An activity log alert should exist for specific Security operations Monitoring CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.2 CIS_Azure_2.0.0_5.1.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.2 Ensure Diagnostic Setting captures appropriate categories CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.3 CIS_Azure_2.0.0_5.1.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.3 Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0e696f5a-451f-5c15-5532-044136538491 Protect audit information Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fbb99e8e-e444-4da0-9ff1-75c92f5a85b2 Storage account containing the container with activity logs must be encrypted with BYOK Monitoring CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0559109-6a27-a217-6821-5a6d44f92897 Maintain integrity of audit system Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c843d78-8f64-92b5-6a9b-e8186c0e7eb6 Enable dual or joint authorization Regulatory Compliance CIS_Azure_2.0.0 5.1.4 CIS_Azure_2.0.0_5.1.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.1.5 CIS_Azure_2.0.0_5.1.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.5 Ensure that logging for Azure Key Vault is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
27960feb-a23c-4577-8d36-ef8b5f35e0be All flow log resources should be in enabled state Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Azure_2.0.0 5.1.6 CIS_Azure_2.0.0_5.1.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.1 CIS_Azure_2.0.0_5.2.1 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.2 CIS_Azure_2.0.0_5.2.2 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.3 CIS_Azure_2.0.0_5.2.3 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.4 CIS_Azure_2.0.0_5.2.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.4 Ensure that Activity Log Alert exists for Delete Network Security Group CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.5 CIS_Azure_2.0.0_5.2.5 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.6 CIS_Azure_2.0.0_5.2.6 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.7 CIS_Azure_2.0.0_5.2.7 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9622aaa9-5c49-40e2-5bf8-660b7cd23deb Alert personnel of information spillage Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b4e134f-1e4c-2bff-573e-082d85479b6e Develop an incident response plan Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
af38215f-70c4-0cd6-40c2-c52d86690a45 Set automated notifications for new and trending cloud applications in your organization Regulatory Compliance CIS_Azure_2.0.0 5.2.8 CIS_Azure_2.0.0_5.2.8 CIS Microsoft Azure Foundations Benchmark recommendation 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Search CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled App Service CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Key Vault CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Data Lake CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Stream Analytics CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Internet of Things CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Logic Apps CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Service Bus CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a3e98638-51d4-4e28-910a-60e98c1a756f Configure Azure Audit capabilities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
333b4ada-4a02-0648-3d4d-d812974f1bb2 Govern and monitor audit processing activities Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions Regulatory Compliance CIS_Azure_2.0.0 5.4 CIS_Azure_2.0.0_5.4 CIS Microsoft Azure Foundations Benchmark recommendation 5.4 Ensure that Azure Monitor Resource Logging is Enabled for All Services that Support it CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.1 CIS_Azure_2.0.0_6.1 CIS Microsoft Azure Foundations Benchmark recommendation 6.1 Ensure that RDP access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_2.0.0 6.2 CIS_Azure_2.0.0_6.2 CIS Microsoft Azure Foundations Benchmark recommendation 6.2 Ensure that SSH access from the Internet is evaluated and restricted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
efef28d0-3226-966a-a1e8-70e89c1b30bc Retain security policies and procedures Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7c7032fe-9ce6-9092-5890-87a1a3755db1 Retain terminated user data Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1ecb79d7-1a06-9a3b-3be8-f434d04d1ec1 Adhere to retention periods defined Regulatory Compliance CIS_Azure_2.0.0 6.5 CIS_Azure_2.0.0_6.5 CIS Microsoft Azure Foundations Benchmark recommendation 6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ece8bb17-4080-5127-915f-dc7267ee8549 Verify security functions Regulatory Compliance CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Network CIS_Azure_2.0.0 6.6 CIS_Azure_2.0.0_6.6 CIS Microsoft Azure Foundations Benchmark recommendation 6.6 Ensure that Network Watcher is 'Enabled' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e603da3a-8af7-4f8a-94cb-1bcc0e0333d2 Manage the input, output, processing, and storage of data Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e23444b9-9662-40f3-289e-6d25c02b48fa Review label activity and analytics Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
55a7f9a0-6397-7589-05ef-5ed59a8149e7 Control physical access Regulatory Compliance CIS_Azure_2.0.0 7.2 CIS_Azure_2.0.0_7.2 CIS Microsoft Azure Foundations Benchmark recommendation 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.3 CIS_Azure_2.0.0_7.3 CIS Microsoft Azure Foundations Benchmark recommendation 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ca91455f-eace-4f96-be59-e6e2c35b4816 Managed disks should be double encrypted with both platform-managed and customer-managed keys Compute CIS_Azure_2.0.0 7.4 CIS_Azure_2.0.0_7.4 CIS Microsoft Azure Foundations Benchmark recommendation 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK) CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c0e996f8-39cf-4af9-9f45-83fbde810432 Only approved VM extensions should be installed Compute CIS_Azure_2.0.0 7.5 CIS_Azure_2.0.0_7.5 CIS Microsoft Azure Foundations Benchmark recommendation 7.5 Ensure that Only Approved Extensions Are Installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
db28735f-518f-870e-15b4-49623cbe3aa0 Verify software, firmware and information integrity Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly Regulatory Compliance CIS_Azure_2.0.0 7.6 CIS_Azure_2.0.0_7.6 CIS Microsoft Azure Foundations Benchmark recommendation 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 7.7 CIS_Azure_2.0.0_7.7 CIS Microsoft Azure Foundations Benchmark recommendation 7.7 [Legacy] Ensure that VHDs are Encrypted CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.1 CIS_Azure_2.0.0_8.1 CIS Microsoft Azure Foundations Benchmark recommendation 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.2 CIS_Azure_2.0.0_8.2 CIS Microsoft Azure Foundations Benchmark recommendation 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.3 CIS_Azure_2.0.0_8.3 CIS Microsoft Azure Foundations Benchmark recommendation 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 8.4 CIS_Azure_2.0.0_8.4 CIS Microsoft Azure Foundations Benchmark recommendation 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Key Vault CIS_Azure_2.0.0 8.5 CIS_Azure_2.0.0_8.5 CIS Microsoft Azure Foundations Benchmark recommendation 8.5 Ensure the Key Vault is Recoverable CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
12d4fa5e-1f9f-4c21-97a9-b99b3c6611b5 Azure Key Vault should use RBAC permission model Key Vault CIS_Azure_2.0.0 8.6 CIS_Azure_2.0.0_8.6 CIS Microsoft Azure Foundations Benchmark recommendation 8.6 Enable Role Based Access Control for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Key Vault CIS_Azure_2.0.0 8.7 CIS_Azure_2.0.0_8.7 CIS Microsoft Azure Foundations Benchmark recommendation 8.7 Ensure that Private Endpoints are Used for Azure Key Vault CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d8cf8476-a2ec-4916-896e-992351803c44 Keys should have a rotation policy ensuring that their rotation is scheduled within the specified number of days after creation. Key Vault CIS_Azure_2.0.0 8.8 CIS_Azure_2.0.0_8.8 CIS Microsoft Azure Foundations Benchmark recommendation 8.8 Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e336d5f4-4d8f-0059-759c-ae10f63d1747 Enforce user uniqueness Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
1d39b5d9-0392-8954-8359-575ce1957d1a Support personal verification credentials issued by legal authorities Regulatory Compliance CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
95bccee9-a7f8-4bec-9ee9-62c3473701fc App Service apps should have authentication enabled App Service CIS_Azure_2.0.0 9.1 CIS_Azure_2.0.0_9.1 CIS Microsoft Azure Foundations Benchmark recommendation 9.1 Ensure App Service Authentication is set up for apps in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.10 CIS_Azure_2.0.0_9.10 CIS Microsoft Azure Foundations Benchmark recommendation 9.10 Ensure FTP deployments are Disabled CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
51e4b233-8ee3-8bdc-8f5f-f33bd0d229b7 Define a physical key management process Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
97d91b33-7050-237b-3e23-a77d57d84e13 Issue public key certificates Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c276cf3-596f-581a-7fbd-f5e46edaa0f4 Manage symmetric cryptographic keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
c4ccd607-702b-8ae6-8eeb-fc3339cd4b42 Define cryptographic use Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
d661e9eb-4e15-5ba1-6f02-cdc467db0d6c Define organizational requirements for cryptographic key management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7a0ecd94-3699-5273-76a5-edb8499f655a Determine assertion requirements Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8d140e8b-76c7-77de-1d46-ed1b2e112444 Restrict access to private keys Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b8dad106-6444-5f55-307e-1e1cc9723e39 Ensure cryptographic mechanisms are under configuration management Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
3ad7f0bc-3d03-0585-4d24-529779bb02c2 Maintain availability of information Regulatory Compliance CIS_Azure_2.0.0 9.11 CIS_Azure_2.0.0_9.11 CIS Microsoft Azure Foundations Benchmark recommendation 9.11 Ensure Azure Key Vaults are Used to Store Secrets CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.2 CIS_Azure_2.0.0_9.2 CIS Microsoft Azure Foundations Benchmark recommendation 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
26daf649-22d1-97e9-2a8a-01b182194d59 Configure workstations to check for digital certificates Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b2d3e5a2-97ab-5497-565a-71172a729d93 Protect passwords with encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption Regulatory Compliance CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_2.0.0 9.3 CIS_Azure_2.0.0_9.3 CIS Microsoft Azure Foundations Benchmark recommendation 9.3 Ensure Web App is using the latest version of TLS encryption CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
eaebaea7-8013-4ceb-9d14-7eb32271373c [Deprecated]: Function apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
6f1de470-79f3-1572-866e-db0771352fc8 Authenticate to cryptographic module Regulatory Compliance CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
5bb220d9-2698-4ee4-8404-b9c30c9df609 [Deprecated]: App Service apps should have 'Client Certificates (Incoming client certificates)' enabled App Service CIS_Azure_2.0.0 9.4 CIS_Azure_2.0.0_9.4 CIS Microsoft Azure Foundations Benchmark recommendation 9.4 Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management Regulatory Compliance CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_2.0.0 9.5 CIS_Azure_2.0.0_9.5 CIS Microsoft Azure Foundations Benchmark recommendation 9.5 Ensure that Register with Azure Active Directory is enabled on App Service CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7261b898-8a84-4db8-9e04-18527132abb3 App Service apps that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
f466b2a6-823d-470d-8ea5-b031e72d79ae App Service app slots that use PHP should use a specified 'PHP version' App Service CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.6 CIS_Azure_2.0.0_9.6 CIS Microsoft Azure Foundations Benchmark recommendation 9.6 Ensure That 'PHP version' is the Latest, If Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
7008174a-fd10-4ef0-817e-fc820a951d73 App Service apps that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9c014953-ef68-4a98-82af-fd0f6b2306c8 App Service app slots that use Python should use a specified 'Python version' App Service CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e1d1b522-02b0-4d18-a04f-5ab62d20445f Function app slots that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
9d0b6ea4-93e2-4578-bf2f-6bb17d22b4bc Function apps that use Java should use a specified 'Java version' App Service CIS_Azure_2.0.0 9.8 CIS_Azure_2.0.0_9.8 CIS Microsoft Azure Foundations Benchmark recommendation 9.8 Ensure that 'Java version' is the latest, if used to run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws Regulatory Compliance CIS_Azure_2.0.0 9.9 CIS_Azure_2.0.0_9.9 CIS Microsoft Azure Foundations Benchmark recommendation 9.9 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Microsoft Azure Foundations Benchmark v2.0.0 (06f19060-9e68-4070-92ca-f15cc126059e)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Azure_Foundations_v2.1.0 2.1.12 CIS_Azure_Foundations_v2.1.0_2.1.12 CIS Azure Foundations v2.1.0 2.1.12 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Security Center CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.18 CIS_Azure_Foundations_v2.1.0_2.1.18 CIS Azure Foundations v2.1.0 2.1.18 Ensure 'Additional email addresses' is Configured with a Security Contact Email CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
171e377b-5224-4a97-1eaa-62a3b5231dac Generate internal security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b8689b2e-4308-a58b-a0b4-6f3343a000df Use automated mechanisms for security alerts Regulatory Compliance CIS_Azure_Foundations_v2.1.0 2.1.19 CIS_Azure_Foundations_v2.1.0_2.1.19 CIS Azure Foundations v2.1.0 2.1.19 Ensure That 'Notify about alerts with the following severity' is Set to 'High' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Storage CIS_Azure_Foundations_v2.1.0 3.1 CIS_Azure_Foundations_v2.1.0_3.1 CIS Azure Foundations v2.1.0 3.1 Ensure Private Endpoints are used to access Storage Accounts CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version Storage CIS_Azure_Foundations_v2.1.0 3.15 CIS_Azure_Foundations_v2.1.0_3.15 CIS Azure Foundations v2.1.0 3.15 Ensure the "Minimum TLS version" for storage accounts is set to "Version 1.2" CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 Storage account public access should be disallowed Storage CIS_Azure_Foundations_v2.1.0 3.7 CIS_Azure_Foundations_v2.1.0_3.7 CIS Azure Foundations v2.1.0 3.7 Ensure that 'Public Network Access' is `Disabled' for storage accounts CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled SQL CIS_Azure_Foundations_v2.1.0 4.1.1 CIS_Azure_Foundations_v2.1.0_4.1.1 CIS Azure Foundations v2.1.0 4.1.1 Ensure that 'Auditing' is set to 'On' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled SQL CIS_Azure_Foundations_v2.1.0 4.1.2 CIS_Azure_Foundations_v2.1.0_4.1.2 CIS Azure Foundations v2.1.0 4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP) CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher SQL CIS_Azure_Foundations_v2.1.0 4.1.6 CIS_Azure_Foundations_v2.1.0_4.1.6 CIS Azure Foundations v2.1.0 4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days' CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers SQL CIS_Azure_Foundations_v2.1.0 4.3.1 CIS_Azure_Foundations_v2.1.0_4.3.1 CIS Azure Foundations v2.1.0 4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
5e1de0e3-42cb-4ebc-a86d-61d0c619ca48 Public network access should be disabled for PostgreSQL flexible servers SQL CIS_Azure_Foundations_v2.1.0 4.3.7 CIS_Azure_Foundations_v2.1.0_4.3.7 CIS Azure Foundations v2.1.0 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers SQL CIS_Azure_Foundations_v2.1.0 4.3.7 CIS_Azure_Foundations_v2.1.0_4.3.7 CIS Azure Foundations v2.1.0 4.3.7 Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers SQL CIS_Azure_Foundations_v2.1.0 4.4.1 CIS_Azure_Foundations_v2.1.0_4.4.1 CIS Azure Foundations v2.1.0 4.4.1 Ensure 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.1 CIS_Azure_Foundations_v2.1.0_5.2.1 CIS Azure Foundations v2.1.0 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.1 CIS_Azure_Foundations_v2.1.0_5.2.1 CIS Azure Foundations v2.1.0 5.2.1 Ensure that Activity Log Alert exists for Create Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.2 CIS_Azure_Foundations_v2.1.0_5.2.2 CIS Azure Foundations v2.1.0 5.2.2 Ensure that Activity Log Alert exists for Delete Policy Assignment CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.3 CIS_Azure_Foundations_v2.1.0_5.2.3 CIS Azure Foundations v2.1.0 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
c5447c04-a4d7-4ba8-a263-c9ee321a6858 An activity log alert should exist for specific Policy operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.3 CIS_Azure_Foundations_v2.1.0_5.2.3 CIS Azure Foundations v2.1.0 5.2.3 Ensure that Activity Log Alert exists for Create or Update Network Security Group CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.5 CIS_Azure_Foundations_v2.1.0_5.2.5 CIS Azure Foundations v2.1.0 5.2.5 Ensure that Activity Log Alert exists for Create or Update Security Solution CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.6 CIS_Azure_Foundations_v2.1.0_5.2.6 CIS Azure Foundations v2.1.0 5.2.6 Ensure that Activity Log Alert exists for Delete Security Solution CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.7 CIS_Azure_Foundations_v2.1.0_5.2.7 CIS Azure Foundations v2.1.0 5.2.7 Ensure that Activity Log Alert exists for Create or Update SQL Server Firewall Rule CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Azure_Foundations_v2.1.0 5.2.8 CIS_Azure_Foundations_v2.1.0_5.2.8 CIS Azure Foundations v2.1.0 5.2.8 Ensure that Activity Log Alert exists for Delete SQL Server Firewall Rule CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_Foundations_v2.1.0 6.1 CIS_Azure_Foundations_v2.1.0_6.1 CIS Azure Foundations v2.1.0 6.1 Ensure that RDP access from the Internet is evaluated and restricted CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Security Center CIS_Azure_Foundations_v2.1.0 6.2 CIS_Azure_Foundations_v2.1.0_6.2 CIS Azure Foundations v2.1.0 6.2 Ensure that SSH access from the Internet is evaluated and restricted CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
06a78e20-9358-41c9-923c-fb736d382a4d Audit VMs that do not use managed disks Compute CIS_Azure_Foundations_v2.1.0 7.2 CIS_Azure_Foundations_v2.1.0_7.2 CIS Azure Foundations v2.1.0 7.2 Ensure Virtual Machines are utilizing Managed Disks CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Security Center CIS_Azure_Foundations_v2.1.0 7.9 CIS_Azure_Foundations_v2.1.0_7.9 CIS Azure Foundations v2.1.0 7.9 Ensure Trusted Launch is enabled on Virtual Machines CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Security Center CIS_Azure_Foundations_v2.1.0 7.9 CIS_Azure_Foundations_v2.1.0_7.9 CIS Azure Foundations v2.1.0 7.9 Ensure Trusted Launch is enabled on Virtual Machines CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.1 CIS_Azure_Foundations_v2.1.0_8.1 CIS Azure Foundations v2.1.0 8.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.2 CIS_Azure_Foundations_v2.1.0_8.2 CIS Azure Foundations v2.1.0 8.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.3 CIS_Azure_Foundations_v2.1.0_8.3 CIS Azure Foundations v2.1.0 8.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Key Vault CIS_Azure_Foundations_v2.1.0 8.4 CIS_Azure_Foundations_v2.1.0_8.4 CIS Azure Foundations v2.1.0 8.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS App Service CIS_Azure_Foundations_v2.1.0 9.2 CIS_Azure_Foundations_v2.1.0_9.2 CIS Azure Foundations v2.1.0 9.2 Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version App Service CIS_Azure_Foundations_v2.1.0 9.3 CIS_Azure_Foundations_v2.1.0_9.3 CIS Azure Foundations v2.1.0 9.3 Ensure Web App is using the latest version of TLS encryption CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version App Service CIS_Azure_Foundations_v2.1.0 9.3 CIS_Azure_Foundations_v2.1.0_9.3 CIS Azure Foundations v2.1.0 9.3 Ensure Web App is using the latest version of TLS encryption CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity App Service CIS_Azure_Foundations_v2.1.0 9.4 CIS_Azure_Foundations_v2.1.0_9.4 CIS Azure Foundations v2.1.0 9.4 Ensure that Register with Entra ID is enabled on App Service CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
8c122334-9d20-4eb8-89ea-ac9a705b74ae App Service apps should use latest 'HTTP Version' App Service CIS_Azure_Foundations_v2.1.0 9.8 CIS_Azure_Foundations_v2.1.0_9.8 CIS Azure Foundations v2.1.0 9.8 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
e2c1c086-2d84-4019-bff3-c44ccd95113c Function apps should use latest 'HTTP Version' App Service CIS_Azure_Foundations_v2.1.0 9.8 CIS_Azure_Foundations_v2.1.0_9.8 CIS Azure Foundations v2.1.0 9.8 Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only App Service CIS_Azure_Foundations_v2.1.0 9.9 CIS_Azure_Foundations_v2.1.0_9.9 CIS Azure Foundations v2.1.0 9.9 Ensure FTP deployments are Disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only App Service CIS_Azure_Foundations_v2.1.0 9.9 CIS_Azure_Foundations_v2.1.0_9.9 CIS Azure Foundations v2.1.0 9.9 Ensure FTP deployments are Disabled CIS Azure Foundations v2.1.0 (fe7782e4-6ff3-4e39-8d8a-64b6f7b82c85)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Security Center CIS_Controls_v8.1 CIS_Controls_v8.1_ 404 not found CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.1 CIS_Controls_v8.1_10.1 CIS Controls v8.1 10.1 Deploy and maintain anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.2 CIS_Controls_v8.1_10.2 CIS Controls v8.1 10.2 Configure automatic anti-malware signature updates CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.3 CIS_Controls_v8.1_10.3 CIS Controls v8.1 10.3 Disable autorun and autoplay for removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.4 CIS_Controls_v8.1_10.4 CIS Controls v8.1 10.4 Configure automatic anti-malware scanning of removable media CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.5 CIS_Controls_v8.1_10.5 CIS Controls v8.1 10.5 Enable auto-exploitation features CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d38668f5-d155-42c7-ab3d-9b57b50f8fbf Azure Defender for SQL should be enabled for unprotected PostgreSQL flexible servers Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.6 CIS_Controls_v8.1_10.6 CIS Controls v8.1 10.6 Centrally manage anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
77e8b146-0078-4fb2-b002-e112381199f0 Virtual network firewall rule on Azure SQL Database should be enabled to allow traffic from the specified subnet SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d31e5c31-63b2-4f12-887b-e49456834fa1 Microsoft Defender for SQL should be enabled for unprotected Synapse workspaces Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3bc8a0d5-38e0-4a3d-a657-2cb64468fc34 Azure Defender for SQL should be enabled for unprotected MySQL flexible servers Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Cache CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
56fd377d-098c-4f02-8406-81eb055902b8 IP firewall rules on Azure Synapse workspaces should be removed Synapse CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3d9f5e4c-9947-4579-9539-2a7695fbc187 App Configuration should disable public network access App Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
87845465-c458-45f3-af66-dcd62176f397 Windows machines should meet requirements for 'System Audit Policies - Privilege Use' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled or public network access disabled Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d46c275d-1680-448d-b2ec-e495a3b6cc89 Kubernetes cluster services should only use allowed external IPs Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7796937f-307b-4598-941c-67d3a05ebfe7 Azure subscriptions should have a log profile for Activity Log Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
4c3c6c5f-0d47-4402-99b8-aa543dd8bcee Audit flow logs configuration for every virtual network Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c9299215-ae47-4f50-9c54-8a392f68a052 Public network access should be disabled for MySQL flexible servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
492a29ed-d143-4f03-b6a4-705ce081b463 Windows machines should meet requirements for 'Security Options - User Account Control' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces Synapse CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 [Deprecated]: Vulnerabilities in security configuration on your machines should be remediated Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Storage CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link SignalR CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
009a0c92-f5b4-4776-9b66-4ed2b4775563 Private endpoint connections on Batch accounts should be enabled Batch CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers SQL CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0fdf0491-d080-4575-b627-ad0e843cba0f Public network access should be disabled for Container registries Container Registry CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
3ac7c827-eea2-4bde-acc7-9568cd320efa Machines should have secret findings resolved Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Kubernetes CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Event Hub CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
33936777-f2ac-45aa-82ec-07958ec9ade4 Windows machines should meet requirements for 'Security Options - Audit' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
b954148f-4c11-4c38-8221-be76711e194a An activity log alert should exist for specific Administrative operations Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Cosmos DB CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c251913d-7d24-4958-af87-478ed3b9ba41 Flow logs should be configured for every network security group Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a1817ec0-a368-432a-8057-8371e17ac6ee All authorization rules except RootManageSharedAccessKey should be removed from Service Bus namespace Service Bus CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6c53d030-cc64-46f0-906d-2bc061cd1334 Log Analytics workspaces should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8405fdab-1faf-48aa-b702-999c9c172094 Managed disks should disable public network access Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
1bc02227-0cb6-4e11-8f53-eb0b22eab7e8 Application Insights components should block log ingestion and querying from public networks Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8c6a50c6-9ffd-4ae7-986f-5fa6111f9a54 Storage accounts should prevent shared key access Storage CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
94d9aca8-3757-46df-aa51-f218c5f11954 Windows machines should meet requirements for 'System Audit Policies - Account Management' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a914e76-4921-4c19-b460-a2d36003525a Audit resource location matches resource group location General CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
797b37f7-06b8-444c-b1ad-fc62867f335a Azure Cosmos DB should disable public network access Cosmos DB CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
d6759c02-b87f-42b7-892e-71b3f471d782 Azure AI Services resources should use Azure Private Link Azure Ai Services CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c75248c1-ea1d-4a9c-8fc9-29a6aabd5da8 Function apps should have authentication enabled App Service CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 Machines should be configured to periodically check for missing system updates Azure Update Manager CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
8ac833bd-f505-48d5-887e-c993a1d3eea0 API endpoints in Azure API Management should be authenticated Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher API Management CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Batch CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
a2a5b911-5617-447e-a49e-59dbe0e0434b Resource logs in Azure Key Vault Managed HSM should be enabled Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images Monitoring CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7926a6d1-b268-4586-8197-e8ae90c877d7 Microsoft Defender for APIs should be enabled Security Center CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Compute CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
deeddb44-9f94-4903-9fa0-081d524406e3 [Preview]: Azure Recovery Services vaults should use private link for backup Backup CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Machine Learning CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
58383b73-94a9-4414-b382-4146eb02611b Windows machines should meet requirements for 'System Audit Policies - Detailed Tracking' Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
0a075868-4c26-42ef-914c-5bc007359560 Certificates should have the specified maximum validity period Key Vault CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Network CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
5d4e3c65-4873-47be-94f3-6f8b953a3598 Azure Event Hub namespaces should have local authentication methods disabled Event Hub CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7 Use behaviour based anti-malware software CIS Controls v8.1 (046796ef-e8a7-4398-bbe9-cce970b1a3ae)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Guest Configuration CIS_Controls_v8.1 10.7 CIS_Controls_v8.1_10.7 CIS Controls v8.1 10.7