last sync: 2023-Jun-01 17:45:04 UTC

Compliance controls by Policy

Id DisplayName Control Domain Control Name MetadataId Title PolicySet
2454bbee-dc19-442f-83fc-7f3114cafd91 Windows machines should use the default NTP server ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
32e6bbec-16b6-44c2-be37-c5b672d103cf Azure SQL Database should be running TLS version 1.2 or newer ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
3810e389-1d92-4f77-9267-33bdcf0bd225 Windows machines should schedule Windows Defender to perform a scheduled scan every day ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
cfaf0007-99c7-4b01-b36b-4048872ac978 Azure Synapse Analytics dedicated SQL pools should enable encryption ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
0049a6b3-a662-4f3e-8635-39cf44ace45a Vulnerability assessment should be enabled on your Synapse workspaces ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f2c2d0a6-e183-4fc8-bd8f-363c65d3bbbf Subscription should configure the Azure Firewall Premium to provide additional layer of protection ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d96163de-dbe0-45ac-b803-0e9ca0f5764e Windows machines should configure Windows Defender to update protection signatures within one day ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
b3248a42-b1c1-41a4-87bc-8bad3d845589 Windows machines should enable Windows Defender Real-time protection ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
632d3993-e2c0-44ea-a7db-2eca131f356d Web Application Firewall (WAF) should enable all firewall rules for Application Gateway ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f4b53539-8df9-40e4-86c6-6b607703bd4e Disk encryption should be enabled on Azure Data Explorer ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
1afdc4b6-581a-45fb-b630-f1e6051e3e7a Linux virtual machines should have Azure Monitor Agent installed ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
c02729e5-e5e7-4458-97fa-2b5ad0661f28 Windows virtual machines should have Azure Monitor Agent installed ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
12430be1-6cc8-4527-a9a8-e3d38f250096 Web Application Firewall (WAF) should use the specified mode for Application Gateway ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
a8793640-60f7-487c-b5c3-1d37215905c4 SQL Managed Instance should have the minimal TLS version of 1.2 ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
d6545c6b-dd9d-4265-91e6-0b451e2f1c50 App Service Environment should have TLS 1.0 and 1.1 disabled ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f516dc7a-4543-4d40-aad6-98f76a706b50 Bypass list of Intrusion Detection and Prevention System (IDPS) should be empty in Firewall Policy Premium ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
6484db87-a62d-4327-9f07-80a2cbdf333a Firewall Policy Premium should enable the Intrusion Detection and Prevention System (IDPS) ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
711c24bb-7f18-4578-b192-81a6161e1f17 Azure Firewall Premium should configure a valid intermediate certificate to enable TLS inspection ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
610b6183-5f00-4d68-86d2-4ab4cb3a67a5 Firewall Policy Premium should enable all IDPS signature rules to monitor all inbound and outbound traffic flows ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
fe83a0eb-a853-422d-aac2-1bffd182c5d0 Storage accounts should have the specified minimum TLS version ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs ACAT_Security_Policies ACAT_Security_Policies ACAT Security Policies Protecting systems and resources ACAT for Microsoft 365 Certification (80307b86-ab81-45ab-bf4f-4e0b93cf3dd5)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows web servers should be configured to use secure communication protocols AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 1139 AU_ISM_1139 AU ISM 1139 Using Transport Layer Security - 1139 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 1144 AU_ISM_1144 AU ISM 1144 When to patch security vulnerabilities - 1144 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled AU_ISM 1173 AU_ISM_1173 AU ISM 1173 Multi-factor authentication - 1173 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled AU_ISM 1173 AU_ISM_1173 AU ISM 1173 Multi-factor authentication - 1173 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access AU_ISM 1182 AU_ISM_1182 AU ISM 1182 Network access controls - 1182 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers AU_ISM 1260 AU_ISM_1260 AU ISM 1260 Database administrator accounts - 1260 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers AU_ISM 1261 AU_ISM_1261 AU ISM 1261 Database administrator accounts - 1261 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers AU_ISM 1262 AU_ISM_1262 AU ISM 1262 Database administrator accounts - 1262 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers AU_ISM 1263 AU_ISM_1263 AU ISM 1263 Database administrator accounts - 1263 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers AU_ISM 1264 AU_ISM_1264 AU ISM 1264 Database administrator accounts - 1264 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows web servers should be configured to use secure communication protocols AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 1277 AU_ISM_1277 AU ISM 1277 Communications between database servers and web servers - 1277 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets AU_ISM 1288 AU_ISM_1288 AU ISM 1288 Antivirus scanning - 1288 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled AU_ISM 1384 AU_ISM_1384 AU ISM 1384 Multi-factor authentication - 1384 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off AU_ISM 1386 AU_ISM_1386 AU ISM 1386 Restriction of management traffic flows - 1386 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines AU_ISM 1407 AU_ISM_1407 AU ISM 1407 Operating system versions - 1407 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed AU_ISM 1407 AU_ISM_1407 AU ISM 1407 Operating system versions - 1407 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
9b597639-28e4-48eb-b506-56b05d366257 Microsoft IaaSAntimalware extension should be deployed on Windows servers AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets AU_ISM 1417 AU_ISM_1417 AU ISM 1417 Antivirus software - 1417 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps AU_ISM 1424 AU_ISM_1424 AU ISM 1424 Web browser-based security controls - 1424 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled AU_ISM 1425 AU_ISM_1425 AU ISM 1425 Protecting database server contents - 1425 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources AU_ISM 1425 AU_ISM_1425 AU ISM 1425 Protecting database server contents - 1425 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection Standard should be enabled AU_ISM 1431 AU_ISM_1431 AU ISM 1431 Denial of service strategies - 1431 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 1472 AU_ISM_1472 AU ISM 1472 When to patch security vulnerabilities - 1472 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines AU_ISM 1490 AU_ISM_1490 AU ISM 1490 Application control - 1490 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 1494 AU_ISM_1494 AU ISM 1494 When to patch security vulnerabilities - 1494 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 1495 AU_ISM_1495 AU ISM 1495 When to patch security vulnerabilities - 1495 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 1496 AU_ISM_1496 AU ISM 1496 When to patch security vulnerabilities - 1496 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1503 AU_ISM_1503 AU ISM 1503 Standard access to systems - 1503 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1507 AU_ISM_1507 AU ISM 1507 Privileged access to systems - 1507 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 1508 AU_ISM_1508 AU ISM 1508 Privileged access to systems - 1508 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured AU_ISM 1511 AU_ISM_1511 AU ISM 1511 Performing backups - 1511 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers AU_ISM 1537 AU_ISM_1537 AU ISM 1537 Events to be logged - 1537 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords AU_ISM 1546 AU_ISM_1546 AU ISM 1546 Authenticating to systems - 1546 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS AU_ISM 1552 AU_ISM_1552 AU ISM 1552 Web application interactions - 1552 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed AU_ISM 380 AU_ISM_380 AU ISM 380 Operating system configuration - 380 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled AU_ISM 414 AU_ISM_414 AU ISM 414 User identification - 414 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 415 AU_ISM_415 AU ISM 415 User identification - 415 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f2143251-70de-4e81-87a8-36cee5a2f29d Windows machines should meet requirements for 'Security Settings - Account Policies' AU_ISM 421 AU_ISM_421 AU ISM 421 Single-factor authentication - 421 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed AU_ISM 430 AU_ISM_430 AU ISM 430 Suspension of access to systems - 430 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed AU_ISM 441 AU_ISM_441 AU ISM 441 Temporary access to systems - 441 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs AU_ISM 445 AU_ISM_445 AU ISM 445 Privileged access to systems - 445 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources AU_ISM 459 AU_ISM_459 AU ISM 459 Encrypting data at rest - 459 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access AU_ISM 520 AU_ISM_520 AU ISM 520 Network access controls - 520 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types AU_ISM 582 AU_ISM_582 AU ISM 582 Events to be logged - 582 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines AU_ISM 940 AU_ISM_940 AU ISM 940 When to patch security vulnerabilities - 940 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled AU_ISM 947 AU_ISM_947 AU ISM 947 Using media for data transfers - 947 [Preview]: Australian Government ISM PROTECTED (27272c0b-c225-4cc3-b8b0-f2534b093077)
fd4726f4-a5fc-4540-912d-67c96fc992d5 [Preview]: Automanage Configuration Profile Assignment should be Conformant Automanage Best Practices Automanage Best Practices 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
e4953962-5ae4-43eb-bb92-d66fd5563487 [Preview]: A managed identity should be enabled on your machines Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Azure Security Baseline Azure Security Baseline 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2d21331d-a4c2-4def-a9ad-ee4e1e023beb App Service apps should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
60d21c4f-21a3-4d94-85f4-b924e6aeeda4 Storage Accounts should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c4857be7-912a-4c75-87e6-e30292bcdf78 [Preview]: Container Registry should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d416745a-506c-48b6-8ab1-83cb814bcaa3 Virtual machines should be connected to an approved virtual network Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d63edb4a-c612-454d-b47d-191a724fcbf0 Event Hub should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e0a2b1a3-f7f9-4569-807f-2a9edebdf4d9 Cosmos DB should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ea4d6841-2173-4317-9747-ff522a45120f Key Vault should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f1776c76-f58c-4245-a8d0-2b207198dc8b Virtual networks should use specified virtual network gateway Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ae5d2f14-d830-42b6-9899-df6cfe9c71a3 SQL Server should use a virtual network service endpoint Azure_Security_Benchmark_v1.0 1.1 Azure_Security_Benchmark_v1.0_1.1 Azure Security Benchmark 1.1 Protect resources using Network Security Groups or Azure Firewall on your Virtual Network [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3ff60f98-7fa4-410a-9f7f-0b00f5afdbdd Windows machines should meet requirements for 'Security Options - Network Access' Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
67e010c1-640d-438e-a3a5-feaccb533a98 Windows machines should meet requirements for 'Administrative Templates - Network' Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
caf2d518-f029-4f6b-833b-d7081702f253 Windows machines should meet requirements for 'Security Options - Microsoft Network Server' Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1221c620-d201-468c-81e7-2817e6107e84 Windows machines should meet requirements for 'Security Options - Network Security' Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities Azure_Security_Benchmark_v1.0 1.11 Azure_Security_Benchmark_v1.0_1.11 Azure Security Benchmark 1.11 Use automated tools to monitor network resource configurations and detect changes [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Azure_Security_Benchmark_v1.0 1.2 Azure_Security_Benchmark_v1.0_1.2 Azure Security Benchmark 1.2 Monitor and log the configuration and traffic of Vnets, Subnets, and NICs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service apps should have 'Client Certificates (Incoming client certificates)' enabled Azure_Security_Benchmark_v1.0 1.3 Azure_Security_Benchmark_v1.0_1.3 Azure Security Benchmark 1.3 Protect critical web applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection Standard should be enabled Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v1.0 1.4 Azure_Security_Benchmark_v1.0_1.4 Azure Security Benchmark 1.4 Deny communications with known malicious IP addresses [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Azure_Security_Benchmark_v1.0 1.5 Azure_Security_Benchmark_v1.0_1.5 Azure Security Benchmark 1.5 Record network packets and flow logs [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Azure_Security_Benchmark_v1.0 10.4 Azure_Security_Benchmark_v1.0_10.4 Azure Security Benchmark 10.4 Provide security incident contact details and configure alert notifications for security incidents [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1a4e592a-6a6e-44a5-9814-e36264ca96e7 Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action' Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Azure_Security_Benchmark_v1.0 2.2 Azure_Security_Benchmark_v1.0_2.2 Azure Security Benchmark 2.2 Configure central security log management [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
7ff426e2-515f-405a-91c8-4f2333442eb5 SQL Auditing settings should have Action-Groups configured to capture critical activities Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Azure_Security_Benchmark_v1.0 2.3 Azure_Security_Benchmark_v1.0_2.3 Azure Security Benchmark 2.3 Enable audit logging for Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6265018c-d7e2-432f-a75d-094d5f6f4465 Audit Windows machines on which the Log Analytics agent is not connected as expected Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a70ca396-0a34-413a-88e1-b956c1e683be Virtual machines should have the Log Analytics extension installed Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
efbde977-ba53-4479-b8e9-10b957924fbf The Log Analytics extension should be installed on Virtual Machine Scale Sets Azure_Security_Benchmark_v1.0 2.4 Azure_Security_Benchmark_v1.0_2.4 Azure Security Benchmark 2.4 Collect security logs from operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher Azure_Security_Benchmark_v1.0 2.5 Azure_Security_Benchmark_v1.0_2.5 Azure Security Benchmark 2.5 Configure security log storage retention [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v1.0 2.7 Azure_Security_Benchmark_v1.0_2.7 Azure Security Benchmark 2.7 Enable alerts for anomalous activity [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Azure_Security_Benchmark_v1.0 2.8 Azure_Security_Benchmark_v1.0_2.8 Azure Security Benchmark 2.8 Centralize anti-malware logging [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.1 Azure_Security_Benchmark_v1.0_3.1 Azure Security Benchmark 3.1 Maintain an inventory of administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v1.0 3.10 Azure_Security_Benchmark_v1.0_3.10 Azure Security Benchmark 3.10 Regularly review and reconcile user access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3d2a3320-2a72-4c67-ac5f-caa40fbee2b2 Audit Windows machines that have extra accounts in the Administrators group Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Azure_Security_Benchmark_v1.0 3.3 Azure_Security_Benchmark_v1.0_3.3 Azure Security Benchmark 3.3 Use dedicated administrative accounts [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v1.0 3.5 Azure_Security_Benchmark_v1.0_3.5 Azure Security Benchmark 3.5 Use multi-factor authentication for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Azure Active Directory [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers Azure_Security_Benchmark_v1.0 3.9 Azure_Security_Benchmark_v1.0_3.9 Azure Security Benchmark 3.9 Use Azure Active Directory [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Azure_Security_Benchmark_v1.0 4.4 Azure_Security_Benchmark_v1.0_4.4 Azure Security Benchmark 4.4 Encrypt all sensitive information in transit [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v1.0 4.5 Azure_Security_Benchmark_v1.0_4.5 Azure Security Benchmark 4.5 Use an active discovery tool to identify sensitive data [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles Azure_Security_Benchmark_v1.0 4.6 Azure_Security_Benchmark_v1.0_4.6 Azure Security Benchmark 4.6 Use Azure RBAC to control access to resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2c89a2e5-7285-40fe-afe0-ae8654b92fb2 [Deprecated]: Unattached disks should be encrypted Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v1.0 4.8 Azure_Security_Benchmark_v1.0_4.8 Azure Security Benchmark 4.8 Encrypt sensitive information at rest [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
41388f1c-2db0-4c25-95b2-35d7f5ccbfa9 Azure Monitor should collect activity logs from all regions Azure_Security_Benchmark_v1.0 4.9 Azure_Security_Benchmark_v1.0_4.9 Azure Security Benchmark 4.9 Log and alert on changes to critical Azure resources [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Azure_Security_Benchmark_v1.0 5.1 Azure_Security_Benchmark_v1.0_5.1 Azure Security Benchmark 5.1 Run automated vulnerability scanning tools [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Azure_Security_Benchmark_v1.0 5.2 Azure_Security_Benchmark_v1.0_5.2 Azure Security Benchmark 5.2 Deploy automated operating system patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Azure_Security_Benchmark_v1.0 5.2 Azure_Security_Benchmark_v1.0_5.2 Azure Security Benchmark 5.2 Deploy automated operating system patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Azure_Security_Benchmark_v1.0 5.3 Azure_Security_Benchmark_v1.0_5.3 Azure Security Benchmark 5.3 Deploy automated third-party software patch management solution [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Azure_Security_Benchmark_v1.0 5.5 Azure_Security_Benchmark_v1.0_5.5 Azure Security Benchmark 5.5 Use a risk-rating process to prioritize the remediation of discovered vulnerabilities [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Azure_Security_Benchmark_v1.0 6.10 Azure_Security_Benchmark_v1.0_6.10 Azure Security Benchmark 6.10 Implement approved application list [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Azure_Security_Benchmark_v1.0 6.8 Azure_Security_Benchmark_v1.0_6.8 Azure Security Benchmark 6.8 Use only approved applications [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v1.0 6.9 Azure_Security_Benchmark_v1.0_6.9 Azure Security Benchmark 6.9 Use only approved Azure services [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Azure_Security_Benchmark_v1.0 7.10 Azure_Security_Benchmark_v1.0_7.10 Azure Security Benchmark 7.10 Implement automated configuration monitoring for operating systems [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Azure_Security_Benchmark_v1.0 7.11 Azure_Security_Benchmark_v1.0_7.11 Azure Security Benchmark 7.11 Manage Azure secrets securely [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity Azure_Security_Benchmark_v1.0 7.12 Azure_Security_Benchmark_v1.0_7.12 Azure Security Benchmark 7.12 Manage identities securely and automatically [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Azure_Security_Benchmark_v1.0 7.4 Azure_Security_Benchmark_v1.0_7.4 Azure Security Benchmark 7.4 Maintain secure operating system configurations [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Azure_Security_Benchmark_v1.0 8.1 Azure_Security_Benchmark_v1.0_8.1 Azure Security Benchmark 8.1 Use centrally managed anti-malware software [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Azure_Security_Benchmark_v1.0 8.1 Azure_Security_Benchmark_v1.0_8.1 Azure Security Benchmark 8.1 Use centrally managed anti-malware software [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
c43e4a30-77cb-48ab-a4dd-93f175c63b57 Microsoft Antimalware for Azure should be configured to automatically update protection signatures Azure_Security_Benchmark_v1.0 8.3 Azure_Security_Benchmark_v1.0_8.3 Azure Security Benchmark 8.3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v1.0 9.1 Azure_Security_Benchmark_v1.0_9.1 Azure Security Benchmark 9.1 Ensure regular automated back ups [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v1.0 9.2 Azure_Security_Benchmark_v1.0_9.2 Azure Security Benchmark 9.2 Perform complete system backups and backup any customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Azure_Security_Benchmark_v1.0 9.4 Azure_Security_Benchmark_v1.0_9.4 Azure Security Benchmark 9.4 Ensure protection of backups and customer managed keys [Deprecated]: Azure Security Benchmark v1 (42a694ed-f65e-42b2-aa9e-8052e9740a92)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v2.0 AM-3 Azure_Security_Benchmark_v2.0_AM-3 Azure Security Benchmark AM-3 Use only approved Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Azure_Security_Benchmark_v2.0 AM-6 Azure_Security_Benchmark_v2.0_AM-6 Azure Security Benchmark AM-6 Use only approved applications in compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v2.0 BR-1 Azure_Security_Benchmark_v2.0_BR-1 Azure Security Benchmark BR-1 Ensure regular automated backups [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d38fc420-0735-4ef3-ac11-c806f651a570 Long-term geo-redundant backup should be enabled for Azure SQL Databases Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v2.0 BR-2 Azure_Security_Benchmark_v2.0_BR-2 Azure Security Benchmark BR-2 Encrypt backup data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Azure_Security_Benchmark_v2.0 BR-4 Azure_Security_Benchmark_v2.0_BR-4 Azure Security Benchmark BR-4 Mitigate risk of lost keys [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Azure_Security_Benchmark_v2.0 DP-2 Azure_Security_Benchmark_v2.0_DP-2 Azure Security Benchmark DP-2 Protect sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 DP-3 Azure_Security_Benchmark_v2.0_DP-3 Azure Security Benchmark DP-3 Monitor for unauthorized transfer of sensitive data [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows web servers should be configured to use secure communication protocols Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Azure_Security_Benchmark_v2.0 DP-4 Azure_Security_Benchmark_v2.0_DP-4 Azure Security Benchmark DP-4 Encrypt sensitive information in transit [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v2.0 DP-5 Azure_Security_Benchmark_v2.0_DP-5 Azure Security Benchmark DP-5 Encrypt sensitive data at rest [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v2.0 ES-1 Azure_Security_Benchmark_v2.0_ES-1 Azure Security Benchmark ES-1 Use Endpoint Detection and Response (EDR) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Azure_Security_Benchmark_v2.0 ES-2 Azure_Security_Benchmark_v2.0_ES-2 Azure Security Benchmark ES-2 Use centrally managed modern anti-malware software [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Azure_Security_Benchmark_v2.0 ES-3 Azure_Security_Benchmark_v2.0_ES-3 Azure Security Benchmark ES-3 Ensure anti-malware software and signatures are updated [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Azure Active Directory as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Azure Active Directory as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Azure Active Directory as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity Azure_Security_Benchmark_v2.0 IM-1 Azure_Security_Benchmark_v2.0_IM-1 Azure Security Benchmark IM-1 Standardize Azure Active Directory as the central identity and authentication system [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity Azure_Security_Benchmark_v2.0 IM-2 Azure_Security_Benchmark_v2.0_IM-2 Azure Security Benchmark IM-2 Manage application identities securely and automatically [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v2.0 IM-4 Azure_Security_Benchmark_v2.0_IM-4 Azure Security Benchmark IM-4 Use strong authentication controls for all Azure Active Directory based access [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Azure_Security_Benchmark_v2.0 IR-2 Azure_Security_Benchmark_v2.0_IR-2 Azure Security Benchmark IR-2 Preparation - setup incident notification [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Azure_Security_Benchmark_v2.0 IR-3 Azure_Security_Benchmark_v2.0_IR-3 Azure Security Benchmark IR-3 Detection and analysis - create incidents based on high quality alerts [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v2.0 IR-5 Azure_Security_Benchmark_v2.0_IR-5 Azure Security Benchmark IR-5 Detection and analysis - prioritize incidents [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Azure_Security_Benchmark_v2.0 LT-1 Azure_Security_Benchmark_v2.0_LT-1 Azure Security Benchmark LT-1 Enable threat detection for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
523b5cd1-3e23-492f-a539-13118b6d1e3a [Deprecated]: Azure Defender for Kubernetes should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c25d9a16-bc35-4e15-a7e5-9db606bf9ed4 [Deprecated]: Azure Defender for container registries should be enabled Azure_Security_Benchmark_v2.0 LT-2 Azure_Security_Benchmark_v2.0_LT-2 Azure Security Benchmark LT-2 Enable threat detection for Azure identity and access management [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Azure_Security_Benchmark_v2.0 LT-3 Azure_Security_Benchmark_v2.0_LT-3 Azure Security Benchmark LT-3 Enable logging for Azure network activities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7c1b1214-f927-48bf-8882-84f0af6588b1 [Deprecated]: Resource logs in Virtual Machine Scale Sets should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled Azure_Security_Benchmark_v2.0 LT-4 Azure_Security_Benchmark_v2.0_LT-4 Azure Security Benchmark LT-4 Enable logging for Azure resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a3a6ea0c-e018-4933-9ef0-5aaa1501449b Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a4fe33eb-e377-4efb-ab31-0784311bc499 Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring Azure_Security_Benchmark_v2.0 LT-5 Azure_Security_Benchmark_v2.0_LT-5 Azure Security Benchmark LT-5 Centralize security log management and analysis [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services accounts should disable public network access Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Cognitive Services accounts should restrict network access Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Azure_Security_Benchmark_v2.0 NS-1 Azure_Security_Benchmark_v2.0_NS-1 Azure Security Benchmark NS-1 Implement security for internal traffic [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7d092e0a-7acd-40d2-a975-dca21cae48c4 [Deprecated]: Azure Cache for Redis should reside within a virtual network Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers Azure_Security_Benchmark_v2.0 NS-2 Azure_Security_Benchmark_v2.0_NS-2 Azure Security Benchmark NS-2 Connect private networks together [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Azure_Security_Benchmark_v2.0 NS-3 Azure_Security_Benchmark_v2.0_NS-3 Azure Security Benchmark NS-3 Establish private network access to Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
2c89a2e5-7285-40fe-afe0-ae8654b92fab [Deprecated]: SSH access from the Internet should be blocked Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e372f825-a257-4fb8-9175-797a8a8627d6 [Deprecated]: RDP access from the Internet should be blocked Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection Standard should be enabled Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Azure_Security_Benchmark_v2.0 NS-4 Azure_Security_Benchmark_v2.0_NS-4 Azure Security Benchmark NS-4 Protect applications and services from external network attacks [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v2.0 NS-5 Azure_Security_Benchmark_v2.0_NS-5 Azure Security Benchmark NS-5 Deploy intrusion detection/intrusion prevention systems (IDS/IPS) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Azure_Security_Benchmark_v2.0 PA-1 Azure_Security_Benchmark_v2.0_PA-1 Azure Security Benchmark PA-1 Protect and limit highly privileged users [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Azure_Security_Benchmark_v2.0 PA-3 Azure_Security_Benchmark_v2.0_PA-3 Azure Security Benchmark PA-3 Review and reconcile user access regularly [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
10ee2ea2-fb4d-45b8-a7e9-a2e770044cd9 [Deprecated]: Custom subscription owner roles should not exist Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Azure_Security_Benchmark_v2.0 PA-7 Azure_Security_Benchmark_v2.0_PA-7 Azure Security Benchmark PA-7 Follow just enough administration (least privilege principle) [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
eaebaea7-8013-4ceb-9d14-7eb32271373c Function apps should have 'Client Certificates (Incoming client certificates)' enabled Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service apps should have 'Client Certificates (Incoming client certificates)' enabled Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Azure_Security_Benchmark_v2.0 PV-2 Azure_Security_Benchmark_v2.0_PV-2 Azure Security Benchmark PV-2 Sustain secure configurations for Azure services [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Azure_Security_Benchmark_v2.0 PV-4 Azure_Security_Benchmark_v2.0_PV-4 Azure Security Benchmark PV-4 Sustain secure configurations for compute resources [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
5f0f936f-2f01-4bf5-b6be-d423792fa562 Container registry images should have vulnerability findings resolved Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Azure_Security_Benchmark_v2.0 PV-6 Azure_Security_Benchmark_v2.0_PV-6 Azure Security Benchmark PV-6 Perform software vulnerability assessments [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
fb893a29-21bb-418c-a157-e99480ec364c Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Azure_Security_Benchmark_v2.0 PV-7 Azure_Security_Benchmark_v2.0_PV-7 Azure Security Benchmark PV-7 Rapidly and automatically remediate software vulnerabilities [Deprecated]: Azure Security Benchmark v2 (bb522ac1-bc39-4957-b194-429bcd3bcb0b)
1d84d5fb-01f6-4d12-ba4f-4a26081d403d Virtual machines should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
37e0d2fe-28a5-43d6-a273-67d37d1f5606 Storage accounts should be migrated to new Azure Resource Manager resources Azure_Security_Benchmark_v3.0 AM-2 Azure_Security_Benchmark_v3.0_AM-2 Microsoft cloud security benchmark AM-2 Use only approved services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
123a3936-f020-408a-ba0c-47873faf1534 Allowlist rules in your adaptive application control policy should be updated Azure_Security_Benchmark_v3.0 AM-5 Azure_Security_Benchmark_v3.0_AM-5 Microsoft cloud security benchmark AM-5 Use only approved applications in virtual machine Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines Azure_Security_Benchmark_v3.0 AM-5 Azure_Security_Benchmark_v3.0_AM-5 Microsoft cloud security benchmark AM-5 Use only approved applications in virtual machine Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v3.0 BR-1 Azure_Security_Benchmark_v3.0_BR-1 Microsoft cloud security benchmark BR-1 Ensure regular automated backups Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
013e242c-8828-4970-87b3-ab247555486d Azure Backup should be enabled for Virtual Machines Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
48af4db5-9b8b-401c-8e74-076be876a430 Geo-redundant backup should be enabled for Azure Database for PostgreSQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82339799-d096-41ae-8538-b108becf0970 Geo-redundant backup should be enabled for Azure Database for MySQL Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0ec47710-77ff-4a3d-9181-6aa50af424d0 Geo-redundant backup should be enabled for Azure Database for MariaDB Azure_Security_Benchmark_v3.0 BR-2 Azure_Security_Benchmark_v3.0_BR-2 Microsoft cloud security benchmark BR-2 Protect backup and recovery data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 [Preview]: Microsoft Defender for APIs should be enabled Azure_Security_Benchmark_v3.0 DP-1 Azure_Security_Benchmark_v3.0_DP-1 Microsoft cloud security benchmark DP-1 Discover, classify, and label sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 [Preview]: Microsoft Defender for APIs should be enabled Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v3.0 DP-2 Azure_Security_Benchmark_v3.0_DP-2 Microsoft cloud security benchmark DP-2 Monitor anomalies and threats targeting sensitive data Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
399b2637-a50f-4f95-96f8-3a145476eb15 Function apps should require FTPS only Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4d24b6d4-5e53-4a4f-a7f4-618fa573ee4b App Service apps should require FTPS only Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1a5b4dca-0b6f-4cf5-907c-56316bc1bf3d Kubernetes clusters should be accessible only over HTTPS Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows web servers should be configured to use secure communication protocols Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d158790f-bfb0-486c-8631-2dc6b4e8e6af Enforce SSL connection should be enabled for PostgreSQL database servers Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e802a67a-daf5-4436-9ea6-f6d821dd0c5d Enforce SSL connection should be enabled for MySQL database servers Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ee7495e7-3ba7-40b6-bfee-c29e22cc75d4 API Management APIs should use only encrypted protocols Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version Azure_Security_Benchmark_v3.0 DP-3 Azure_Security_Benchmark_v3.0_DP-3 Microsoft cloud security benchmark DP-3 Encrypt sensitive data in transit Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2158ddbe-fefa-408e-b43f-d4faef8ff3b8 Synapse Workspaces should use only Azure Active Directory identities for authentication Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
40e85574-ef33-47e8-a854-7a65c7500560 Azure MySQL flexible server should have Azure Active Directory Only Authentication enabled Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3657f5a0-770e-44a3-b44e-9431ba1e9735 Automation account variables should be encrypted Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
78215662-041e-49ed-a9dd-5385911b3a1f Azure SQL Managed Instance should have Azure Active Directory Only Authentication enabled Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
617c02be-7f02-4efd-8836-3180d47b6c68 Service Fabric clusters should have the ClusterProtectionLevel property set to EncryptAndSign Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca88aadc-6e2b-416c-9de2-5a0f01d1693f [Preview]: Linux virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abda6d70-9778-44e7-84a8-06713e6db027 Azure SQL Database should have Azure Active Directory Only Authentication enabled Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
146412e9-005c-472b-9e48-c87b72ac229e An Azure Active Directory administrator should be provisioned for MySQL servers Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4dec045-250a-48c2-b5cc-e0c4eec8b5b4 An Azure Active Directory administrator should be provisioned for PostgreSQL servers Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3dc5edcd-002d-444c-b216-e123bbfa37c0 [Preview]: Windows virtual machines should enable Azure Disk Encryption or EncryptionAtHost. Azure_Security_Benchmark_v3.0 DP-4 Azure_Security_Benchmark_v3.0_DP-4 Microsoft cloud security benchmark DP-4 Enable data at rest encryption by default Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
18adea5e-f416-4d0f-8aa8-d24321e3e274 PostgreSQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ba769a63-b8cc-4b2d-abf6-ac33c7204be8 Azure Machine Learning workspaces should be encrypted with a customer-managed key Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5b9159ae-1701-4a6f-9a7a-aa9c8ddd0580 Container registries should be encrypted with a customer-managed key Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6fac406b-40ca-413b-bf8e-0bf964659c25 Storage accounts should use customer-managed key for encryption Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f905d99-2ab7-462c-a6b0-f709acca6c8f Azure Cosmos DB accounts should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
67121cc7-ff39-4ab8-b7e3-95b84dab487d Cognitive Services accounts should enable data encryption with a customer-managed key Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac01ad65-10e5-46df-bdd9-6b0cad13e1d2 SQL managed instances should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83cef61d-dbd1-4b20-a4fc-5fbc7da10833 MySQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a370ff3-6cab-4e85-8995-295fd854c5b8 SQL servers should use customer-managed keys to encrypt data at rest Azure_Security_Benchmark_v3.0 DP-5 Azure_Security_Benchmark_v3.0_DP-5 Microsoft cloud security benchmark DP-5 Use customer-managed key option in data at rest encryption when required Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
98728c90-32c7-4049-8429-847dc0f4fe37 Key Vault secrets should have an expiration date Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
152b15f7-8e1f-4c1f-ab71-8c010ba5dbc0 Key Vault keys should have an expiration date Azure_Security_Benchmark_v3.0 DP-6 Azure_Security_Benchmark_v3.0_DP-6 Microsoft cloud security benchmark DP-6 Use a secure key management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a075868-4c26-42ef-914c-5bc007359560 [Preview]: Certificates should have the specified maximum validity period Azure_Security_Benchmark_v3.0 DP-7 Azure_Security_Benchmark_v3.0_DP-7 Microsoft cloud security benchmark DP-7 Use a secure certificate management process Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b60c0b2-2dc2-4e1c-b5c9-abbed971de53 Key vaults should have deletion protection enabled Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1e66c121-a66a-4b1f-9b83-0fd99bf0fc2d Key vaults should have soft delete enabled Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Azure_Security_Benchmark_v3.0 DP-8 Azure_Security_Benchmark_v3.0_DP-8 Microsoft cloud security benchmark DP-8 Ensure security of key and certificate repository Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0fc39691-5a3f-4e3e-94ee-2e6447309ad9 Running container images should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5f0f936f-2f01-4bf5-b6be-d423792fa562 Container registry images should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Container registry images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) Azure_Security_Benchmark_v3.0 DS-6 Azure_Security_Benchmark_v3.0_DS-6 Microsoft cloud security benchmark DS-6 Enforce security of workload throughout DevOps lifecycle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v3.0 ES-1 Azure_Security_Benchmark_v3.0_ES-1 Microsoft cloud security benchmark ES-1 Use Endpoint Detection and Response (EDR) Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f7c564c-0a90-4d44-b7e1-9d456cffaee8 Endpoint protection should be installed on your machines Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Azure_Security_Benchmark_v3.0 ES-2 Azure_Security_Benchmark_v3.0_ES-2 Microsoft cloud security benchmark ES-2 Use modern anti-malware software Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8e42c1f2-a2ab-49bc-994a-12bcd0dc4ac2 Endpoint protection health issues should be resolved on your machines Azure_Security_Benchmark_v3.0 ES-3 Azure_Security_Benchmark_v3.0_ES-3 Microsoft cloud security benchmark ES-3 Ensure anti-malware software and signatures are updated Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e96a9a5f-07ca-471b-9bc5-6a0f33cbd68f Azure Machine Learning Computes should have local authentication methods disabled Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5450f5bd-9c72-4390-a9c4-a7aba4edfdd2 Cosmos DB database accounts should have local authentication methods disabled Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers Azure_Security_Benchmark_v3.0 IM-1 Azure_Security_Benchmark_v3.0_IM-1 Microsoft cloud security benchmark IM-1 Use centralized identity and authentication system Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0da106f2-4ca3-48e8-bc85-c638fe6aea8f Function apps should use managed identity Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2b9ad585-36bc-4615-b300-fd4435808332 App Service apps should use managed identity Azure_Security_Benchmark_v3.0 IM-3 Azure_Security_Benchmark_v3.0_IM-3 Microsoft cloud security benchmark IM-3 Manage application identities securely and automatically Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c15dcc82-b93c-4dcb-9332-fbf121685b54 API Management calls to API backends should be authenticated Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
92bb331d-ac71-416a-8c91-02f2cb734ce4 API Management calls to API backends should not bypass certificate thumbprint or name validation Azure_Security_Benchmark_v3.0 IM-4 Azure_Security_Benchmark_v3.0_IM-4 Microsoft cloud security benchmark IM-4 Authenticate server and services Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
630c64f9-8b6b-4c64-b511-6544ceff6fd6 Authentication to Linux machines should require SSH keys Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled Azure_Security_Benchmark_v3.0 IM-6 Azure_Security_Benchmark_v3.0_IM-6 Microsoft cloud security benchmark IM-6 Use strong authentication controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f1cc7827-022c-473e-836e-5a51cae0b249 API Management secret named values should be stored in Azure Key Vault Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher Azure_Security_Benchmark_v3.0 IM-8 Azure_Security_Benchmark_v3.0_IM-8 Microsoft cloud security benchmark IM-8 Restrict the exposure of credential and secrets Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled Azure_Security_Benchmark_v3.0 IR-2 Azure_Security_Benchmark_v3.0_IR-2 Microsoft cloud security benchmark IR-2 Preparation - setup incident notification Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bdc59948-5574-49b3-bb91-76b7c986428d Azure Defender for DNS should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 [Preview]: Microsoft Defender for APIs should be enabled Azure_Security_Benchmark_v3.0 IR-3 Azure_Security_Benchmark_v3.0_IR-3 Microsoft cloud security benchmark IR-3 Detection and analysis - create incidents based on high-quality alerts Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b6e2945c-0b7b-40f5-9233-7a5323b5cdc6 Network Watcher should be enabled Azure_Security_Benchmark_v3.0 IR-4 Azure_Security_Benchmark_v3.0_IR-4 Microsoft cloud security benchmark IR-4 Detection and analysis - investigate an incident Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 [Preview]: Microsoft Defender for APIs should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bdc59948-5574-49b3-bb91-76b7c986428d Azure Defender for DNS should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v3.0 IR-5 Azure_Security_Benchmark_v3.0_IR-5 AMicrosoft cloud security benchmark IR-5 Detection and analysis - prioritize incidents Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7926a6d1-b268-4586-8197-e8ae90c877d7 [Preview]: Microsoft Defender for APIs should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bdc59948-5574-49b3-bb91-76b7c986428d Azure Defender for DNS should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v3.0 LT-1 Azure_Security_Benchmark_v3.0_LT-1 Microsoft cloud security benchmark LT-1 Enable threat detection capabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a9fbe0d-c5c4-4da8-87d8-f4fd77338835 Azure Defender for open-source relational databases should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a1840de2-8088-4ea8-b153-b4c723e9cb01 Azure Kubernetes Service clusters should have Defender profile enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3d20c29-b36d-48fe-808b-99a87530ad99 Azure Defender for Resource Manager should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bdc59948-5574-49b3-bb91-76b7c986428d Azure Defender for DNS should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1f90fc71-a595-4066-8974-d4d0802e8ef0 Microsoft Defender CSPM should be enabled Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
938c4981-c2c9-4168-9cd6-972b8675f906 Microsoft Defender for SQL status should be protected for Arc-enabled SQL Servers Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bed48b13-6647-468e-aa2f-1af1d3f4dd40 Windows Defender Exploit Guard should be enabled on your machines Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8dfab9c4-fe7b-49ad-85e4-1e9be085358f [Preview]: Azure Arc enabled Kubernetes clusters should have Microsoft Defender for Cloud extension installed Azure_Security_Benchmark_v3.0 LT-2 Azure_Security_Benchmark_v3.0_LT-2 Microsoft cloud security benchmark LT-2 Enable threat detection for identity and access management Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
91a78b24-f231-4a8a-8da9-02c35b2b6510 App Service apps should have resource logs enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
138ff14d-b687-4faa-a81c-898c91a87fa2 Resource logs in Azure Databricks Workspaces should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
afe0c3be-ba3b-4544-ba52-0c99672a8ad6 Resource logs in Azure Machine Learning Workspaces should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c95c74d9-38fe-4f0d-af86-0c7d626a315c Resource logs in Data Lake Analytics should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
428256e6-1fac-4f48-a757-df34c2b3336d Resource logs in Batch accounts should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b4330a05-a843-4bc8-bf9a-cacce50c67f4 Resource logs in Search services should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f8d36e2f-389b-4ee4-898d-21aeb69a0f45 Resource logs in Service Bus should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9be5368-9bf5-4b84-9e0a-7850da98bb46 Resource logs in Azure Stream Analytics should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34f95f76-5386-4de7-b824-0d8478470c9d Resource logs in Logic Apps should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
83a214f7-d01a-484b-91a9-ed54470c9a6a Resource logs in Event Hub should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
383856f8-de7f-44a2-81fc-e5135b5c2aa4 Resource logs in IoT Hub should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
057ef27e-665e-4328-8ea3-04b3122bd9fb Resource logs in Azure Data Lake Store should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cf820ca0-f99e-4f3e-84fb-66e913812d21 Resource logs in Key Vault should be enabled Azure_Security_Benchmark_v3.0 LT-3 Azure_Security_Benchmark_v3.0_LT-3 Microsoft cloud security benchmark LT-3 Enable logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
04c4380f-3fae-46e8-96c9-30193528f602 [Preview]: Network traffic data collection agent should be installed on Linux virtual machines Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2f2ee1de-44aa-4762-b6bd-0893fc3f306d [Preview]: Network traffic data collection agent should be installed on Windows virtual machines Azure_Security_Benchmark_v3.0 LT-4 Azure_Security_Benchmark_v3.0_LT-4 Microsoft cloud security benchmark LT-4 Enable network logging for security investigation Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1e7fed80-8321-4605-b42c-65fc300f23a3 Linux machines should have Log Analytics agent installed on Azure Arc Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a3a6ea0c-e018-4933-9ef0-5aaa1501449b Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a4fe33eb-e377-4efb-ab31-0784311bc499 Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d69b1763-b96d-40b8-a2d9-ca31e9fd0d3e [Preview]: Log Analytics extension should be installed on your Windows Azure Arc machines Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
842c54e8-c2f9-4d79-ae8d-38d8b8019373 [Preview]: Log Analytics extension should be installed on your Linux Azure Arc machines Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4078e558-bda6-41fb-9b3c-361e8875200d Windows machines should have Log Analytics agent installed on Azure Arc Azure_Security_Benchmark_v3.0 LT-5 Azure_Security_Benchmark_v3.0_LT-5 Microsoft cloud security benchmark LT-5 Centralize security log management and analysis Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
89099bee-89e0-4b26-a5f4-165451757743 SQL servers with auditing to storage account destination should be configured with 90 days retention or higher Azure_Security_Benchmark_v3.0 LT-6 Azure_Security_Benchmark_v3.0_LT-6 Microsoft cloud security benchmark LT-6 Configure log storage retention Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f6de0be7-9a8a-4b8a-b349-43cf02d22f7c Internet-facing virtual machines should be protected with network security groups Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bb91dfba-c30d-4263-9add-9c2384e659a6 Non-internet-facing virtual machines should be protected with network security groups Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e71308d3-144b-4262-b144-efdc3cc90517 Subnets should be associated with a Network Security Group Azure_Security_Benchmark_v3.0 NS-1 Azure_Security_Benchmark_v3.0_NS-1 Microsoft cloud security benchmark NS-1 Establish network segmentation boundaries Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bdc59948-5574-49b3-bb91-76b7c986428d Azure Defender for DNS should be enabled Azure_Security_Benchmark_v3.0 NS-10 Azure_Security_Benchmark_v3.0_NS-10 Microsoft cloud security benchmark NS-10 Ensure Domain Name System (DNS) security Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef619a2c-cc4d-4d03-b2ba-8c94a834d85b API Management services should use a virtual network Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9830b652-8523-49cc-b1b3-e17dce1127ca Azure Event Grid domains should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8eef0a8-67cf-4eb4-9386-14b0e78733d4 Container registries should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
45e05259-1eb5-4f70-9574-baf73e9d219b Azure Machine Learning workspaces should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fdccbe47-f3e3-4213-ad5d-ea459b2fa077 Public network access should be disabled for MariaDB servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d9844e8a-1437-4aeb-a32c-0c992f056095 Public network access should be disabled for MySQL servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4fa4b6c0-31ca-4c0d-b10d-24b96f62a751 [Preview]: Storage account public access should be disallowed Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b52376f7-9612-48a1-81cd-1ffe4b61032c Public network access should be disabled for PostgreSQL servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2154edb9-244f-4741-9970-660785bccdaa VM Image Builder templates should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
55615ac9-af46-4a59-874e-391cc3dfb490 Azure Key Vault should have firewall enabled Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a6abeaec-4d90-4a02-805f-6b26c4d3fbe9 Azure Key Vaults should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df73bd95-24da-4a4f-96b9-4e8b94b402bd API Management should disable public network access to the service configuration endpoints Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0564d078-92f5-4f97-8398-b9f58a51f70b Private endpoint should be enabled for PostgreSQL servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
af35e2a4-ef96-44e7-a9ae-853dd97032c4 Azure Spring Cloud should use network injection Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
258823f2-4595-4b52-b333-cc96192710d8 Azure Databricks Workspaces should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d0793b48-0edc-4296-a390-4c75d1bdfd71 Container registries should not allow unrestricted network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6edd7eda-6dd8-40f7-810d-67160c639cd9 Storage accounts should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2a1a9cdf-e04d-429a-8416-3bfb72a1b26f Storage accounts should restrict network access using virtual network rules Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7803067c-7d34-46e3-8c79-0ca68fc4036d Azure Cache for Redis should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7698e800-9299-47a6-b3b6-5a0fee576eed Private endpoint connections on Azure SQL Database should be enabled Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b8ca024-1d5c-4dec-8995-b1a932b41780 Public network access on Azure SQL Database should be disabled Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9c25c9e4-ee12-4882-afd2-11fb9d87893f Azure Databricks Workspaces should be in a virtual network Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
51c1490f-3319-459c-bbbc-7f391bbed753 Azure Databricks Clusters should disable public IP Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e7849de-b939-4c50-ab48-fc6b0f5eeba2 Azure Databricks Workspaces should disable public network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7595c971-233d-4bcf-bd18-596129188c49 Private endpoint should be enabled for MySQL servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
7804b5c7-01dc-4723-969b-ae300cc07ff1 Azure Machine Learning Computes should be in a virtual network Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
037eea7a-bd0a-46c5-9a66-03aea78705d3 Cognitive Services accounts should restrict network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
438c38d2-3772-465a-a9cc-7a6666a275ce Azure Machine Learning Workspaces should disable public network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
862e97cf-49fc-4a5c-9de4-40d4e2e7c8eb Azure Cosmos DB accounts should have firewall rules Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0725b4dd-7e76-479c-a735-68e7ee23d5ca Cognitive Services accounts should disable public network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a1302fb-a631-4106-9753-f3d494733990 Private endpoint should be enabled for MariaDB servers Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ca610c1d-041c-4332-9d88-7ed3094967c7 App Configuration should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
2393d2cf-a342-44cd-a2e2-fe0188fd1234 Azure SignalR Service should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e246bcf-5f6f-4f87-bc6f-775d4712c7ea Authorized IP ranges should be defined on Kubernetes Services Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4b90e17e-8448-49db-875e-bd83fb6f804f Azure Event Grid topics should use private link Azure_Security_Benchmark_v3.0 NS-2 Azure_Security_Benchmark_v3.0_NS-2 Microsoft cloud security benchmark NS-2 Secure cloud services with network controls Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc5e4038-4584-4632-8c85-c0448d374b2c [Preview]: All Internet traffic should be routed via your deployed Azure Firewall Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd352bd5-2853-4985-bf0d-73806b4a5744 IP Forwarding on your virtual machine should be disabled Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
22730e10-96f6-4aac-ad84-9383d35b5917 Management ports should be closed on your virtual machines Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v3.0 NS-3 Azure_Security_Benchmark_v3.0_NS-3 Microsoft cloud security benchmark NS-3 Deploy firewall at the edge of enterprise network Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection Standard should be enabled Azure_Security_Benchmark_v3.0 NS-5 Azure_Security_Benchmark_v3.0_NS-5 Microsoft cloud security benchmark NS-5 Deploy DDOS protection Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
564feb30-bf6a-4854-b4bb-0d2d2d1e6c66 Web Application Firewall (WAF) should be enabled for Application Gateway Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
055aa869-bc98-4af8-bafc-23f1ab6ffe2c Azure Web Application Firewall should be enabled for Azure Front Door entry-points Azure_Security_Benchmark_v3.0 NS-6 Azure_Security_Benchmark_v3.0_NS-6 Microsoft cloud security benchmark NS-6 Deploy web application firewall Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines Azure_Security_Benchmark_v3.0 NS-7 Azure_Security_Benchmark_v3.0_NS-7 Microsoft cloud security benchmark NS-7 Simplify network security configuration Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f0e6e85b-9b9f-4a4b-b67b-f730d42f1b0b App Service apps should use the latest TLS version Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f9d614c5-c173-4d56-95a7-b4437057d193 Function apps should use the latest TLS version Azure_Security_Benchmark_v3.0 NS-8 Azure_Security_Benchmark_v3.0_NS-8 Microsoft cloud security benchmark NS-8 Detect and disable insecure services and protocols Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription Azure_Security_Benchmark_v3.0 PA-1 Azure_Security_Benchmark_v3.0_PA-1 Microsoft cloud security benchmark PA-1 Separate and limit highly privileged/administrative users Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control Azure_Security_Benchmark_v3.0 PA-2 Azure_Security_Benchmark_v3.0_PA-2 Microsoft cloud security benchmark PA-2 Avoid standing access for accounts and permissions Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed Azure_Security_Benchmark_v3.0 PA-4 Azure_Security_Benchmark_v3.0_PA-4 Microsoft cloud security benchmark PA-4 Review and reconcile user access regularly Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a451c1ef-c6ca-483d-87ed-f49761e3ffb5 Audit usage of custom RBAC roles Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3aa03346-d8c5-4994-a5bc-7652c2a2aef1 API Management subscriptions should not be scoped to all APIs Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ac4a19c2-fa67-49b4-8ae5-0b2e78c49457 Role-Based Access Control (RBAC) should be used on Kubernetes Services Azure_Security_Benchmark_v3.0 PA-7 Azure_Security_Benchmark_v3.0_PA-7 Microsoft cloud security benchmark PA-7 Follow just enough administration (least privilege) principle Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
febd0533-8e55-448f-b837-bd0e06f16469 Kubernetes cluster containers should only use allowed images Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f06ddb64-5fa3-4b77-b166-acb36f7f6042 Kubernetes cluster pods and containers should only run with approved user and group IDs Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e345eecc-fa47-480f-9e88-67dcc122b164 Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
13cd7ae3-5bc0-4ac4-a62d-4f7c120b9759 [Preview]: Kubernetes clusters should gate deployment of vulnerable images Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
098fc59e-46c7-4d99-9b16-64990e543d75 Kubernetes cluster pod hostPath volumes should only use allowed host paths Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
82985f06-dc18-4a48-bc1c-b9f4f0098cfe Kubernetes cluster pods should only use approved host network and port range Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
233a2a17-77ca-4fb1-9b6b-69223d272a44 Kubernetes cluster services should listen only on allowed ports Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
511f5417-5d12-434d-ab2e-816901e72a5e Kubernetes cluster containers should only use allowed AppArmor profiles Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c26596ff-4d70-4e6a-9a30-c2506bd2f80c Kubernetes cluster containers should only use allowed capabilities Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
df49d893-a74c-421d-bc95-c663042e5b80 Kubernetes cluster containers should run with a read only root file system Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
95edb821-ddaf-4404-9732-666045e056b4 Kubernetes cluster should not allow privileged containers Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0820b7b9-23aa-4725-a1ce-ae4558f718e5 Function apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0a15ec92-a229-4763-bb14-0ea34a568f8d Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6b2122c1-8120-4ff5-801b-17625a355590 Azure Arc enabled Kubernetes clusters should have the Azure Policy extension installed Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c6e92c9-99f0-4e55-9cf2-0c234dc48f99 Kubernetes clusters should not allow container privilege escalation Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8 Kubernetes cluster containers should not share host process ID or host IPC namespace Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
423dd1ba-798e-40e4-9c4d-b6902674b423 Kubernetes clusters should disable automounting API credentials Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
549814b6-3212-4203-bdc8-1548d342fb67 API Management minimum API version should be set to 2019-12-01 or higher Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
b741306c-968e-4b67-b916-5675e5c709f4 API Management direct management endpoint should not be enabled Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d2e7ea85-6b44-4317-a0be-1b951587f626 Kubernetes clusters should not grant CAP_SYS_ADMIN security capabilities Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
9f061a12-e40d-4183-a00e-171812443373 Kubernetes clusters should not use the default namespace Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f110a506-2dcb-422e-bcea-d533fc8c35e2 Azure Machine Learning compute instances should be recreated to get the latest software updates Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
eaebaea7-8013-4ceb-9d14-7eb32271373c Function apps should have 'Client Certificates (Incoming client certificates)' enabled Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5bb220d9-2698-4ee4-8404-b9c30c9df609 App Service apps should have 'Client Certificates (Incoming client certificates)' enabled Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off Azure_Security_Benchmark_v3.0 PV-2 Azure_Security_Benchmark_v3.0_PV-2 Microsoft cloud security benchmark PV-2 Audit and enforce secure configurations Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f655e522-adff-494d-95c2-52d4f6d56a42 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines scale sets Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
a21f8c92-9e22-4f09-b759-50500d1d2dda [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines scale sets Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
672fe5a1-2fcd-42d7-b85d-902b6e28c6ff [Preview]: Guest Attestation extension should be installed on supported Linux virtual machines Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
97566dd7-78ae-4997-8b36-1c7bfe0d8121 [Preview]: Secure Boot should be enabled on supported Windows virtual machines Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1c30f9cd-b84c-49cc-aa2c-9288447cc3b3 [Preview]: vTPM should be enabled on supported virtual machines Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
72650e9f-97bc-4b2a-ab5f-9781a9fcecbc Windows machines should meet requirements of the Azure compute security baseline Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
d26f7642-7545-4e18-9b75-8c9bbdee3a9a Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ae89ebca-1c92-4898-ac2c-9f63decb045c Guest Configuration extension should be installed on your machines Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1cb4d9c2-f88f-4069-bee0-dba239a57b09 [Preview]: Guest Attestation extension should be installed on supported Windows virtual machines Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fc9b3da7-8347-4380-8e70-0a0361d8dedd Linux machines should meet requirements for the Azure compute security baseline Azure_Security_Benchmark_v3.0 PV-4 Azure_Security_Benchmark_v3.0_PV-4 Microsoft cloud security benchmark PV-4 Audit and enforce secure configurations for compute resources Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
1b7aa243-30e4-4c9e-bca8-d0d3022b634a Vulnerability assessment should be enabled on SQL Managed Instance Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
ef2a8f2a-b3d9-49cd-a8a8-9a3aaaf647d9 Vulnerability assessment should be enabled on your SQL servers Azure_Security_Benchmark_v3.0 PV-5 Azure_Security_Benchmark_v3.0_PV-5 Microsoft cloud security benchmark PV-5 Perform vulnerability assessments Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
f85bf3e0-d513-442e-89c3-1784ad63382b [Preview]: System updates should be installed on your machines (powered by Update Center) Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
bd876905-5b84-4f73-ab2d-2e7a7c4568d9 [Preview]: Machines should be configured to periodically check for missing system updates Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
e8cbc669-f12d-49eb-93e7-9273119e9933 Vulnerabilities in container security configurations should be remediated Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
5f0f936f-2f01-4bf5-b6be-d423792fa562 Container registry images should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
6ba6d016-e7c3-4842-b8f2-4992ebc0d72d SQL servers on machines should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
0fc39691-5a3f-4e3e-94ee-2e6447309ad9 Running container images should have vulnerability findings resolved Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
090c7b07-b4ed-4561-ad20-e9075f3ccaff Container registry images should have vulnerability findings resolved (powered by Microsoft Defender Vulnerability Management) Azure_Security_Benchmark_v3.0 PV-6 Azure_Security_Benchmark_v3.0_PV-6 Microsoft cloud security benchmark PV-6 Rapidly and automatically remediate vulnerabilities Microsoft cloud security benchmark (1f3afdf9-d0c9-4c3d-847f-89da613e70a8)
fb97d6e1-5c98-4743-a439-23e0977bad9e [Preview]: Boot Diagnostics should be enabled on virtual machines Boot Diagnostics Boot Diagnostics 404 not found [Preview]: Audit configuration against Automanage Best Practices (c138fd1a-e08f-4318-9490-d11ef2c2f9c1)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
ea53dbee-c6c9-4f0e-9f9e-de0039b78023 Audit Linux machines that allow remote connections from accounts without passwords CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
cb510bfd-1cba-4d9f-a230-cb0976f4bb71 App Service apps should have remote debugging turned off CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0e60b895-3786-45da-8377-9c6b4b6ac5f9 Function apps should have remote debugging turned off CCCS AC-17(1) CCCS_AC-17(1) CCCS AC-17(1) Remote Access | Automated Monitoring / Control Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
8d7e1fde-fe26-4b5f-8108-f8e432cbc2be Blocked accounts with read and write permissions on Azure resources should be removed CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0cfea604-3201-4e14-88fc-fae4c427a6c5 Blocked accounts with owner permissions on Azure resources should be removed CCCS AC-2 CCCS_AC-2 CCCS AC-2 Account Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b54ed75b-3e1a-44ac-a333-05ba39b99ff0 Service Fabric clusters should only use Azure Active Directory for client authentication CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
1f314764-cb73-4fc9-b863-8eca98ac36e9 An Azure Active Directory administrator should be provisioned for SQL servers CCCS AC-2(7) CCCS_AC-2(7) CCCS AC-2(7) Account Management | Role-Based Schemes Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5744710e-cc2f-4ee8-8809-3b11e89f4bc9 App Service apps should not have CORS configured to allow every resource to access your apps CCCS AC-4 CCCS_AC-4 CCCS AC-4 Information Flow Enforcement Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities CCCS AC-5 CCCS_AC-5 CCCS AC-5 Separation of Duties Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4f11b553-d42e-4e3a-89be-32ca364cad4c A maximum of 3 owners should be designated for your subscription CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
09024ccc-0c5f-475e-9457-b7c0d9ed487b There should be more than one owner assigned to your subscription CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
69bf4abd-ca1e-4cf6-8b5a-762d42e61d4f Audit Windows machines that have the specified members in the Administrators group CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
30f71ea1-ac77-4f26-9fc5-2d926bbd4ba7 Audit Windows machines missing any of specified members in the Administrators group CCCS AC-6 CCCS_AC-6 CCCS AC-6 Least Privilege Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled CCCS AU-12 CCCS_AU-12 CCCS AU-12 Audit Generation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images CCCS AU-3 CCCS_AU-3 CCCS AU-3 Content of Audit Records Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7f89b1eb-583c-429a-8828-af049802c1d9 Audit diagnostic setting for selected resource types CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers CCCS AU-5 CCCS_AU-5 CCCS AU-5 Response to Audit Processing Failures Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines CCCS CM-11 CCCS_CM-11 CCCS CM-11 User-Installed Software Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines CCCS CM-7(5) CCCS_CM-7(5) CCCS CM-7(5) Least Functionality | Authorized Software / Whitelisting Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0015ea4d-51ff-4ce3-8d8c-f3f8f0179a56 Audit virtual machines without disaster recovery configured CCCS CP-7 CCCS_CP-7 CCCS CP-7 Alternative Processing Site Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled CCCS IA-2(1) CCCS_IA-2(1) CCCS IA-2(1) Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled CCCS IA-2(1) CCCS_IA-2(1) CCCS IA-2(1) Identification and Authentication (Organizational Users) | Network Access to Privileged Accounts Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e6955644-301c-44b5-a4c4-528577de6861 Audit Linux machines that do not have the passwd file permissions set to 0644 CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
331e8ea8-378a-410f-a2e5-ae22f38bb0da Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f6ec09a3-78bf-4f8f-99dc-6c77182d0f99 Audit Linux machines that have accounts without passwords CCCS IA-5 CCCS_IA-5 CCCS IA-5 Authenticator Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
497dff13-db2a-4c0f-8603-28fa3b331ab6 Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3cf2ab00-13f1-4d0c-8971-2ac904541a7e Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a2d0e922-65d0-40c4-8f87-ea6da2d307a2 Audit Windows machines that do not restrict the minimum password length to specified number of characters CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
bf16e0bb-31e1-4646-8202-60a235cc7e74 Audit Windows machines that do not have the password complexity setting enabled CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
237b38db-ca4d-4259-9e47-7882441ca2c0 Audit Windows machines that do not have the minimum password age set to specified number of days CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
4ceb8dc2-559c-478b-a15b-733fbf1e3738 Audit Windows machines that do not have the maximum password age set to specified number of days CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
385f5831-96d4-41db-9a3c-cd3af78aaae6 Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5b054a0d-39e2-4d53-bea3-9734cad2c69b Audit Windows machines that allow re-use of the passwords after the specified number of unique passwords CCCS IA-5(1) CCCS_IA-5(1) CCCS IA-5(1) Authenticator Management | Password-Based Authentication Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers CCCS RA-5 CCCS_RA-5 CCCS RA-5 Vulnerability Scanning Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances CCCS SC-28 CCCS_SC-28 CCCS SC-28 Protection of Information at Rest Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a7aca53f-2ed4-4466-a25e-0b45ade68efd Azure DDoS Protection Standard should be enabled CCCS SC-5 CCCS_SC-5 CCCS SC-5 Denial of Service Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
34c877ad-507e-4c82-993e-3452a6e0ad3c Storage accounts should restrict network access CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
08e6af2d-db70-460a-bfe9-d5bd474ba9d6 Adaptive network hardening recommendations should be applied on internet facing virtual machines CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
9daedab3-fb2d-461e-b861-71790eead4f6 All network ports should be restricted on network security groups associated to your virtual machine CCCS SC-7 CCCS_SC-7 CCCS SC-7 Boundary Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control CCCS SC-7(3) CCCS_SC-7(3) CCCS SC-7(3) Boundary Protection | Access Points Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control CCCS SC-7(4) CCCS_SC-7(4) CCCS SC-7(4) Boundary Protection | External Telecommunications Services Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
22bee202-a82f-4305-9a2a-6d7f44d4dedb Only secure connections to your Azure Cache for Redis should be enabled CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
404c3081-a854-4457-ae30-26a93ef643f9 Secure transfer to storage accounts should be enabled CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
a4af4a39-4135-47fb-b175-47fbdf85311d App Service apps should only be accessible over HTTPS CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
6d555dd1-86f2-4f1c-8ed7-5abae7c6cbab Function apps should only be accessible over HTTPS CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5752e6d6-1206-46d8-8ab1-ecc2f71a8112 Windows web servers should be configured to use secure communication protocols CCCS SC-8(1) CCCS_SC-8(1) CCCS SC-8(1) Transmission Confidentiality and Integrity | Cryptographic or Alternate Physical Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
feedbf84-6b99-488c-acc2-71c829aa5ffc SQL databases should have vulnerability findings resolved CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
c3f317a7-a95c-4547-b7e7-11017ebdf2fe System updates on virtual machine scale sets should be installed CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
3c735d8a-a4ba-4a3a-b7cf-db7754cf57f4 Vulnerabilities in security configuration on your virtual machine scale sets should be remediated CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines CCCS SI-2 CCCS_SI-2 CCCS SI-2 Flaw Remediation Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets CCCS SI-3 CCCS_SI-3 CCCS SI-3 Malicious Code Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center CCCS SI-3 CCCS_SI-3 CCCS SI-3 Malicious Code Protection Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
26a828e1-e88f-464e-bbb3-c134a282b9de Endpoint protection solution should be installed on virtual machine scale sets CCCS SI-3(1) CCCS_SI-3(1) CCCS SI-3(1) Malicious Code Protection | Central Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center CCCS SI-3(1) CCCS_SI-3(1) CCCS SI-3(1) Malicious Code Protection | Central Management Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
32133ab0-ee4b-4b44-98d6-042180979d50 [Preview]: Log Analytics Extension should be enabled for listed virtual machine images CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb4388-5bf4-4ad7-ba82-2cd2f41ceae9 Azure Defender for SQL should be enabled for unprotected Azure SQL servers CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
f47b5582-33ec-4c5c-87c0-b010a6b2e917 Virtual machines should be connected to a specified workspace CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
5c3bc7b8-a64c-4e08-a9cd-7ff0f31e1138 Log Analytics extension should be enabled in virtual machine scale sets for listed virtual machine images CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
abfb7388-5bf4-4ad7-ba99-2cd2f41cebb9 Azure Defender for SQL should be enabled for unprotected SQL Managed Instances CCCS SI-4 CCCS_SI-4 CCCS SI-4 Information System Monitoring Canada Federal PBMM (4c4a5f27-de81-430b-b4e5-9cbd50595a87)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
931e118d-50a1-4457-a5e4-78550e086c52 Accounts with write permissions on Azure resources should be MFA enabled CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e3e008c3-56b9-4133-8fd7-d3347377402a Accounts with owner permissions on Azure resources should be MFA enabled CIS_Azure_1.1.0 1.1 CIS_Azure_1.1.0_1.1 CIS Microsoft Azure Foundations Benchmark recommendation 1.1 Ensure that multi-factor authentication is enabled for all privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.10 CIS_Azure_1.1.0_1.10 CIS Microsoft Azure Foundations Benchmark recommendation 1.10 Ensure that 'Users can add gallery apps to their Access Panel' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.11 CIS_Azure_1.1.0_1.11 CIS Microsoft Azure Foundations Benchmark recommendation 1.11 Ensure that 'Users can register applications' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CIS_Azure_1.1.0 1.12 CIS_Azure_1.1.0_1.12 CIS Microsoft Azure Foundations Benchmark recommendation 1.12 Ensure that 'Guest user permissions are limited' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CIS_Azure_1.1.0 1.13 CIS_Azure_1.1.0_1.13 CIS Microsoft Azure Foundations Benchmark recommendation 1.13 Ensure that 'Members can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.14 CIS_Azure_1.1.0_1.14 CIS Microsoft Azure Foundations Benchmark recommendation 1.14 Ensure that 'Guests can invite' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
de770ba6-50dd-a316-2932-e0d972eaa734 Require approval for account creation CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
eb1c944e-0e94-647b-9b7e-fdb8d2af0838 Review user groups and applications with access to sensitive data CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
10c4210b-3ec9-9603-050d-77e4d26c7ebb Enforce logical access CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.15 CIS_Azure_1.1.0_1.15 CIS Microsoft Azure Foundations Benchmark recommendation 1.15 Ensure that 'Restrict access to Azure AD administration portal' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.16 CIS_Azure_1.1.0_1.16 CIS Microsoft Azure Foundations Benchmark recommendation 1.16 Ensure that 'Self-service group management enabled' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.17 CIS_Azure_1.1.0_1.17 CIS Microsoft Azure Foundations Benchmark recommendation 1.17 Ensure that 'Users can create security groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.18 CIS_Azure_1.1.0_1.18 CIS Microsoft Azure Foundations Benchmark recommendation 1.18 Ensure that 'Users who can manage security groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.19 CIS_Azure_1.1.0_1.19 CIS Microsoft Azure Foundations Benchmark recommendation 1.19 Ensure that 'Users can create Office 365 groups' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
81b3ccb4-e6e8-4e4a-8d05-5df25cd29fd4 Accounts with read permissions on Azure resources should be MFA enabled CIS_Azure_1.1.0 1.2 CIS_Azure_1.1.0_1.2 CIS Microsoft Azure Foundations Benchmark recommendation 1.2 Ensure that multi-factor authentication is enabled for all non-privileged users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.20 CIS_Azure_1.1.0_1.20 CIS Microsoft Azure Foundations Benchmark recommendation 1.20 Ensure that 'Users who can manage Office 365 groups' is set to 'None' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
dad8a2e9-6f27-4fc2-8933-7e99fe700c9c Authorize remote access CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d492600-27ba-62cc-a1c3-66eb919f6a0d Document remote access guidelines CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
cd36eeec-67e7-205a-4b64-dbfe3b4e3e4e Implement controls to secure alternate work sites CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
518eafdd-08e5-37a9-795b-15a8d798056d Provide privacy training CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
83dfb2b8-678b-20a0-4c44-5c75ada023e6 Document mobility training CIS_Azure_1.1.0 1.22 CIS_Azure_1.1.0_1.22 CIS Microsoft Azure Foundations Benchmark recommendation 1.22 Ensure that 'Require Multi-Factor Auth to join devices' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
bd4dc286-2f30-5b95-777c-681f3a7913d3 Establish and document change control processes CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
03b6427e-6072-4226-4bd9-a410ab65317e Design an access control model CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1bc7fd64-291f-028e-4ed6-6e07886e163f Employ least privilege access CIS_Azure_1.1.0 1.23 CIS_Azure_1.1.0_1.23 CIS Microsoft Azure Foundations Benchmark recommendation 1.23 Ensure that no custom subscription owner roles are created CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
94e1c2ac-cbbe-4cac-a2b5-389c812dee87 Guest accounts with write permissions on Azure resources should be removed CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e9ac8f8e-ce22-4355-8f04-99b911d6be52 Guest accounts with read permissions on Azure resources should be removed CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7805a343-275c-41be-9d62-7215b96212d8 Reassign or remove user privileges as needed CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a830fe9e-08c9-a4fb-420c-6f6bf1702395 Review account provisioning logs CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f96d2186-79df-262d-3f76-f371e3b71798 Review user privileges CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79f081c7-1634-01a1-708e-376197999289 Review user accounts CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
339353f6-2387-4a45-abe4-7f529d121046 Guest accounts with owner permissions on Azure resources should be removed CIS_Azure_1.1.0 1.3 CIS_Azure_1.1.0_1.3 CIS Microsoft Azure Foundations Benchmark recommendation 1.3 Ensure that there are no guest users CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
056a723b-4946-9d2a-5243-3aa27c4d31a1 Satisfy token quality requirements CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7d7a8356-5c34-9a95-3118-1424cfaf192a Adopt biometric authentication mechanisms CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ae5345d5-8dab-086a-7290-db43a3272198 Identify and authenticate network devices CIS_Azure_1.1.0 1.4 CIS_Azure_1.1.0_1.4 CIS Microsoft Azure Foundations Benchmark recommendation 1.4 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed CIS_Azure_1.1.0 1.6 CIS_Azure_1.1.0_1.6 CIS Microsoft Azure Foundations Benchmark recommendation 1.6 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators CIS_Azure_1.1.0 1.7 CIS_Azure_1.1.0_1.7 CIS Microsoft Azure Foundations Benchmark recommendation 1.7 Ensure that 'Notify users on password resets?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ed87d27a-9abf-7c71-714c-61d881889da4 Monitor privileged role assignment CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e714b481-8fac-64a2-14a9-6f079b2501a4 Use privileged identity management CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
32f22cfa-770b-057c-965b-450898425519 Revoke privileged roles as appropriate CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
873895e8-0e3a-6492-42e9-22cd030e9fcd Restrict access to privileged accounts CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
34d38ea7-6754-1838-7031-d7fd07099821 Manage system and admin accounts CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e4b00788-7e1c-33ec-0418-d048508e095b Implement training for protecting authenticators CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
8489ff90-8d29-61df-2d84-f9ab0f4c5e84 Notify when account is not needed CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
48c816c5-2190-61fc-8806-25d6f3df162f Monitor access across the organization CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2cc9c165-46bd-9762-5739-d2aae5ba90a1 Automate account management CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions CIS_Azure_1.1.0 1.8 CIS_Azure_1.1.0_1.8 CIS Microsoft Azure Foundations Benchmark recommendation 1.8 Ensure that 'Notify all admins when other admins reset their password?' is set to 'Yes' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e9324a-7410-0539-0662-2c1e775538b7 Authorize and manage access CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b1666a13-8f67-9c47-155e-69e027ff6823 Enforce mandatory and discretionary access control policies CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
aeed863a-0f56-429f-945d-8bb66bd06841 Authorize access to security functions and information CIS_Azure_1.1.0 1.9 CIS_Azure_1.1.0_1.9 CIS Microsoft Azure Foundations Benchmark recommendation 1.9 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0e6763cc-5078-4e64-889d-ff4d9a839047 Azure Defender for Key Vault should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4da35fc9-c9e7-4960-aec9-797fe7d9051d Azure Defender for servers should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
1c988dd6-ade4-430f-a608-2a3e5b0a6d38 Microsoft Defender for Containers should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
7fe3b40f-802b-4cdd-8bd4-fd799c948cc2 Azure Defender for Azure SQL Database servers should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
308fbb08-4ab8-4e67-9b29-592e93fb94fa Microsoft Defender for Storage (Classic) should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6581d072-105e-4418-827f-bd446d56421b Azure Defender for SQL servers on machines should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2913021d-f2fd-4f3d-b958-22354e2bdbcb Azure Defender for App Service should be enabled CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB CIS_Azure_1.1.0 2.1 CIS_Azure_1.1.0_2.1 CIS Microsoft Azure Foundations Benchmark recommendation 2.1 Ensure that standard pricing tier is selected CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
501541f7-f7e7-4cd6-868c-4190fdad3ac9 A vulnerability assessment solution should be enabled on your virtual machines CIS_Azure_1.1.0 2.10 CIS_Azure_1.1.0_2.10 CIS Microsoft Azure Foundations Benchmark recommendation 2.10 Ensure ASC Default policy setting "Monitor Vulnerability Assessment" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media CIS_Azure_1.1.0 2.11 CIS_Azure_1.1.0_2.11 CIS Microsoft Azure Foundations Benchmark recommendation 2.11 Ensure ASC Default policy setting "Monitor Storage Blob Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86ecd378-a3a0-5d5b-207c-05e6aaca43fc Detect network services that have not been authorized or approved CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b0f33259-77d7-4c9e-aac6-3aabcfae693c Management ports of virtual machines should be protected with just-in-time network access control CIS_Azure_1.1.0 2.12 CIS_Azure_1.1.0_2.12 CIS Microsoft Azure Foundations Benchmark recommendation 2.12 Ensure ASC Default policy setting "Monitor JIT Network Access" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
47a6b606-51aa-4496-8bb7-64b11cf66adc Adaptive application controls for defining safe applications should be enabled on your machines CIS_Azure_1.1.0 2.13 CIS_Azure_1.1.0_2.13 CIS Microsoft Azure Foundations Benchmark recommendation 2.13 Ensure ASC Default policy setting "Monitor Adaptive Application Whitelisting" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a6fb4358-5bf4-4ad7-ba82-2cd2f41ce5e9 Auditing on SQL server should be enabled CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
49c23d9b-02b0-0e42-4f94-e8cef1b8381b Audit user account status CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6625638f-3ba1-7404-5983-0ea33d719d34 Review audit data CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
f26af0b1-65b6-689a-a03f-352ad2d00f98 Audit privileged functions CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2f67e567-03db-9d1f-67dc-b6ffb91312f4 Determine auditable events CIS_Azure_1.1.0 2.14 CIS_Azure_1.1.0_2.14 CIS Microsoft Azure Foundations Benchmark recommendation 2.14 Ensure ASC Default policy setting "Monitor SQL Auditing" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
17k78e20-9358-41c9-923c-fb736d382a12 Transparent Data Encryption on SQL databases should be enabled CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media CIS_Azure_1.1.0 2.15 CIS_Azure_1.1.0_2.15 CIS Microsoft Azure Foundations Benchmark recommendation 2.15 Ensure ASC Default policy setting "Monitor SQL Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4f4f78b8-e367-4b10-a341-d9a4ad5cf1c7 Subscriptions should have a contact email address for security issues CIS_Azure_1.1.0 2.16 CIS_Azure_1.1.0_2.16 CIS Microsoft Azure Foundations Benchmark recommendation 2.16 Ensure that 'Security contact emails' is set CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
6e2593d9-add6-4083-9c9b-4b7d2188c899 Email notification for high severity alerts should be enabled CIS_Azure_1.1.0 2.18 CIS_Azure_1.1.0_2.18 CIS Microsoft Azure Foundations Benchmark recommendation 2.18 Ensure that 'Send email notification for high severity alerts' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0b15565f-aa9e-48ba-8619-45960f2c314d Email notification to subscription owner for high severity alerts should be enabled CIS_Azure_1.1.0 2.19 CIS_Azure_1.1.0_2.19 CIS Microsoft Azure Foundations Benchmark recommendation 2.19 Ensure that 'Send email also to subscription owners' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
2c6bee3a-2180-2430-440d-db3c7a849870 Document security operations CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
5fc24b95-53f7-0ed1-2330-701b539b97fe Turn on sensors for endpoint security solution CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
475aae12-b88a-4572-8b36-9b712b2b3a17 Auto provisioning of the Log Analytics agent should be enabled on your subscription CIS_Azure_1.1.0 2.2 CIS_Azure_1.1.0_2.2 CIS Microsoft Azure Foundations Benchmark recommendation 2.2 Ensure that 'Automatic provisioning of monitoring agent' is set to 'On' CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
86b3d65f-7626-441e-b690-81a8b71cff60 System updates should be installed on your machines CIS_Azure_1.1.0 2.3 CIS_Azure_1.1.0_2.3 CIS Microsoft Azure Foundations Benchmark recommendation 2.3 Ensure ASC Default policy setting "Monitor System Updates" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
be38a620-000b-21cf-3cb3-ea151b704c3b Remediate information system flaws CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e1e5fd5d-3e4c-4ce1-8661-7d1873ae6b15 Vulnerabilities in security configuration on your machines should be remediated CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans CIS_Azure_1.1.0 2.4 CIS_Azure_1.1.0_2.4 CIS Microsoft Azure Foundations Benchmark recommendation 2.4 Ensure ASC Default policy setting "Monitor OS Vulnerabilities" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3d399cf3-8fc6-0efc-6ab0-1412f1198517 Block untrusted and unsigned processes that run from USB CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
af6cd1bd-1635-48cb-bde7-5b15693900b9 Monitor missing Endpoint Protection in Azure Security Center CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
fad161f5-5261-401a-22dd-e037bae011bd Review threat protection status weekly CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
ea9d7c95-2f10-8a4d-61d8-7469bd2e8d65 Update antivirus definitions CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c5e0e1a-216f-8f49-0a15-76ed0d8b8e1f Perform vulnerability scans CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
63f63e71-6c3f-9add-4c43-64de23e554a7 Manage gateways CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
4a6f5cbd-6c6b-006f-2bb1-091af1441bce Review malware detections report weekly CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
50e81644-923d-33fc-6ebb-9733bc8d1a06 Perform a trend analysis on threats CIS_Azure_1.1.0 2.5 CIS_Azure_1.1.0_2.5 CIS Microsoft Azure Foundations Benchmark recommendation 2.5 Ensure ASC Default policy setting "Monitor Endpoint Protection" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
a315c657-4a00-8eba-15ac-44692ad24423 Protect special information CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
e435f7e3-0dd9-58c9-451f-9b44b96c0232 Implement controls to secure all media CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
b11697e8-9515-16f1-7a35-477d5c8a1344 Protect data in transit using encryption CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
3c9aa856-6b86-35dc-83f4-bc72cec74dea Establish a data leakage management procedure CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
0961003e-5a0a-4549-abde-af6a37f2724d Virtual machines should encrypt temp disks, caches, and data flows between Compute and Storage resources CIS_Azure_1.1.0 2.6 CIS_Azure_1.1.0_2.6 CIS Microsoft Azure Foundations Benchmark recommendation 2.6 Ensure ASC Default policy setting "Monitor Disk Encryption" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
79365f13-8ba4-1f6c-2ac4-aa39929f56d0 Employ flow control mechanisms of encrypted information CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Microsoft Azure Foundations Benchmark recommendation 2.7 Ensure ASC Default policy setting "Monitor Network Security Groups" is not "Disabled" CIS Microsoft Azure Foundations Benchmark v1.1.0 (1a5bb27d-173f-493e-9568-eb56638dde4d)
59bedbdc-0ba9-39b9-66bb-1d1c192384e6 Control information flow CIS_Azure_1.1.0 2.7 CIS_Azure_1.1.0_2.7 CIS Mi