AC_AZURE_0576 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' - azurerm_linux_web_app | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0580 | Ensure access to Azure SQL Servers is restricted within Azure Infrastructure via Azure SQL Firewall Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0588 | Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0003 | Ensure that 'Threat Detection' is enabled for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0044 | Ensure that Azure Active Directory Admin is Configured for SQL Servers | Azure | Identity and Access Management | HIGH |
AC_AZURE_0085 | Ensure that logging for Azure Key Vault is 'Enabled' | Azure | Logging and Monitoring | HIGH |
AC_AZURE_0088 | Ensure App Service Authentication is set up for apps in Azure App Service | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0099 | Ensure that the attribute 'privileged_docker_options' in Defender for IoT is not set to false | Azure | Infrastructure Security | HIGH |
AC_AZURE_0104 | Ensure that the attribute 'edge_logging_option' in Defender for IoT is not set to false | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0108 | Ensure public IP addresses are not assigned to Azure Windows Virtual Machines | Azure | Security Best Practices | HIGH |
AC_AZURE_0113 | Ensure backup is enabled using Azure Backup for Azure Linux Virtual Machines | Azure | Security Best Practices | LOW |
AC_AZURE_0128 | Ensure 'Infrastructure double encryption' for PostgreSQL Database Server is 'Enabled' | Azure | Data Protection | MEDIUM |
AC_AZURE_0132 | Ensure 'email account admins' is enabled for Azure MSSQL Server Security Alert Policy | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0140 | Ensure public access is disabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0141 | Ensure 'enforce SSL connection' is set to enabled for Azure MariaDB Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0144 | Ensure queries are not supported over the public internet for Azure Log Analytics Workspace | Azure | Infrastructure Security | HIGH |
AC_AZURE_0146 | Ensure log analytics workspace has daily quota value set for Azure Log Analytics Workspace | Azure | Compliance Validation | LOW |
AC_AZURE_0148 | Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK) - azurerm_linux_virtual_machine_scale_set | Azure | Data Protection | MEDIUM |
AC_AZURE_0161 | Ensure that kubernetes dashboard is disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0162 | Ensure secrets have content type set for Azure Key Vault Secret | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0170 | Ensure the key vault is recoverable - soft_delete_enabled | Azure | Data Protection | MEDIUM |
AC_AZURE_0174 | Ensure 'ReadOnly' cache is enabled on OS disks with read heavy operations to get higher read IOPS for Azure Image | Azure | Compliance Validation | LOW |
AC_AZURE_0177 | Ensure latest TLS version is in use for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0178 | Ensure HTTPS is enabled for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0179 | Ensure CORS is tightly controlled and managed for Azure Function App | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0195 | Ensure that custom domains are configured in Azure App Service | Azure | Security Best Practices | LOW |
AC_AZURE_0202 | Ensure access duration is set to 3600 seconds or less for Azure Managed Disk SAS Token | Azure | Data Protection | LOW |
AC_AZURE_0216 | Ensure that a 'Diagnostics Setting' exists | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0225 | Ensure Power BI analysis services are defined for Azure Analysis Services Server | Azure | Compliance Validation | LOW |
AC_AZURE_0226 | Ensure public access is disabled for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0229 | Ensure internal load balancing is enabled for Azure App Service Environment | Azure | Resilience | MEDIUM |
AC_AZURE_0234 | Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0236 | Ensure that VA setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0259 | Ensure point-in-time-restore is enabled for Azure SQL Database | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0262 | Ensure public network access is disabled for Azure Container Registry | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0275 | Ensure Cassandra (TCP:7001) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0292 | Ensure that public access is disabled in Azure Key Vault | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0293 | Ensure that Web Application Firewall (WAF) is used in 'Detection' or 'Prevention' modes for Azure Front Door | Azure | Infrastructure Security | MEDIUM |