The included AZURE checks are listed below. For more information about each check, see the link provided.
| Code | Summary |
|---|---|
| AZU001 | An inbound network security rule allows traffic from /0. |
| AZU002 | An outbound network security rule allows traffic to /0. |
| AZU003 | Unencrypted managed disk. |
| AZU004 | Unencrypted data lake storage. |
| AZU005 | Password authentication in use instead of SSH keys. |
| AZU006 | Ensure AKS cluster has Network Policy configured |
| AZU007 | Ensure RBAC is enabled on AKS clusters |
| AZU008 | Ensure AKS has an API Server Authorized IP Ranges enabled |
| AZU009 | Ensure AKS logging to Azure Monitoring is Configured |
| AZU010 | Ensure HTTPS is enabled on Azure Storage Account |
| AZU011 | Storage containers in blob storage mode should not have public access |
| AZU012 | The default action on Storage account network rules should be set to deny |
| AZU013 | Trusted Microsoft Services should have bypass access to Storage accounts |
| AZU014 | Storage accounts should be configured to only accept transfers that are over secure connections |
| AZU015 | The minimum TLS version for Storage Accounts should be TLS1_2 |
| AZU016 | When using Queue Services for a storage account, logging should be enabled. |
| AZU017 | SSH access should not be accessible from the Internet, should be blocked on port 22 |
| AZU018 | Auditing should be enabled on Azure SQL Databases |
| AZU019 | Database auditing rentention period should be longer than 90 days |
| AZU020 | Key vault should have the network acl block specified |
| AZU021 | Key vault should have purge protection enabled |
| AZU022 | Key vault Secret should have a content type set |
| AZU023 | Key Vault Secret should have an expiration date set |
| AZU024 | RDP access should not be accessible from the Internet, should be blocked on port 3389 |
| AZU025 | Data Factory should have public access disabled, the default is enabled. |
| AZU026 | Ensure that the expiration date is set on all keys |
| AZU027 | Synapse Workspace should have managed virtual network enabled, the default is disabled. |
| AZU028 | Ensure the Function App can only be accessed via HTTPS. The default is false. |
