Link Search Menu Expand Document

The included AZURE checks are listed below. For more information about each check, see the link provided.

Code Summary
AZU001 An inbound network security rule allows traffic from /0.
AZU002 An outbound network security rule allows traffic to /0.
AZU003 Unencrypted managed disk.
AZU004 Unencrypted data lake storage.
AZU005 Password authentication in use instead of SSH keys.
AZU006 Ensure AKS cluster has Network Policy configured
AZU007 Ensure RBAC is enabled on AKS clusters
AZU008 Ensure AKS has an API Server Authorized IP Ranges enabled
AZU009 Ensure AKS logging to Azure Monitoring is Configured
AZU010 Ensure HTTPS is enabled on Azure Storage Account
AZU011 Storage containers in blob storage mode should not have public access
AZU012 The default action on Storage account network rules should be set to deny
AZU013 Trusted Microsoft Services should have bypass access to Storage accounts
AZU014 Storage accounts should be configured to only accept transfers that are over secure connections
AZU015 The minimum TLS version for Storage Accounts should be TLS1_2
AZU016 When using Queue Services for a storage account, logging should be enabled.
AZU017 SSH access should not be accessible from the Internet, should be blocked on port 22
AZU018 Auditing should be enabled on Azure SQL Databases
AZU019 Database auditing rentention period should be longer than 90 days