The included AZURE checks are listed below. For more information about each check, see the link provided.
| Code | Summary |
|---|---|
| AZU001 | An inbound network security rule allows traffic from /0. |
| AZU002 | An outbound network security rule allows traffic to /0. |
| AZU003 | Unencrypted managed disk. |
| AZU004 | Unencrypted data lake storage. |
| AZU005 | Password authentication in use instead of SSH keys. |
| AZU006 | Ensure AKS cluster has Network Policy configured |
| AZU007 | Ensure RBAC is enabled on AKS clusters |
| AZU008 | Ensure AKS has an API Server Authorized IP Ranges enabled |
| AZU009 | Ensure AKS logging to Azure Monitoring is Configured |
| AZU010 | Ensure HTTPS is enabled on Azure Storage Account |
| AZU011 | Storage containers in blob storage mode should not have public access |
| AZU012 | The default action on Storage account network rules should be set to deny |
| AZU013 | Trusted Microsoft Services should have bypass access to Storage accounts |
| AZU014 | Storage accounts should be configured to only accept transfers that are over secure connections |
| AZU015 | The minimum TLS version for Storage Accounts should be TLS1_2 |
| AZU016 | When using Queue Services for a storage account, logging should be enabled. |
| AZU017 | SSH access should not be accessible from the Internet, should be blocked on port 22 |
| AZU018 | Auditing should be enabled on Azure SQL Databases |
| AZU019 | Database auditing rentention period should be longer than 90 days |