The included AZURE checks are listed below. For more information about each check, see the link provided.
Code | Summary |
---|---|
AZU001 | An inbound network security rule allows traffic from /0 . |
AZU002 | An outbound network security rule allows traffic to /0 . |
AZU003 | Unencrypted managed disk. |
AZU004 | Unencrypted data lake storage. |
AZU005 | Password authentication in use instead of SSH keys. |
AZU006 | Ensure AKS cluster has Network Policy configured |
AZU007 | Ensure RBAC is enabled on AKS clusters |
AZU008 | Ensure AKS has an API Server Authorized IP Ranges enabled |
AZU009 | Ensure AKS logging to Azure Monitoring is Configured |
AZU010 | Ensure HTTPS is enabled on Azure Storage Account |
AZU011 | Storage containers in blob storage mode should not have public access |
AZU012 | The default action on Storage account network rules should be set to deny |
AZU013 | Trusted Microsoft Services should have bypass access to Storage accounts |
AZU014 | Storage accounts should be configured to only accept transfers that are over secure connections |
AZU015 | The minimum TLS version for Storage Accounts should be TLS1_2 |
AZU016 | When using Queue Services for a storage account, logging should be enabled. |
AZU017 | SSH access should not be accessible from the Internet, should be blocked on port 22 |
AZU018 | Auditing should be enabled on Azure SQL Databases |
AZU019 | Database auditing rentention period should be longer than 90 days |