AZURE Checks

The included AZURE checks are listed below. For more information about each check, see the link provided.

Code Summary
AZU001 An inbound network security rule allows traffic from /0.
AZU002 An outbound network security rule allows traffic to /0.
AZU003 Unencrypted managed disk.
AZU004 Unencrypted data lake storage.
AZU005 Password authentication in use instead of SSH keys.
AZU006 Ensure AKS cluster has Network Policy configured
AZU007 Ensure RBAC is enabled on AKS clusters
AZU008 Ensure AKS has an API Server Authorized IP Ranges enabled
AZU009 Ensure AKS logging to Azure Monitoring is Configured
AZU010 Ensure HTTPS is enabled on Azure Storage Account
AZU011 Storage containers in blob storage mode should not have public access
AZU012 The default action on Storage account network rules should be set to deny
AZU013 Trusted Microsoft Services should have bypass access to Storage accounts
AZU014 Storage accounts should be configured to only accept transfers that are over secure connections
AZU015 The minimum TLS version for Storage Accounts should be TLS1_2
AZU016 When using Queue Services for a storage account, logging should be enabled.
AZU017 SSH access should not be accessible from the Internet, should be blocked on port 22
AZU018 Auditing should be enabled on Azure SQL Databases
AZU019 Database auditing rentention period should be longer than 90 days
AZU020 Key vault should have the network acl block specified
AZU021 Key vault should have purge protection enabled
AZU022 Key vault Secret should have a content type set
AZU023 Key Vault Secret should have an expiration date set
AZU024 RDP access should not be accessible from the Internet, should be blocked on port 3389
AZU025 Data Factory should have public access disabled, the default is enabled.
AZU026 Ensure that the expiration date is set on all keys
AZU027 Synapse Workspace should have managed virtual network enabled, the default is disabled.
AZU028 Ensure the Function App can only be accessed via HTTPS. The default is false.

AWS Checks