---
names:
  full: "Azure VM Scale Set Instance allows public access to all ports"
  contextual: "Instance allows public access to all ports"
description: >
  Identify Azure VM Scale Set Instances that are associated with Network Interfaces 
  linked to NSGs containing inbound rules that allow unrestricted traffic from 
  the public internet(0.0.0.0/0, ::/0, Internet, Any, or *) to all destination 
  ports (*, 0-65535, or unspecified). Restrict access to only the specific 
  destination port and/or IP address ranges that require connectivity.
categories:
  - "SECURITY"
type: "COMPLIANCE_POLICY"
frameworkMappings:
  - "/frameworks/cloudaware/resource-security/network-exposure"