| 💼 3.1 Microsoft Defender for Cloud | 16 | | | |
| 💼 3.1.1 Microsoft Cloud Security Posture Management (CSPM) | 2 | | | |
| 💼 3.1.1.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' (Automated) | | | 1 | |
| 💼 3.1.1.2 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected (Automated) | | | 1 | |
| 💼 3.1.2 Defender Plan: APIs | | | | |
| 💼 3.1.3 Defender Plan: Servers | 5 | | | |
| 💼 3.1.3.1 Ensure That Microsoft Defender for Servers Is Set to 'On' (Automated) | | | 1 | |
| 💼 3.1.3.2 Ensure that 'Vulnerability assessment for machines' component status is set to 'On' (Manual) | | | 1 | |
| 💼 3.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' (Manual) | | | 1 | |
| 💼 3.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' (Manual) | | | 1 | |
| 💼 3.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On' (Manual) | | | 1 | |
| 💼 3.1.4 Defender Plan: Containers | 3 | | | |
| 💼 3.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.4.2 Ensure that 'Agentless discovery for Kubernetes' component status 'On' (Automated) | | | 1 | |
| 💼 3.1.4.3 Ensure that 'Agentless container vulnerability assessment' component status is 'On' (Automated) | | | 1 | |
| 💼 3.1.5 Defender Plan: Storage | 1 | | | |
| 💼 3.1.5.1 Ensure That Microsoft Defender for Storage Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.6 Defender Plan: App Service | 1 | | | |
| 💼 3.1.6.1 Ensure That Microsoft Defender for App Services Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.7 Defender Plan: Databases | 4 | | | |
| 💼 3.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.7.2 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.8 Defender Plan: Key Vault | 1 | | | |
| 💼 3.1.8.1 Ensure That Microsoft Defender for Key Vault Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.9 Defender Plan: Resource Manager | 1 | | | |
| 💼 3.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.1.10 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed' (Automated) | | | 1 | |
| 💼 3.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' (Manual) | | | 1 | |
| 💼 3.1.12 Ensure That 'All users with the following roles' is set to 'Owner' (Automated) | | | 1 | |
| 💼 3.1.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email (Automated) | | | 1 | |
| 💼 3.1.14 Ensure That 'Notify about alerts with the following severity' is Set to 'High' (Automated) | | | 1 | |
| 💼 3.1.15 Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is enabled (Manual) | | | 1 | |
| 💼 3.1.16 [LEGACY] Ensure That Microsoft Defender for DNS Is Set To 'On' (Automated) | | | 1 | |
| 💼 3.2 Microsoft Defender for IoT | 1 | | | |
| 💼 3.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual) | | | 1 | |
| 💼 3.3 Key Vault | 8 | | | |
| 💼 3.3.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated) | | | 1 | |
| 💼 3.3.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. (Automated) | | | 1 | |
| 💼 3.3.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated) | | | 1 | |
| 💼 3.3.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults (Automated) | | | 1 | |
| 💼 3.3.5 Ensure the Key Vault is Recoverable (Automated) | | | 1 | |
| 💼 3.3.6 Enable Role Based Access Control for Azure Key Vault (Automated) | | | 1 | |
| 💼 3.3.7 Ensure that Private Endpoints are Used for Azure Key Vault (Automated) | | | 1 | |
| 💼 3.3.8 Ensure Automatic Key Rotation is Enabled Within Azure Key Vault for the Supported Services (Automated) | | | 1 | |