| 💼 8.1 Microsoft Defender for Cloud | 16 | | 24 | | no data |
|  💼 8.1.1 Microsoft Cloud Security Posture Management (CSPM) | 1 | | 1 | | no data |
|   💼 8.1.1.1 Ensure Microsoft Defender CSPM is set to 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.2 Defender Plan: APIs | 1 | | 1 | | no data |
|   💼 8.1.2.1 Ensure Microsoft Defender for APIs is set to 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.3 Defender Plan: Servers | 5 | | 5 | | no data |
|   💼 8.1.3.1 Ensure that Defender for Servers is set to 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.3.2 Ensure that 'Vulnerability assessment for machines' component status is set to 'On' (Manual) | | | 1 | | no data |
|   💼 8.1.3.3 Ensure that 'Endpoint protection' component status is set to 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.3.4 Ensure that 'Agentless scanning for machines' component status is set to 'On' (Manual) | | | 1 | | no data |
|   💼 8.1.3.5 Ensure that 'File Integrity Monitoring' component status is set to 'On' (Manual) | | | 1 | | no data |
|  💼 8.1.4 Defender Plan: Containers | 1 | | 1 | | no data |
|   💼 8.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.5 Defender Plan: Storage | 2 | | 2 | | no data |
|   💼 8.1.5.1 Ensure That Microsoft Defender for Storage Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.5.2 Ensure Advanced Threat Protection Alerts for Storage Accounts Are Monitored (Manual) | | | 1 | | no data |
|  💼 8.1.6 Defender Plan: App Service | 1 | | 1 | | no data |
|   💼 8.1.6.1 Ensure That Microsoft Defender for App Services Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.7 Defender Plan: Databases | 4 | | 4 | | no data |
|   💼 8.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.2 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.8 Defender Plan: Key Vault | 1 | | 1 | | no data |
|   💼 8.1.8.1 Ensure That Microsoft Defender for Key Vault Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.9 Defender Plan: Resource Manager | 1 | | 1 | | no data |
|   💼 8.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.10 Ensure that Microsoft Defender for Cloud is configured to check VM operating systems for updates (Automated) | | | 1 | | no data |
|  💼 8.1.11 Ensure that Microsoft Cloud Security Benchmark policies are not set to 'Disabled' (Manual) | | | 1 | | no data |
|  💼 8.1.12 Ensure That 'All users with the following roles' is set to 'Owner' (Automated) | | | 1 | | no data |
|  💼 8.1.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email (Automated) | | | 1 | | no data |
|  💼 8.1.14 Ensure that 'Notify about alerts with the following severity (or higher)' is enabled (Automated) | | | 1 | | no data |
|  💼 8.1.15 Ensure that 'Notify about attack paths with the following risk level (or higher)' is enabled (Automated) | | | 1 | | no data |
|  💼 8.1.16 Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is enabled (Manual) | | | 1 | | no data |
| 💼 8.2 Microsoft Defender for IoT | 1 | | 1 | | no data |
|  💼 8.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual) | | | 1 | | no data |
| 💼 8.3 Key Vault | 11 | | 11 | | no data |
|  💼 8.3.1 Ensure that the Expiration Date is set for all Keys in RBAC Key Vaults (Automated) | | | 1 | | no data |
|  💼 8.3.2 Ensure that the Expiration Date is set for all Keys in Non-RBAC Key Vaults. (Automated) | | | 1 | | no data |
|  💼 8.3.3 Ensure that the Expiration Date is set for all Secrets in RBAC Key Vaults (Automated) | | | 1 | | no data |
|  💼 8.3.4 Ensure that the Expiration Date is set for all Secrets in Non-RBAC Key Vaults (Automated) | | | 1 | | no data |
|  💼 8.3.5 Ensure 'Purge protection' is set to 'Enabled' (Automated) | | | 1 | | no data |
|  💼 8.3.6 Ensure that Role Based Access Control for Azure Key Vault is enabled (Automated) | | | 1 | | no data |
|  💼 8.3.7 Ensure Public Network Access is Disabled (Automated) | | | 1 | | no data |
|  💼 8.3.8 Ensure Private Endpoints are used to access Azure Key Vault (Automated) | | | 1 | | no data |
|  💼 8.3.9 Ensure automatic key rotation is enabled within Azure Key Vault (Automated) | | | 1 | | no data |
|  💼 8.3.10 Ensure that Azure Key Vault Managed HSM is used when required (Manual) | | | 1 | | no data |
|  💼 8.3.11 Ensure certificate 'Validity Period (in months)' is less than or equal to '12' (Automated) | | | 1 | | no data |
| 💼 8.4 Azure Bastion | 1 | | 1 | | no data |
|  💼 8.4.1 Ensure an Azure Bastion Host Exists (Automated) | | | 1 | | no data |
| 💼 8.5 Ensure Azure DDoS Network Protection is enabled on virtual networks (Automated) | | | 1 | | no data |