| 💼 9.1 Azure Files | 3 | | 3 | | no data |
|  💼 9.1.1 Ensure soft delete for Azure File Shares is Enabled (Automated) | | | 1 | | no data |
|  💼 9.1.2 Ensure 'SMB protocol version' is set to 'SMB 3.1.1' or higher for SMB file shares (Automated) | | | 1 | | no data |
|  💼 9.1.3 Ensure 'SMB channel encryption' is set to 'AES-256-GCM' or higher for SMB file shares (Automated) | | | 1 | | no data |
| 💼 9.2 Azure Blob Storage | 3 | | 2 | | no data |
|  💼 9.2.1 Ensure that soft delete for blobs on Azure Blob Storage storage accounts is Enabled (Automated) | | | 1 | | no data |
|  💼 9.2.2 Ensure that soft delete for containers on Azure Blob Storage storage accounts is Enabled (Automated) | | | 1 | | no data |
|  💼 9.2.3 Ensure 'Versioning' is set to 'Enabled' on Azure Blob Storage storage accounts (Automated) | | | 1 | | no data |
| 💼 9.3 Storage Accounts | 11 | | 15 | | no data |
|  💼 9.3.1 Secrets and Keys | 3 | | 3 | | no data |
|   💼 9.3.1.1 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account (Automated) | | | 1 | | no data |
|   💼 9.3.1.2 Ensure that Storage Account access keys are periodically regenerated | | | 1 | | no data |
|   💼 9.3.1.3 Ensure 'Allow storage account key access' for Azure Storage Accounts is 'Disabled' (Automated) | | | 1 | | no data |
|  💼 9.3.2 Networking | 3 | | 3 | | no data |
|   💼 9.3.2.1 Ensure Private Endpoints are used to access Storage Accounts (Automated) | | | 1 | | no data |
|   💼 9.3.2.2 Ensure that 'Public Network Access' is 'Disabled' for storage accounts (Automated) | | | 1 | | no data |
|   💼 9.3.2.3 Ensure default network access rule for storage accounts is set to deny (Automated) | | | 1 | | no data |
|  💼 9.3.3 Identity and Access Management | 1 | | 1 | | no data |
|   💼 9.3.3.1 Ensure that 'Default to Microsoft Entra authorization in the Azure portal' is set to 'Enabled' (Automated) | | | 1 | | no data |
|  💼 9.3.4 Ensure that 'Secure transfer required' is set to 'Enabled' (Automated) | | | 1 | | no data |
|  💼 9.3.5 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access (Automated) | | | 1 | | no data |
|  💼 9.3.6 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2' (Automated) | | | 1 | | no data |
|  💼 9.3.7 Ensure 'Cross Tenant Replication' is not enabled (Automated) | | | 1 | | no data |
|  💼 9.3.8 Ensure that 'Allow Blob Anonymous Access' is set to 'Disabled' (Automated) | | | 1 | | no data |
|  💼 9.3.9 Ensure Azure Resource Manager Delete locks are applied to Azure Storage Accounts (Manual) | | | 1 | | no data |
|  💼 9.3.10 Ensure Azure Resource Manager ReadOnly locks are considered for Azure Storage Accounts (Manual) | | | 1 | | no data |
|  💼 9.3.11 Ensure Redundancy is set to 'geo-redundant storage (GRS)' on critical Azure Storage Accounts (Automated) | | | 1 | | no data |