| 💼 8.1 Microsoft Defender for Cloud | 16 | | 24 | | no data |
|  💼 8.1.1 Microsoft Cloud Security Posture Management (CSPM) | 1 | | 1 | | no data |
|   💼 8.1.1.1 Ensure Microsoft Defender CSPM is Set to 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.2 Defender Plan: APIs | 1 | | 1 | | no data |
|   💼 8.1.2.1 Ensure Microsoft Defender for APIs is Set to 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.3 Defender Plan: Servers | 5 | | 5 | | no data |
|   💼 8.1.3.1 Ensure that Defender for Servers is Set to 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.3.2 Ensure that 'Vulnerability assessment for machines' Component Status is set to 'On' (Manual) | | | 1 | | no data |
|   💼 8.1.3.3 Ensure that 'Endpoint protection' Component Status is set to 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.3.4 Ensure that 'Agentless scanning for machines' Component Status is Set to 'On' (Manual) | | | 1 | | no data |
|   💼 8.1.3.5 Ensure that 'File Integrity Monitoring' Component Status is Set to 'On' (Manual) | | | 1 | | no data |
|  💼 8.1.4 Defender Plan: Containers | 1 | | 1 | | no data |
|   💼 8.1.4.1 Ensure That Microsoft Defender for Containers Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.5 Defender Plan: Storage | 2 | | 2 | | no data |
|   💼 8.1.5.1 Ensure That Microsoft Defender for Storage Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.5.2 Ensure Advanced Threat Protection Alerts for Storage Accounts Are Monitored (Manual) | | | 1 | | no data |
|  💼 8.1.6 Defender Plan: App Service | 1 | | 1 | | no data |
|   💼 8.1.6.1 Ensure That Microsoft Defender for App Services Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.7 Defender Plan: Databases | 4 | | 4 | | no data |
|   💼 8.1.7.1 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.2 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.3 Ensure That Microsoft Defender for (Managed Instance) Azure SQL Databases Is Set To 'On' (Automated) | | | 1 | | no data |
|   💼 8.1.7.4 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.8 Defender Plan: Key Vault | 1 | | 1 | | no data |
|   💼 8.1.8.1 Ensure That Microsoft Defender for Key Vault Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.9 Defender Plan: Resource Manager | 1 | | 1 | | no data |
|   💼 8.1.9.1 Ensure That Microsoft Defender for Resource Manager Is Set To 'On' (Automated) | | | 1 | | no data |
|  💼 8.1.10 Ensure that Microsoft Defender for Cloud is Configured to Check VM Operating Systems for Updates (Automated) | | | 1 | | no data |
|  💼 8.1.11 Ensure that non-deprecated Microsoft Cloud Security Benchmark policies are not set to 'Disabled' (Manual) | | | 1 | | no data |
|  💼 8.1.12 Ensure That 'All users with the following roles' is Set to 'Owner' (Automated) | | | 1 | | no data |
|  💼 8.1.13 Ensure 'Additional email addresses' is Configured with a Security Contact Email (Automated) | | | 1 | | no data |
|  💼 8.1.14 Ensure that 'Notify about alerts with the following severity (or higher)' is Enabled (Automated) | | | 1 | | no data |
|  💼 8.1.15 Ensure that 'Notify about attack paths with the following risk level (or higher)' is Enabled (Automated) | | | 1 | | no data |
|  💼 8.1.16 Ensure that Microsoft Defender External Attack Surface Monitoring (EASM) is Enabled (Manual) | | | 1 | | no data |
| 💼 8.2 Microsoft Defender for IoT | 1 | | 1 | | no data |
|  💼 8.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On' (Manual) | | | 1 | | no data |
| 💼 8.3 Key Vault | 11 | | 11 | | no data |
|  💼 8.3.1 Ensure that the Expiration Date is Set for all Keys in Key Vaults using RBAC (Automated) | | | 1 | | no data |
|  💼 8.3.2 Ensure that the Expiration Date is set for All Keys in Key Vaults using access policies (legacy) (Automated) | | | 1 | | no data |
|  💼 8.3.3 Ensure that the Expiration Date is set for All Secrets in Key Vaults using RBAC (Automated) | | | 1 | | no data |
|  💼 8.3.4 Ensure that the Expiration Date is set for All Secrets in Key Vaults using access policies (legacy) (Automated) | | | 1 | | no data |
|  💼 8.3.5 Ensure 'Purge protection' is Set to 'Enabled' (Automated) | | | 1 | | no data |
|  💼 8.3.6 Ensure that Role Based Access Control for Azure Key Vault is Enabled (Automated) | | | 1 | | no data |
|  💼 8.3.7 Ensure Public Network Access is Disabled (Automated) | | | 1 | | no data |
|  💼 8.3.8 Ensure Private Endpoints are Used to Access Azure Key Vault (Automated) | | | 1 | | no data |
|  💼 8.3.9 Ensure Automatic Key Rotation is Enabled within Azure Key Vault (Automated) | | | 1 | | no data |
|  💼 8.3.10 Ensure that Azure Key Vault Managed HSM is Used when Required (Manual) | | | 1 | | no data |
|  💼 8.3.11 Ensure Certificate 'Validity Period (in months)' is Less Than or Equal to '12' (Automated) | | | 1 | | no data |
| 💼 8.4 Azure Bastion | 1 | | 1 | | no data |
|  💼 8.4.1 Ensure an Azure Bastion Host Exists (Automated) | | | 1 | | no data |
| 💼 8.5 Ensure Azure DDoS Network Protection is Enabled on Virtual Networks (Automated) | | | 1 | | no data |