📝 [LEGACY] VHDs are not encrypted 🟢
- Contextual name: 📝 [LEGACY] VHDs are not encrypted 🟢
394 docs tagged with "policy"
View all tags📝 Access Approval is not enabled 🟢
- Contextual name: 📝 Access Approval is not enabled 🟢
📝 Access Key Rotation Reminders are not enabled 🟢
- Contextual name: 📝 Access Key Rotation Reminders are not enabled 🟢
📝 Access Keys are not regenerated periodically 🟢
- Contextual name: 📝 Access Keys are not regenerated periodically 🟢
📝 Account Has No IAM Users 🔴🟠
- Contextual name: 📝 Account Has No IAM Users 🔴🟠
📝 Account Lockout Duration is not set 60 seconds or more 🟢
- Contextual name: 📝 Account Lockout Duration is not set 60 seconds or more 🟢
📝 Account Lockout Threshold is not set to 10 or less 🟢
- Contextual name: 📝 Account Lockout Threshold is not set to 10 or less 🟢
📝 Account Root User Hardware MFA is not enabled. 🟢
- Contextual name: 📝 Account Root User Hardware MFA is not enabled. 🟢
📝 Account Root User has active access keys 🟢
- Contextual name: 📝 Account Root User has active access keys 🟢
📝 Account Root User MFA is not enabled. 🟢
- Contextual name: 📝 Account Root User MFA is not enabled. 🟢
📝 Activity Log Alert for Create or Update Network Security Group does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Create or Update Network Security Group does not exist 🟢
📝 Activity Log Alert for Create or Update Public IP Address Rule does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Create or Update Public IP Address Rule does not exist 🟢
📝 Activity Log Alert for Create or Update Security Solution does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Create or Update Security Solution does not exist 🟢
📝 Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Create or Update SQL Server Firewall Rule does not exist 🟢
📝 Activity Log Alert for Create Policy Assignment does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Create Policy Assignment does not exist 🟢
📝 Activity Log Alert for Delete Network Security Group does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Delete Network Security Group does not exist 🟢
📝 Activity Log Alert for Delete Policy Assignment does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Delete Policy Assignment does not exist 🟢
📝 Activity Log Alert for Delete Public IP Address Rule does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Delete Public IP Address Rule does not exist 🟢
📝 Activity Log Alert for Delete Security Solution does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Delete Security Solution does not exist 🟢
📝 Activity Log Alert for Delete SQL Server Firewall Rule does not exist 🟢
- Contextual name: 📝 Activity Log Alert for Delete SQL Server Firewall Rule does not exist 🟢
📝 Agentless Container Vulnerability Assessment Component is not enabled 🟢
- Contextual name: 📝 Agentless Container Vulnerability Assessment Component is not enabled 🟢
📝 Agentless Discovery for Kubernetes Component is not enabled 🟢
- Contextual name: 📝 Agentless Discovery for Kubernetes Component is not enabled 🟢
📝 Agentless Scanning for Machines Component is not enabled 🟢
- Contextual name: 📝 Agentless Scanning for Machines Component is not enabled 🟢
📝 Allow Blob Anonymous Access is set enabled 🟢
- Contextual name: 📝 Allow Blob Anonymous Access is set enabled 🟢
📝 Allow Users To Remember MFA On Devices They Trust is enabled 🟢
- Contextual name: 📝 Allow Users To Remember MFA On Devices They Trust is enabled 🟢
📝 Alternate Contact Information is not current 🔴🟢
- Contextual name: 📝 Alternate Contact Information is not current 🔴🟢
📝 AND 🟢
- Contextual name: 📝 AND 🟢
📝 API Access Logging in CloudWatch is not enabled 🟢
- Contextual name: 📝 API Access Logging in CloudWatch is not enabled 🟢
📝 API Execution Logging in CloudWatch is not enabled 🟢
- Contextual name: 📝 API Execution Logging in CloudWatch is not enabled 🟢
📝 API Key is not restricted for unspecified hosts and apps 🟢
- Contextual name: 📝 API Key is not restricted for unspecified hosts and apps 🟢
📝 API Key is not restricted for unused APIs 🟢
- Contextual name: 📝 API Key is not restricted for unused APIs 🟢
📝 API Key is not rotated every 90 days 🟢
- Contextual name: 📝 API Key is not rotated every 90 days 🟢
📝 API Route Authorization Type is not configured 🟢
- Contextual name: 📝 API Route Authorization Type is not configured 🟢
📝 App Service does not run the latest HTTP version 🟢
- Contextual name: 📝 App Service does not run the latest HTTP version 🟢
📝 App Service does not run the latest Java version 🟢
- Contextual name: 📝 App Service does not run the latest Java version 🟢
📝 App Service does not run the latest PHP version 🟢
- Contextual name: 📝 App Service does not run the latest PHP version 🟢
📝 App Service does not run the latest Python version 🟢
- Contextual name: 📝 App Service does not run the latest Python version 🟢
📝 App Service does not use Azure Key Vaults to store secrets 🟢
- Contextual name: 📝 App Service does not use Azure Key Vaults to store secrets 🟢
📝 App Service is not registered with Microsoft Entra ID 🟢
- Contextual name: 📝 App Service is not registered with Microsoft Entra ID 🟢
📝 Application HTTPS Connection is not enforced 🟢
- Contextual name: 📝 Application HTTPS Connection is not enforced 🟢
📝 Application Insights are not configured 🟢
- Contextual name: 📝 Application Insights are not configured 🟢
📝 Asset Inventory API is not enabled 🟢
- Contextual name: 📝 Asset Inventory API is not enabled 🟢
📝 Aurora Cluster access is not consistent 🟢
- Contextual name: 📝 Aurora Cluster access is not consistent 🟢
📝 Authentication is disabled and Basic Authentication is enabled 🟢
- Contextual name: 📝 Authentication is disabled and Basic Authentication is enabled 🟢
📝 Auto Scaling Group and Classic Load Balancer AZs are inconsistent 🟠🟢
- Contextual name: 📝 Auto Scaling Group and Classic Load Balancer AZs are inconsistent 🟠🟢
📝 Auto Scaling Group behind ELB doesn't use ELB health check 🟢
- Contextual name: 📝 Auto Scaling Group behind ELB doesn't use ELB health check 🟢
📝 Automatic Key Rotation is not enabled 🟠🟢
- Contextual name: 📝 Automatic Key Rotation is not enabled 🟠🟢
📝 AWS EC2 Instance Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 AWS EC2 Instance Should Have Breeze Agent Installed 🟢
📝 AWS EKS Cluster Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 AWS EKS Cluster Should Have Breeze Agent Installed 🟢
📝 AWS IAM User is not managed centrally in multi-account environments 🟢
- Contextual name: 📝 AWS IAM User is not managed centrally in multi-account environments 🟢
📝 AWS Organizations Changes Monitoring is not enabled 🟢
- Contextual name: 📝 AWS Organizations Changes Monitoring is not enabled 🟢
📝 AWS Support Role is not created 🟢
- Contextual name: 📝 AWS Support Role is not created 🟢
📝 AWSCloudShellFullAccess Policy is attached 🟢
- Contextual name: 📝 AWSCloudShellFullAccess Policy is attached 🟢
📝 Azure Active Directory Device Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Azure Active Directory Device Should Have Breeze Agent Installed 🟢
📝 Azure AKS Cluster Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Azure AKS Cluster Should Have Breeze Agent Installed 🟢
📝 Azure Virtual Machine Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Azure Virtual Machine Should Have Breeze Agent Installed 🟢
📝 Azure VM Scale Set Instance Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Azure VM Scale Set Instance Should Have Breeze Agent Installed 🟢
📝 Basic Authentication is enabled 🟢
- Contextual name: 📝 Basic Authentication is enabled 🟢
📝 Bastion Host does not exist 🟢
- Contextual name: 📝 Bastion Host does not exist 🟢
📝 Blob Containers Soft Delete is not enabled 🟢
- Contextual name: 📝 Blob Containers Soft Delete is not enabled 🟢
📝 Blob Logging is not enabled for Read, Write, and Delete requests 🟢
- Contextual name: 📝 Blob Logging is not enabled for Read, Write, and Delete requests 🟢
📝 BOOLEAN_FROM 🔴🟢
- Contextual name: 📝 BOOLEAN_FROM 🔴🟢
📝 BooleanType 🔴🟢
- Contextual name: 📝 BooleanType 🔴🟢
📝 BooleanType 🟢
- Contextual name: 📝 BooleanType 🟢
📝 Bucket is anonymously or publicly accessible 🟢
- Contextual name: 📝 Bucket is anonymously or publicly accessible 🟢
📝 Bucket is not configured to block public access 🟢
- Contextual name: 📝 Bucket is not configured to block public access 🟢
📝 Bucket Lifecycle Configuration is not enabled 🟢
- Contextual name: 📝 Bucket Lifecycle Configuration is not enabled 🟢
📝 Bucket MFA Delete is not enabled 🟠🟢
- Contextual name: 📝 Bucket MFA Delete is not enabled 🟠🟢
📝 Bucket Object Lock is not enabled 🟠🟢
- Contextual name: 📝 Bucket Object Lock is not enabled 🟠🟢
📝 Bucket Policy is not set to deny HTTP requests 🟢
- Contextual name: 📝 Bucket Policy is not set to deny HTTP requests 🟢
📝 Bucket sensitive data is not discovered, classified, and secured 🟢
- Contextual name: 📝 Bucket sensitive data is not discovered, classified, and secured 🟢
📝 Bucket Server Access Logging is not enabled 🟢
- Contextual name: 📝 Bucket Server Access Logging is not enabled 🟢
📝 Bucket Uniform Bucket-Level Access is not enabled 🟢
- Contextual name: 📝 Bucket Uniform Bucket-Level Access is not enabled 🟢
📝 Bucket Versioning is not enabled 🟢
- Contextual name: 📝 Bucket Versioning is not enabled 🟢
📝 BytesType 🟢
- Contextual name: 📝 BytesType 🟢
📝 BytesType 🟢
- Contextual name: 📝 BytesType 🟢
📝 Certificate Expired 🟢
- Contextual name: 📝 Certificate Expired 🟢
📝 Certificate expires in the next 7 days 🟢
- Contextual name: 📝 Certificate expires in the next 7 days 🟢
📝 Certificate with Wildcard Domain Name 🟢
- Contextual name: 📝 Certificate with Wildcard Domain Name 🟢
📝 Cloud Access Transparency is not enabled 🟢
- Contextual name: 📝 Cloud Access Transparency is not enabled 🟢
📝 Cloud Audit Logging is not configured properly 🟢
- Contextual name: 📝 Cloud Audit Logging is not configured properly 🟢
📝 Cloud Function Environment Variables store confidential data 🟢
- Contextual name: 📝 Cloud Function Environment Variables store confidential data 🟢
📝 CloudTrail is not encrypted with KMS CMK 🟢
- Contextual name: 📝 CloudTrail is not encrypted with KMS CMK 🟢
📝 Cluster is not encrypted using Customer-Managed Encryption Key 🟢
- Contextual name: 📝 Cluster is not encrypted using Customer-Managed Encryption Key 🟢
📝 COLLECTION_CONTAINS 🟢
- Contextual name: 📝 COLLECTION_CONTAINS 🟢
📝 COLLECTION_FROM 🟢
- Contextual name: 📝 COLLECTION_FROM 🟢
📝 COLLECTION_SIZE 🟢
- Contextual name: 📝 COLLECTION_SIZE 🟢
📝 CollectionType 🟢
- Contextual name: 📝 CollectionType 🟢
📝 CollectionType 🟢
- Contextual name: 📝 CollectionType 🟢
📝 Conditional Access By Location is not defined 🟢
- Contextual name: 📝 Conditional Access By Location is not defined 🟢
📝 Config Configuration Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Config Configuration Changes Monitoring is not enabled 🟢
📝 Config is not enabled in all regions 🟢
- Contextual name: 📝 Config is not enabled in all regions 🟢
📝 Configuration Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Configuration Changes Monitoring is not enabled 🟢
📝 Consumer Google Accounts are used 🟢
- Contextual name: 📝 Consumer Google Accounts are used 🟢
📝 CONTAINS 🟢
- Contextual name: 📝 CONTAINS 🟢
📝 Critical Data is not encrypted with customer managed key 🟢
- Contextual name: 📝 Critical Data is not encrypted with customer managed key 🟢
📝 Cross Tenant Replication is enabled 🟢
- Contextual name: 📝 Cross Tenant Replication is enabled 🟢
📝 Crypto Key is anonymously or publicly accessible 🟠🟢
- Contextual name: 📝 Crypto Key is anonymously or publicly accessible 🟠🟢
📝 Crypto Key is not rotated every 90 days 🟢
- Contextual name: 📝 Crypto Key is not rotated every 90 days 🟢
📝 Custom Banned Password List is not enforced 🟢
- Contextual name: 📝 Custom Banned Password List is not enforced 🟢
📝 Custom Subscription Administrator Roles exist 🟢
- Contextual name: 📝 Custom Subscription Administrator Roles exist 🟢
📝 Database allows ingress from 0.0.0.0/0 (ANY IP) 🟢
- Contextual name: 📝 Database allows ingress from 0.0.0.0/0 (ANY IP) 🟢
📝 Database Transparent Data Encryption is not enabled 🟢
- Contextual name: 📝 Database Transparent Data Encryption is not enabled 🟢
📝 Dataset is anonymously or publicly accessible 🟢
- Contextual name: 📝 Dataset is anonymously or publicly accessible 🟢
📝 Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢
- Contextual name: 📝 Dataset is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢
📝 DATE_TIME_FROM 🟢
- Contextual name: 📝 DATETIMEFROM 🟢
📝 DateTimeType 🟢
- Contextual name: 📝 DateTimeType 🟢
📝 DateTimeType 🟢
- Contextual name: 📝 DateTimeType 🟢
📝 Default Network Access Rule is not set to Deny 🟢
- Contextual name: 📝 Default Network Access Rule is not set to Deny 🟢
📝 Default Security Group does not restrict all traffic 🟢
- Contextual name: 📝 Default Security Group does not restrict all traffic 🟢
📝 Device Code Authentication Flow is not restricted 🟢
- Contextual name: 📝 Device Code Authentication Flow is not restricted 🟢
📝 Diagnostic Setting captures Administrative, Alert, Policy, and Security categories 🟢
- Contextual name: 📝 Diagnostic Setting captures Administrative, Alert, Policy, and Security categories 🟢
📝 Diagnostic Setting exists for Subscription Activity Logs 🟢
- Contextual name: 📝 Diagnostic Setting exists for Subscription Activity Logs 🟢
📝 Diagnostic Setting for Azure AppService HTTP logs is not enabled 🟢
- Contextual name: 📝 Diagnostic Setting for Azure AppService HTTP logs is not enabled 🟢
📝 Diagnostic Setting for Azure Key Vault is not enabled 🟢
- Contextual name: 📝 Diagnostic Setting for Azure Key Vault is not enabled 🟢
📝 Diagnostic Setting is not enabled for all services that support it 🟢
- Contextual name: 📝 Diagnostic Setting is not enabled for all services that support it 🟢
📝 Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢
- Contextual name: 📝 Diagnostic Setting Logs export to Storage Account not encrypted with Customer-managed key 🟢
📝 Disable or Schedule Deletion CMK Events Monitoring is not enabled 🟢
- Contextual name: 📝 Disable or Schedule Deletion CMK Events Monitoring is not enabled 🟢
📝 Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) 🟢
- Contextual name: 📝 Disk for critical VMs is not encrypted with Customer-Supplied Encryption Key (CSEK) 🟢
📝 DURATION_FROM 🟢
- Contextual name: 📝 DURATION_FROM 🟢
📝 EBS Volume Encryption Attribute is not enabled in all regions 🟢
- Contextual name: 📝 EBS Volume Encryption Attribute is not enabled in all regions 🟢
📝 Endpoint Protection is not installed 🟢
- Contextual name: 📝 Endpoint Protection is not installed 🟢
📝 ENDS_WITH 🟢
- Contextual name: 📝 ENDS_WITH 🟢
📝 Entra ID Client Authentication is not used 🟢
- Contextual name: 📝 Entra ID Client Authentication is not used 🟢
📝 External Attack Surface Monitoring (EASM) is not enabled 🟢
- Contextual name: 📝 External Attack Surface Monitoring (EASM) is not enabled 🟢
📝 File Integrity Monitoring Component is not enabled 🟢
- Contextual name: 📝 File Integrity Monitoring Component is not enabled 🟢
📝 File System encryption is not enabled 🟢
- Contextual name: 📝 File System encryption is not enabled 🟢
📝 Flexible Server audit_log_enabled Parameter is not set to ON 🟢
- Contextual name: 📝 Flexible Server auditlogenabled Parameter is not set to ON 🟢
📝 Flexible Server audit_log_events Parameter is not set with the CONNECTION event 🟢
- Contextual name: 📝 Flexible Server auditlogevents Parameter is not set with the CONNECTION event 🟢
📝 Flexible Server connection_throttle.enable Parameter is not set to ON 🟢
- Contextual name: 📝 Flexible Server connection_throttle.enable Parameter is not set to ON 🟢
📝 Flexible Server Firewall Rules allow access to Azure services 🟢
- Contextual name: 📝 Flexible Server Firewall Rules allow access to Azure services 🟢
📝 Flexible Server log_checkpoints Parameter is not set to ON 🟢
- Contextual name: 📝 Flexible Server log_checkpoints Parameter is not set to ON 🟢
📝 Flexible Server log_retention_days Parameter is less than 4 days 🟢
- Contextual name: 📝 Flexible Server logretentiondays Parameter is less than 4 days 🟢
📝 Flexible Server require_secure_transport Parameter is not set to ON 🟢
- Contextual name: 📝 Flexible Server requiresecuretransport Parameter is not set to ON 🟢
📝 Flexible Server require_secure_transport Parameter is not set to ON 🟢
- Contextual name: 📝 Flexible Server requiresecuretransport Parameter is not set to ON 🟢
📝 Flexible Server TLS Version is not set to TLS 1.2 🟢
- Contextual name: 📝 Flexible Server TLS Version is not set to TLS 1.2 🟢
📝 Flow Logs are not enabled 🟢
- Contextual name: 📝 Flow Logs are not enabled 🟢
📝 FTP deployments are not disabled 🟢
- Contextual name: 📝 FTP deployments are not disabled 🟢
📝 GCE Network DNS Policy Logging is not enabled 🟢
- Contextual name: 📝 GCE Network DNS Policy Logging is not enabled 🟢
📝 GCE Network has Firewall Rules which allow unrestricted RDP access from the Internet 🟢
- Contextual name: 📝 GCE Network has Firewall Rules which allow unrestricted RDP access from the Internet 🟢
📝 GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet 🟢
- Contextual name: 📝 GCE Network has Firewall Rules which allow unrestricted SSH access from the Internet 🟢
📝 GCE Subnetwork Flow Logs are not enabled 🟢
- Contextual name: 📝 GCE Subnetwork Flow Logs are not enabled 🟢
📝 Global Administrator Role assigned to more than 4 users 🟢
- Contextual name: 📝 Global Administrator Role assigned to more than 4 users 🟢
📝 Google Accounts are not configured with MFA 🟢
- Contextual name: 📝 Google Accounts are not configured with MFA 🟢
📝 Google GCE Instance Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Google GCE Instance Should Have Breeze Agent Installed 🟢
📝 Google Project has API Keys 🟢
- Contextual name: 📝 Google Project has API Keys 🟢
📝 GREATER_THAN 🟢
- Contextual name: 📝 GREATER_THAN 🟢
📝 GREATER_THAN_EQUAL 🟢
- Contextual name: 📝 GREATERTHANEQUAL 🟢
📝 Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users 🟢
- Contextual name: 📝 Guest Invite Settings is not set to Only Users Assigned To Specific Admin Roles Can Invite Guest Users 🟢
📝 Guest Users are not reviewed on a regular basis 🟢
- Contextual name: 📝 Guest Users are not reviewed on a regular basis 🟢
📝 Guest Users restricted to their own directory objects 🟢
- Contextual name: 📝 Guest Users restricted to their own directory objects 🟢
📝 HTTP(S) Load Balancer Logging is not enabled 🟢
- Contextual name: 📝 HTTP(S) Load Balancer Logging is not enabled 🟢
📝 HTTPS Only configuration is not enabled 🟢
- Contextual name: 📝 HTTPS Only configuration is not enabled 🟢
📝 HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites 🟢
- Contextual name: 📝 HTTPS or SSL Proxy Load Balancer permits SSL policies with weak cipher suites 🟢
📝 IAM Access Analyzer is not enabled for all regions 🟢
- Contextual name: 📝 IAM Access Analyzer is not enabled for all regions 🟢
📝 IAM Password Policy minimum password length is 14 characters or less 🟢
- Contextual name: 📝 IAM Password Policy minimum password length is 14 characters or less 🟢
📝 IAM Password Policy Number of passwords to remember is not set to 24 🟢
- Contextual name: 📝 IAM Password Policy Number of passwords to remember is not set to 24 🟢
📝 IAM Policy Changes Monitoring is not enabled 🟢
- Contextual name: 📝 IAM Policy Changes Monitoring is not enabled 🟢
📝 IAM Role Unused 🟢
- Contextual name: 📝 IAM Role Unused 🟢
📝 IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level 🟢
- Contextual name: 📝 IAM Users are assigned the Service Account User or Service Account Token Creator roles at Project level 🟢
📝 Identity Aware Proxy (IAP) is not used to enforce access controls 🟢
- Contextual name: 📝 Identity Aware Proxy (IAP) is not used to enforce access controls 🟢
📝 Instance Auto Minor Version Upgrade is not enabled 🟠🟢
- Contextual name: 📝 Instance Auto Minor Version Upgrade is not enabled 🟠🟢
📝 Instance Block Project-Wide SSH Keys is not enabled 🟢
- Contextual name: 📝 Instance Block Project-Wide SSH Keys is not enabled 🟢
📝 Instance Confidential Compute is not enabled 🟢
- Contextual name: 📝 Instance Confidential Compute is not enabled 🟢
📝 Instance Detailed Monitoring is not enabled 🟢
- Contextual name: 📝 Instance Detailed Monitoring is not enabled 🟢
📝 Instance doesn't have the latest operating system updates installed 🟢
- Contextual name: 📝 Instance doesn't have the latest operating system updates installed 🟢
📝 Instance Enable Connecting to Serial Ports is not disabled 🟢
- Contextual name: 📝 Instance Enable Connecting to Serial Ports is not disabled 🟢
📝 Instance Encryption is not enabled 🟢
- Contextual name: 📝 Instance Encryption is not enabled 🟢
📝 Instance has a public IP address 🟢
- Contextual name: 📝 Instance has a public IP address 🟢
📝 Instance IAM role is not attached 🟢
- Contextual name: 📝 Instance IAM role is not attached 🟢
📝 Instance IMDSv2 is not enabled 🟢
- Contextual name: 📝 Instance IMDSv2 is not enabled 🟢
📝 Instance IP Forwarding is not disabled. 🟢
- Contextual name: 📝 Instance IP Forwarding is not disabled. 🟢
📝 Instance is configured to use the Default Service Account 🟢
- Contextual name: 📝 Instance is configured to use the Default Service Account 🟢
📝 Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢
- Contextual name: 📝 Instance is configured to use the Default Service Account with full access to all Cloud APIs 🟢
📝 Instance is idle 🟢
- Contextual name: 📝 Instance is idle 🟢
📝 Instance is launched without Shielded VM enabled 🟢
- Contextual name: 📝 Instance is launched without Shielded VM enabled 🟢
📝 Instance is overutilized 🟢
- Contextual name: 📝 Instance is overutilized 🟢
📝 Instance is publicly accessible and in an unrestricted public subnet 🟢
- Contextual name: 📝 Instance is publicly accessible and in an unrestricted public subnet 🟢
📝 Instance is underutilized 🟢
- Contextual name: 📝 Instance is underutilized 🟢
📝 Instance Multi-AZ Deployment is not enabled 🟢
- Contextual name: 📝 Instance Multi-AZ Deployment is not enabled 🟢
📝 Instance OS Login is not enabled 🟢
- Contextual name: 📝 Instance OS Login is not enabled 🟢
📝 Instance uses default endpoint port 🟢
- Contextual name: 📝 Instance uses default endpoint port 🟢
📝 Instance without a public IP address is in a public subnet 🟢
- Contextual name: 📝 Instance without a public IP address is in a public subnet 🟢
📝 Integration With Microsoft Defender For Cloud Apps is not enabled 🟢
- Contextual name: 📝 Integration With Microsoft Defender For Cloud Apps is not enabled 🟢
📝 Integration With Microsoft Defender For Endpoint is not enabled 🟢
- Contextual name: 📝 Integration With Microsoft Defender For Endpoint is not enabled 🟢
📝 IS_AFTER_TODAY 🟢
- Contextual name: 📝 ISAFTERTODAY 🟢
📝 IS_BEFORE_TODAY 🟢
- Contextual name: 📝 ISBEFORETODAY 🟢
📝 IS_BEYOND_LAST_DAYS 🟢
- Contextual name: 📝 ISBEYONDLAST_DAYS 🟢
📝 IS_BEYOND_NEXT_DAYS 🟢
- Contextual name: 📝 ISBEYONDNEXT_DAYS 🟢
📝 IS_WITHIN_LAST_DAYS 🟢
- Contextual name: 📝 ISWITHINLAST_DAYS 🟢
📝 IS_WITHIN_NEXT_DAYS 🟢
- Contextual name: 📝 ISWITHINNEXT_DAYS 🟢
📝 JsonType 🟢
- Contextual name: 📝 JsonType 🟢
📝 JsonType 🟢
- Contextual name: 📝 JsonType 🟢
📝 LESS_THAN 🟢
- Contextual name: 📝 LESS_THAN 🟢
📝 LESS_THAN_EQUAL 🟢
- Contextual name: 📝 LESSTHANEQUAL 🟢
📝 Log Analytics Agent is not auto provisioned 🟢
- Contextual name: 📝 Log Analytics Agent is not auto provisioned 🟢
📝 Log File Validation is not enabled 🟢
- Contextual name: 📝 Log File Validation is not enabled 🟢
📝 Log Metric Filter and Alerts Cloud Storage IAM Permission Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts Cloud Storage IAM Permission Changes do not exist 🟢
📝 Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for Audit Configuration Changes do not exist 🟢
📝 Log Metric Filter and Alerts for Custom Role Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for Custom Role Changes do not exist 🟢
📝 Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for Project Ownership Assignments Changes do not exist 🟢
📝 Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for SQL Instance Configuration Changes do not exist 🟢
📝 Log Metric Filter and Alerts for VPC Network Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for VPC Network Changes do not exist 🟢
📝 Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for VPC Network Firewall Rule Changes do not exist 🟢
📝 Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟢
- Contextual name: 📝 Log Metric Filter and Alerts for VPC Network Route Changes do not exist 🟢
📝 Log Sink for All Log Entries is not configured 🟢
- Contextual name: 📝 Log Sink for All Log Entries is not configured 🟢
📝 Managed Disk Data Access Auth Mode is not set to Azure Active Directory 🟢
- Contextual name: 📝 Managed Disk Data Access Auth Mode is not set to Azure Active Directory 🟢
📝 Managed Disk Public Network Access is not disabled 🟢
- Contextual name: 📝 Managed Disk Public Network Access is not disabled 🟢
📝 Managed Zone DNSSEC is not enabled 🟢
- Contextual name: 📝 Managed Zone DNSSEC is not enabled 🟢
📝 Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟢
- Contextual name: 📝 Managed Zone DNSSEC Key-Signing Algorithm is RSASHA1 🟢
📝 Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟢
- Contextual name: 📝 Managed Zone DNSSEC Zone-Signing Algorithm is RSASHA1 🟢
📝 Management Console Authentication Failures Monitoring is not enabled 🟢
- Contextual name: 📝 Management Console Authentication Failures Monitoring is not enabled 🟢
📝 Management Console Sign-In without MFA Monitoring is not enabled 🟢
- Contextual name: 📝 Management Console Sign-In without MFA Monitoring is not enabled 🟢
📝 MFA For Administrators is not required 🟢
- Contextual name: 📝 MFA For Administrators is not required 🟢
📝 MFA For All Users is not required 🟢
- Contextual name: 📝 MFA For All Users is not required 🟢
📝 MFA For Risky Sign-Ins is not required 🟢
- Contextual name: 📝 MFA For Risky Sign-Ins is not required 🟢
📝 MFA For Windows Azure Service Management API is not required 🟢
- Contextual name: 📝 MFA For Windows Azure Service Management API is not required 🟢
📝 MFA To Access Microsoft Admin Portals is not required 🟢
- Contextual name: 📝 MFA To Access Microsoft Admin Portals is not required 🟢
📝 Microsoft Cloud Security Benchmark policies are disabled 🟢
- Contextual name: 📝 Microsoft Cloud Security Benchmark policies are disabled 🟢
📝 Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For (Managed Instance) Azure SQL Databases is not set to On 🟢
📝 Microsoft Defender For App Services is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For App Services is not set to On 🟢
📝 Microsoft Defender For Azure Cosmos DB is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Azure Cosmos DB is not set to On 🟢
📝 Microsoft Defender For Containers is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Containers is not set to On 🟢
📝 Microsoft Defender For DNS is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For DNS is not set to On 🟢
📝 Microsoft Defender For IoT Hub is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For IoT Hub is not set to On 🟢
📝 Microsoft Defender For Key Vault is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Key Vault is not set to On 🟢
📝 Microsoft Defender For Open-Source Relational Databases is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Open-Source Relational Databases is not set to On 🟢
📝 Microsoft Defender For Resource Manager is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Resource Manager is not set to On 🟢
📝 Microsoft Defender For Servers is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Servers is not set to On 🟢
📝 Microsoft Defender For SQL Servers On Machines is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For SQL Servers On Machines is not set to On 🟢
📝 Microsoft Defender For Storage is not set to On 🟢
- Contextual name: 📝 Microsoft Defender For Storage is not set to On 🟢
📝 Minimum TLS Version is not set to TLS 1.2 or higher 🟢
- Contextual name: 📝 Minimum TLS Version is not set to TLS 1.2 or higher 🟢
📝 Minimum TLS Version is not set to TLS 1.2 or higher 🟢
- Contextual name: 📝 Minimum TLS Version is not set to TLS 1.2 or higher 🟢
📝 Mission-Critical Azure Resources do not use Locks 🟢
- Contextual name: 📝 Mission-Critical Azure Resources do not use Locks 🟢
📝 Multi-Region CloudTrail is not enabled 🟢
- Contextual name: 📝 Multi-Region CloudTrail is not enabled 🟢
📝 MySQL Instance allows anyone to connect with administrative privileges 🟢
- Contextual name: 📝 MySQL Instance allows anyone to connect with administrative privileges 🟢
📝 MySQL Instance Local_infile Database Flag is not set to off 🟢
- Contextual name: 📝 MySQL Instance Local_infile Database Flag is not set to off 🟢
📝 MySQL Instance Skip_show_database Database Flag is not set to on 🟢
- Contextual name: 📝 MySQL Instance Skipshowdatabase Database Flag is not set to on 🟢
📝 Named Locations are not defined 🟢
- Contextual name: 📝 Named Locations are not defined 🟢
📝 Network Access Control Lists Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Network Access Control Lists Changes Monitoring is not enabled 🟢
📝 Network ACL exposes admin ports to public internet 🟢
- Contextual name: 📝 Network ACL exposes admin ports to public internet 🟢
📝 Network Gateways Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Network Gateways Changes Monitoring is not enabled 🟢
📝 Network Security Group Flow Logs are not captured and sent to Log Analytics Workspace 🟢
- Contextual name: 📝 Network Security Group Flow Logs are not captured and sent to Log Analytics Workspace 🟢
📝 Network Watcher is not enabled in every available region 🟢
- Contextual name: 📝 Network Watcher is not enabled in every available region 🟢
📝 Non-Privileged Users Multi-Factor Auth Status is not enabled 🟢
- Contextual name: 📝 Non-Privileged Users Multi-Factor Auth Status is not enabled 🟢
📝 Non-RBAC Key Vault stores Keys without expiration date 🟢
- Contextual name: 📝 Non-RBAC Key Vault stores Keys without expiration date 🟢
📝 Non-RBAC Key Vault stores Secrets without expiration date 🟢
- Contextual name: 📝 Non-RBAC Key Vault stores Secrets without expiration date 🟢
📝 Notify All Admins When Other Admins Reset Their Password is set No 🟢
- Contextual name: 📝 Notify All Admins When Other Admins Reset Their Password is set No 🟢
📝 Notify Users On Password Resets is set to No 🟢
- Contextual name: 📝 Notify Users On Password Resets is set to No 🟢
📝 NumberType 🟢
- Contextual name: 📝 NumberType 🟢
📝 NumberType 🟢
- Contextual name: 📝 NumberType 🟢
📝 Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled 🟢
- Contextual name: 📝 Object-level CloudTrail Logging for Read Events for S3 Buckets is not enabled 🟢
📝 Object-level CloudTrail Logging for Write Events for S3 Buckets is not enabled 🟢
- Contextual name: 📝 Object-level CloudTrail Logging for Write Events for S3 Buckets is not enabled 🟢
📝 og Sink exports logs to a Storage Bucket without Bucket Lock 🟢
- Contextual name: 📝 og Sink exports logs to a Storage Bucket without Bucket Lock 🟢
📝 OR 🟢
- Contextual name: 📝 OR 🟢
📝 Organization Administrator Security Key Enforcement is not enabled 🟢
- Contextual name: 📝 Organization Administrator Security Key Enforcement is not enabled 🟢
📝 Organization Essential Contacts is not configured 🟢
- Contextual name: 📝 Organization Essential Contacts is not configured 🟢
📝 OS and Data disks are not encrypted with Customer-managed key 🟢
- Contextual name: 📝 OS and Data disks are not encrypted with Customer-managed key 🟢
📝 Owners Can Manage Group Membership Requests In The Access Panel is set to Yes 🟢
- Contextual name: 📝 Owners Can Manage Group Membership Requests In The Access Panel is set to Yes 🟢
📝 Physical Server Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 Physical Server Should Have Breeze Agent Installed 🟢
📝 Policy (Customer Managed) Contains Potential Credentials Exposure 🔴🟠
- Contextual name: 📝 Policy (Customer Managed) Contains Potential Credentials Exposure 🔴🟠
📝 Policy allows full administrative privileges 🟢
- Contextual name: 📝 Policy allows full administrative privileges 🟢
📝 PostgreSQL Instance `Log_error_verbosity` Database Flag is not set to DEFAULT or stricter 🟢
- Contextual name: 📝 PostgreSQL Instance Logerrorverbosity Database Flag is not set to DEFAULT or stricter 🟢
📝 PostgreSQL Instance cloudsql.enable_pgaudit Database Flag is not set to on 🟢
- Contextual name: 📝 PostgreSQL Instance cloudsql.enable_pgaudit Database Flag is not set to on 🟢
📝 PostgreSQL Instance Log_connections Database Flag is not set to On 🟢
- Contextual name: 📝 PostgreSQL Instance Log_connections Database Flag is not set to On 🟢
📝 PostgreSQL Instance Log_disconnections Database Flag is not set to On 🟢
- Contextual name: 📝 PostgreSQL Instance Log_disconnections Database Flag is not set to On 🟢
📝 PostgreSQL Instance Log_min_duration_statement Database Flag is not set to `-1` (Disabled) 🟢
- Contextual name: 📝 PostgreSQL Instance Logminduration_statement Database Flag is not set to -1 (Disabled) 🟢
📝 PostgreSQL Instance Log_min_error_statement Database Flag is not set to Error or stricter 🟢
- Contextual name: 📝 PostgreSQL Instance Logminerror_statement Database Flag is not set to Error or stricter 🟢
📝 PostgreSQL Instance Log_min_messages Database Flag is not set at minimum to Warning 🟢
- Contextual name: 📝 PostgreSQL Instance Logminmessages Database Flag is not set at minimum to Warning 🟢
📝 PostgreSQL Instance Log_statement Database Flag is not set appropriately 🟢
- Contextual name: 📝 PostgreSQL Instance Log_statement Database Flag is not set appropriately 🟢
📝 Primary Contact information is not current 🔴🟢
- Contextual name: 📝 Primary Contact information is not current 🔴🟢
📝 Private Endpoints are not used 🟢
- Contextual name: 📝 Private Endpoints are not used 🟢
📝 Private Endpoints are not used 🟢
- Contextual name: 📝 Private Endpoints are not used 🟢
📝 Private Endpoints are not used 🟢
- Contextual name: 📝 Private Endpoints are not used 🟢
📝 Privileged Users Multi-Factor Auth Status is not enabled 🟢
- Contextual name: 📝 Privileged Users Multi-Factor Auth Status is not enabled 🟢
📝 Privileged Virtual Machine is accessed by identities without MFA 🟢
- Contextual name: 📝 Privileged Virtual Machine is accessed by identities without MFA 🟢
📝 Project has a default network 🟢
- Contextual name: 📝 Project has a default network 🟢
📝 Project has a legacy network 🟢
- Contextual name: 📝 Project has a legacy network 🟢
📝 Public IP Addresses are not evaluated periodically 🟢
- Contextual name: 📝 Public IP Addresses are not evaluated periodically 🟢
📝 Public Network Access is not disabled 🟢
- Contextual name: 📝 Public Network Access is not disabled 🟢
📝 Queue Logging is not enabled for Read, Write, and Delete requests 🟢
- Contextual name: 📝 Queue Logging is not enabled for Read, Write, and Delete requests 🟢
📝 RBAC Key Vault stores Keys without expiration date 🟢
- Contextual name: 📝 RBAC Key Vault stores Keys without expiration date 🟢
📝 RBAC Key Vault stores Secrets without expiration date 🟢
- Contextual name: 📝 RBAC Key Vault stores Secrets without expiration date 🟢
📝 Recommendations for Apply System Updates are not completed 🟢
- Contextual name: 📝 Recommendations for Apply System Updates are not completed 🟢
📝 Reconfirm Authentication Information is set to 0 🟢
- Contextual name: 📝 Reconfirm Authentication Information is set to 0 🟢
📝 Remote Debugging is not disabled 🟢
- Contextual name: 📝 Remote Debugging is not disabled 🟢
📝 Require Infrastructure Encryption is not enabled 🟢
- Contextual name: 📝 Require Infrastructure Encryption is not enabled 🟢
📝 Require MFA to register or join devices with Microsoft Entra ID is set to No 🟢
- Contextual name: 📝 Require MFA to register or join devices with Microsoft Entra ID is set to No 🟢
📝 Resource Lock Administrator Custom Role does not exist 🟢
- Contextual name: 📝 Resource Lock Administrator Custom Role does not exist 🟢
📝 Resources Basic SKU is used for production workloads 🟢
- Contextual name: 📝 Resources Basic SKU is used for production workloads 🟢
📝 REST API Stage is not associated with a WAF Web ACL 🟢
- Contextual name: 📝 REST API Stage is not associated with a WAF Web ACL 🟢
📝 REST API Stage is not configured to use an SSL certificate for authentication 🟢
- Contextual name: 📝 REST API Stage is not configured to use an SSL certificate for authentication 🟢
📝 REST API Stage X-Ray Tracing is not enabled 🟢
- Contextual name: 📝 REST API Stage X-Ray Tracing is not enabled 🟢
📝 Restrict Access To Microsoft Entra Admin Center is set to No 🟢
- Contextual name: 📝 Restrict Access To Microsoft Entra Admin Center is set to No 🟢
📝 Restrict User Ability To Access Groups Features In The Access Pane is set to No 🟢
- Contextual name: 📝 Restrict User Ability To Access Groups Features In The Access Pane is set to No 🟢
📝 Role Based Access Control is not enabled 🟢
- Contextual name: 📝 Role Based Access Control is not enabled 🟢
📝 Roles related to KMS are not assigned to separate users 🟢
- Contextual name: 📝 Roles related to KMS are not assigned to separate users 🟢
📝 Root Account Usage Monitoring is not enabled 🟢
- Contextual name: 📝 Root Account Usage Monitoring is not enabled 🟢
📝 Root User credentials were used is the last 30 days 🔴🟢
- Contextual name: 📝 Root User credentials were used is the last 30 days 🔴🟢
📝 Route Table Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Route Table Changes Monitoring is not enabled 🟢
📝 Route Table for VPC Peering does not follow the least privilege principle 🟢
- Contextual name: 📝 Route Table for VPC Peering does not follow the least privilege principle 🟢
📝 RSA Certificate key length is less than 2048 bits 🟢
- Contextual name: 📝 RSA Certificate key length is less than 2048 bits 🟢
📝 S3 Bucket Access Logging is not enabled. 🟢
- Contextual name: 📝 S3 Bucket Access Logging is not enabled. 🟢
📝 S3 Bucket Policy Changes Monitoring is not enabled 🟢
- Contextual name: 📝 S3 Bucket Policy Changes Monitoring is not enabled 🟢
📝 Secure Transfer Required is not enabled 🟢
- Contextual name: 📝 Secure Transfer Required is not enabled 🟢
📝 Security Alert Notifications additional email address is not configured 🟢
- Contextual name: 📝 Security Alert Notifications additional email address is not configured 🟢
📝 Security Alert Notifications for alerts with High severity is not configured 🟢
- Contextual name: 📝 Security Alert Notifications for alerts with High severity is not configured 🟢
📝 Security Alert Notifications to subscription owners are not configured 🟢
- Contextual name: 📝 Security Alert Notifications to subscription owners are not configured 🟢
📝 Security Defaults are not enabled 🟢
- Contextual name: 📝 Security Defaults are not enabled 🟢
📝 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢
- Contextual name: 📝 Security Group allows public IPv4 (0.0.0.0/0) access to admin ports 🟢
📝 Security Group allows public IPv6 (::/0) access to admin ports 🟢
- Contextual name:/0) access to admin ports 🟢
📝 Security Group allows unrestricted CIFS traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted CIFS traffic 🟢
📝 Security Group allows unrestricted DNS traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted DNS traffic 🟢
📝 Security Group allows unrestricted FTP traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted FTP traffic 🟢
📝 Security Group allows unrestricted HTTP(S) access from the Internet 🟢
- Contextual name: 📝 Security Group allows unrestricted HTTP(S) access from the Internet 🟢
📝 Security Group allows unrestricted ICMP traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted ICMP traffic 🟢
📝 Security Group allows unrestricted NetBIOS traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted NetBIOS traffic 🟢
📝 Security Group allows unrestricted RDP access from the Internet 🟢
- Contextual name: 📝 Security Group allows unrestricted RDP access from the Internet 🟢
📝 Security Group allows unrestricted RPC traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted RPC traffic 🟢
📝 Security Group allows unrestricted SMTP traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted SMTP traffic 🟢
📝 Security Group allows unrestricted SSH access from the Internet 🟢
- Contextual name: 📝 Security Group allows unrestricted SSH access from the Internet 🟢
📝 Security Group allows unrestricted Telnet traffic 🟢
- Contextual name: 📝 Security Group allows unrestricted Telnet traffic 🟢
📝 Security Group allows unrestricted traffic to all ports 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to all ports 🟢
📝 Security Group allows unrestricted traffic to MongoDB 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to MongoDB 🟢
📝 Security Group allows unrestricted traffic to MSSQL 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to MSSQL 🟢
📝 Security Group allows unrestricted traffic to MySQL 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to MySQL 🟢
📝 Security Group allows unrestricted traffic to Oracle DBMS 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to Oracle DBMS 🟢
📝 Security Group allows unrestricted traffic to PostgreSQL 🟢
- Contextual name: 📝 Security Group allows unrestricted traffic to PostgreSQL 🟢
📝 Security Group allows unrestricted UDP access from the Internet 🟢
- Contextual name: 📝 Security Group allows unrestricted UDP access from the Internet 🟢
📝 Security Group Changes Monitoring is not enabled 🟢
- Contextual name: 📝 Security Group Changes Monitoring is not enabled 🟢
📝 Security Group Flow Logs retention period is less than 90 days 🟢
- Contextual name: 📝 Security Group Flow Logs retention period is less than 90 days 🟢
📝 Security Hub is not enabled 🟢
- Contextual name: 📝 Security Hub is not enabled 🟢
📝 Self-Service Password Reset does not require 2 authentication methods 🟢
- Contextual name: 📝 Self-Service Password Reset does not require 2 authentication methods 🟢
📝 Sensitive Data Protection is not in use 🟢
- Contextual name: 📝 Sensitive Data Protection is not in use 🟢
📝 Server Auditing is not enabled 🟢
- Contextual name: 📝 Server Auditing is not enabled 🟢
📝 Server Auditing Retention is less than 90 days 🟢
- Contextual name: 📝 Server Auditing Retention is less than 90 days 🟢
📝 Server Certificate is expired 🟢
- Contextual name: 📝 Server Certificate is expired 🟢
📝 Server Microsoft Entra authentication is not configured 🟢
- Contextual name: 📝 Server Microsoft Entra authentication is not configured 🟢
📝 Server Public Network Access is not disabled 🟢
- Contextual name: 📝 Server Public Network Access is not disabled 🟢
📝 Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟢
- Contextual name: 📝 Server Transparent Data Encryption Protector is not encrypted with Customer-managed key 🟢
📝 Service Account has admin privileges 🟢
- Contextual name: 📝 Service Account has admin privileges 🟢
📝 Service Account has User-Managed Keys 🟢
- Contextual name: 📝 Service Account has User-Managed Keys 🟢
📝 Service Account User-Managed Key is not rotated every 90 days 🟢
- Contextual name: 📝 Service Account User-Managed Key is not rotated every 90 days 🟢
📝 Shared Access Signature Tokens do not expire within 1 hour 🟢
- Contextual name: 📝 Shared Access Signature Tokens do not expire within 1 hour 🟢
📝 Single Server Enforce SSL Connection is not set enabled 🟢
- Contextual name: 📝 Single Server Enforce SSL Connection is not set enabled 🟢
📝 Single Server Infrastructure Double Encryption is not enabled 🟢
- Contextual name: 📝 Single Server Infrastructure Double Encryption is not enabled 🟢
📝 Single Server log_connections Parameter is not set to ON 🟢
- Contextual name: 📝 Single Server log_connections Parameter is not set to ON 🟢
📝 Single Server log_disconnections Parameter is not set to ON 🟢
- Contextual name: 📝 Single Server log_disconnections Parameter is not set to ON 🟢
📝 Snapshot is publicly accessible 🟢
- Contextual name: 📝 Snapshot is publicly accessible 🟢
📝 Soft Delete and Purge Protection functions are not enabled 🟢
- Contextual name: 📝 Soft Delete and Purge Protection functions are not enabled 🟢
📝 SQL Instance Automated Backups are not configured 🟢
- Contextual name: 📝 SQL Instance Automated Backups are not configured 🟢
📝 SQL Instance External Authorized Networks do not whitelist all public IP addresses 🟢
- Contextual name: 📝 SQL Instance External Authorized Networks do not whitelist all public IP addresses 🟢
📝 SQL Instance has public IP addresses 🟢
- Contextual name: 📝 SQL Instance has public IP addresses 🟢
📝 SQL Instance SSL Connections are not enforced 🟢
- Contextual name: 📝 SQL Instance SSL Connections are not enforced 🟢
📝 SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢
- Contextual name: 📝 SQL Server Instance 3625 (trace flag) Database Flag is not set to on 🟢
📝 SQL Server Instance contained database authentication Database Flag is set to on 🟢
- Contextual name: 📝 SQL Server Instance contained database authentication Database Flag is set to on 🟢
📝 SQL Server Instance cross db ownership chaining Database Flag is not set to off 🟢
- Contextual name: 📝 SQL Server Instance cross db ownership chaining Database Flag is not set to off 🟢
📝 SQL Server Instance external scripts enabled Database Flag is not set to off 🟢
- Contextual name: 📝 SQL Server Instance external scripts enabled Database Flag is not set to off 🟢
📝 SQL Server Instance remote access Database Flag is not set to off 🟢
- Contextual name: 📝 SQL Server Instance remote access Database Flag is not set to off 🟢
📝 SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢
- Contextual name: 📝 SQL Server Instance user connections Database Flag is set to a limiting (other than 0) value 🟢
📝 SQL Server Instance user options Database Flag is configured 🟢
- Contextual name: 📝 SQL Server Instance user options Database Flag is configured 🟢
📝 STARTS_WITH 🟢
- Contextual name: 📝 STARTS_WITH 🟢
📝 Subscription Leaving Microsoft Entra ID Directory and Subscription Entering Microsoft Entra ID Directory is not set to Permit No One 🟢
- Contextual name: 📝 Subscription Leaving Microsoft Entra ID Directory and Subscription Entering Microsoft Entra ID Directory is not set to Permit No One 🟢
📝 Symmetric CMK Rotation is not enabled 🟢
- Contextual name: 📝 Symmetric CMK Rotation is not enabled 🟢
📝 Table is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢
- Contextual name: 📝 Table is not encrypted with Customer-Managed Encryption Key (CMEK) 🟢
📝 Table Logging is not enabled for Read, Write, and Delete requests 🟢
- Contextual name: 📝 Table Logging is not enabled for Read, Write, and Delete requests 🟢
📝 TAG_EXISTS 🟢
- Contextual name: 📝 TAG_EXISTS 🟢
📝 TAG_VALUE 🟢
- Contextual name: 📝 TAG_VALUE 🟢
📝 Tenant Creation is set to Yes 🟢
- Contextual name: 📝 Tenant Creation is set to Yes 🟢
📝 TextType 🟢
- Contextual name: 📝 TextType 🟢
📝 TextType 🟢
- Contextual name: 📝 TextType 🟢
📝 Trusted Azure Services are not enabled as networking exceptions 🟢
- Contextual name: 📝 Trusted Azure Services are not enabled as networking exceptions 🟢
📝 Trusted Launch is not enabled 🟢
- Contextual name: 📝 Trusted Launch is not enabled 🟢
📝 Unapproved Extensions are installed 🟢
- Contextual name: 📝 Unapproved Extensions are installed 🟢
📝 Unattached Managed Disk is not encrypted with Customer-managed key 🟢
- Contextual name: 📝 Unattached Managed Disk is not encrypted with Customer-managed key 🟢
📝 Unauthorized API Calls Monitoring is not enabled 🟢
- Contextual name: 📝 Unauthorized API Calls Monitoring is not enabled 🟢
📝 User Access Keys are not rotated every 90 days or less 🟢
- Contextual name: 📝 User Access Keys are not rotated every 90 days or less 🟢
📝 User Consent For Applications is not set to Allow From Verified Publishers 🟢
- Contextual name: 📝 User Consent For Applications is not set to Allow From Verified Publishers 🟢
📝 User Consent For Applications is not set to Do Not Allow User Consent 🟢
- Contextual name: 📝 User Consent For Applications is not set to Do Not Allow User Consent 🟢
📝 User has both Service Account Admin and Service Account User roles assigned 🟢
- Contextual name: 📝 User has both Service Account Admin and Service Account User roles assigned 🟢
📝 User has inline or directly attached policies 🟢
- Contextual name: 📝 User has inline or directly attached policies 🟢
📝 User has more than one active access key 🟢
- Contextual name: 📝 User has more than one active access key 🟢
📝 User MFA is not enabled for all users with console password 🟢
- Contextual name: 📝 User MFA is not enabled for all users with console password 🟢
📝 User with console and programmatic access set during the initial creation 🟢
- Contextual name: 📝 User with console and programmatic access set during the initial creation 🟢
📝 User with credentials unused for 45 days or more is not disabled 🟢
- Contextual name: 📝 User with credentials unused for 45 days or more is not disabled 🟢
📝 Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes 🟢
- Contextual name: 📝 Users Can Create Microsoft 365 Groups In Azure Portals, API Or PowerShell is set to Yes 🟢
📝 Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes 🟢
- Contextual name: 📝 Users Can Create Security Groups In Azure Portals, API Or PowerShell is set to Yes 🟢
📝 Users Can Register Applications is set to Yes 🟢
- Contextual name: 📝 Users Can Register Applications is set to Yes 🟢
📝 vCenter Virtual Machine Should Have Breeze Agent Installed 🟢
- Contextual name: 📝 vCenter Virtual Machine Should Have Breeze Agent Installed 🟢
📝 Virtual Machine is not utilizing Managed Disks 🟢
- Contextual name: 📝 Virtual Machine is not utilizing Managed Disks 🟢
📝 Virtual Network Filter is not enabled 🟢
- Contextual name: 📝 Virtual Network Filter is not enabled 🟢
📝 VPC Changes Monitoring is not enabled 🟢
- Contextual name: 📝 VPC Changes Monitoring is not enabled 🟢
📝 Vulnerability Assessment is not auto provisioned 🟢
- Contextual name: 📝 Vulnerability Assessment is not auto provisioned 🟢
📝 Workgroup CloudWatch Metrics are not enabled 🟢
- Contextual name: 📝 Workgroup CloudWatch Metrics are not enabled 🟢