AC_AZURE_0286 | Ensure SSH (TCP:22) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0287 | Ensure SSH (TCP:22) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
AC_AZURE_0288 | Ensure password authentication is disabled for Azure Linux Virtual Machine | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0289 | Ensure HTTP application routing has been disabled for Azure Kubernetes Cluster | Azure | Infrastructure Security | HIGH |
AC_AZURE_0290 | Ensure that Azure policies add-on are used for Azure Kubernetes Cluster | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0291 | Ensure that logging to Azure Monitoring is configured for Azure Kubernetes Cluster | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0292 | Ensure that public access is disabled in Azure Key Vault | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0293 | Ensure that Web Application Firewall (WAF) is used in 'Detection' or 'Prevention' modes for Azure Front Door | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0294 | Ensure encryption is enabled for Azure Data Lake Store | Azure | Data Protection | MEDIUM |
AC_AZURE_0295 | Ensure that logging for detailed error messages is enabled for Azure App Service | Azure | Logging and Monitoring | LOW |
AC_AZURE_0296 | Ensure that failed request tracing is enabled for Azure App Service | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0297 | Ensure that Azure Files are used for Azure App Service | Azure | Resilience | MEDIUM |
AC_AZURE_0298 | Ensure that Azure Data Explorer uses double encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0299 | Ensure that Azure Data Explorer uses disk encryption in Azure Kusto Cluster | Azure | Data Protection | MEDIUM |
AC_AZURE_0300 | Ensure virtual network is used to deploy Azure Container Group | Azure | Security Best Practices | MEDIUM |
AC_AZURE_0301 | Ensure that key vault is used to encrypt data for Azure Batch Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0302 | Ensure read, write and delete request logging is enabled for queue service in Azure Storage Account | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0303 | Ensure that authentication feature is enabled for Azure Function App | Azure | Security Best Practices | LOW |
AC_AZURE_0304 | Ensure extensions are not installed on Azure Windows Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0305 | Ensure public access is disabled for Azure Storage Sync | Azure | Infrastructure Security | HIGH |
AC_AZURE_0306 | Ensures that Active Directory is used for authentication for Azure Service Fabric Cluster | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0307 | Ensure public access is disabled for Azure Search Service | Azure | Infrastructure Security | HIGH |
AC_AZURE_0308 | Ensure public access is disabled for Azure MySQL Single Server | Azure | Infrastructure Security | HIGH |
AC_AZURE_0309 | Ensure default network access rule is set to deny in Azure Storage Account Network Rules | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0310 | Ensure VM extensions are not installed on Linux VM's in Azure Linux Virtual Machine | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0311 | Ensure public access is disabled for Azure IoT Hub | Azure | Infrastructure Security | HIGH |
AC_AZURE_0312 | Ensure public network access disabled for Azure Eventgrid Domain | Azure | Infrastructure Security | HIGH |
AC_AZURE_0313 | Ensure that virtual networks are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0314 | Ensure that Web Application Firewall (WAF) enabled for Azure Front Door | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0315 | Ensure customer-managed keys to encrypt data at rest for Azure CosmosDB Account | Azure | Data Protection | MEDIUM |
AC_AZURE_0316 | Ensure public network access disabled for Azure CosmosDB Account | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0317 | Ensure that string variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0318 | Ensure that integer variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0319 | Ensure that date-time variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0320 | Ensure that boolean variables are encrypted for Azure Automation Variable | Azure | Data Protection | MEDIUM |
AC_AZURE_0321 | Ensure public access is disabled for Azure Managed Disk | Azure | Infrastructure Security | HIGH |
AC_AZURE_0322 | Ensure that Microsoft Defender for Key Vault is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0323 | Ensure that Microsoft Defender for Kubernetes is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0324 | Ensure that Microsoft Defender for Container Registries is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0325 | Ensure that Microsoft Defender for Storage is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0326 | Ensure that Microsoft Defender for SQL servers on machines is set to 'On' | Azure | Data Protection | MEDIUM |
AC_AZURE_0327 | Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers | Azure | Data Protection | MEDIUM |
AC_AZURE_0328 | Ensure that Microsoft Defender for App Service is set to 'On' | Azure | Identity and Access Management | MEDIUM |
AC_AZURE_0329 | Ensure custom script extensions are not used in Azure Linux Virtual Machine | Azure | Data Protection | MEDIUM |
AC_AZURE_0330 | Ensure that Microsoft Defender for Cloud Apps (MCAS) Integration with Microsoft Defender for Cloud is Selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0331 | Ensure that Microsoft Defender for Endpoint (WDATP) integration with Microsoft Defender for Cloud is selected | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0332 | Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On' | Azure | Compliance Validation | MEDIUM |
AC_AZURE_0333 | Ensure that Activity Log Alert exists for Delete Network Security Group | Azure | Logging and Monitoring | MEDIUM |
AC_AZURE_0334 | Ensure FTP deployments are Disabled | Azure | Infrastructure Security | MEDIUM |
AC_AZURE_0335 | Ensure the web app has 'Client Certificates (Incoming client certificates)' set to 'On' | Azure | Infrastructure Security | MEDIUM |