Azure Auto Checks Detailed Explanations

Articles

• Verify that Activity Log Alert exists for Create Policy Assignment
• Verify that That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
• Verify that Activity Log Alert exists for Delete Public IP Address rule
• Verify that server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
• Verify that 'Additional email addresses' is Configured with a Security Contact Email
• Verify that Microsoft Defender for Containers Is Set To 'On'
• Verify that 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
• Verify that SSH access from the Internet is evaluated and restricted
• Verify that 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
• Verify that Activity Log Alert exists for Create or Update Public IP Address rule
• Verify that the Expiration Date is set for all Secrets in RBAC Key Vaults
• Verify that Activity Log Alert exists for Delete Security Solution
• Verify that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'
• Verify that 'Auditing' Retention is 'greater than 90 days'
• Verify that the Key Vault is Recoverable
• Verify that 'Restrict non-admin users from creating tenants' is set to 'Yes'
• Verify that HTTP(S) access from the Internet is evaluated and restricted
• Verify that That Microsoft Defender for App Services Is Set To 'On'
• Verify that That 'All users with the following roles' is set to 'Owner'
• Verify that Network Watcher is 'Enabled' for all locations in the Azure subscription
• Verify that Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
• Verify that That Private Endpoints Are Used Where Possible
• Verify that Private Endpoints are Used for Azure Key Vault
• Ensure Microsoft Defender for open-source relational databases is enabled
• Verify that 'Allow access to Azure services' for PostgreSQL Database Server is disabled
• Verify that SQL server's Transparent Data Encryption (TDE) protector is encrypted
• Verify That Microsoft Defender for IoT Hub Is Set To 'On'
• Verify that Activity Log Alert exists for Create or Update Network Security Group
• Verify that the storage account containing the container with activity logs is encrypted with Customer Managed Key
• Verify that logging for Azure AppService 'HTTP logs' is enabled
• Verify that That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
• Verify that 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
• Verify that That Microsoft Defender for Storage Is Set To 'On'
• Verify that no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
• Verify that Activity Log Alert exists for Create or Update Security Solution
• Verify that server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
• Enable Role Based Access Control for Azure Key Vault
• Verify that Activity Log Alert exists for Delete Network Security Group
• Verify that Application Insights are Configured.
• Verify that the Expiration Date is set for all Keys in RBAC Key Vaults
• Verify that server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
• Verify that Diagnostic Setting captures appropriate categories
• Verify that RDP access from the Internet is evaluated and restricted
• Verify that Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
• Verify that That 'Users Can Register Applications' Is Set to 'No'
• Verify that logging for Azure Key Vault is 'Enabled'
• Verify that Activity Log Alert exists for Delete Policy Assignment
• Verify that That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
• Verify that Activity Log Alert exists for Delete SQL Server Firewall Rule
• Verify that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
• Verify that That 'Notify about alerts with the following severity' is Set to 'High'