Azure Auto-Checks Detailed Explanations
How to remediate failed Auto-Checks?
Verify that Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server
›
Verify that server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
›
Verify that server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
›
Verify that server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
›
Verify that 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
›
Verify that Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
›
Verify that Activity Log Alert exists for Create Policy Assignment
›
Verify that no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
›
Verify that Activity Log Alert exists for Create or Update Public IP Address rule
›
Verify that Activity Log Alert exists for Delete SQL Server Firewall Rule
›
Verify that Activity Log Alert exists for Create or Update SQL Server Firewall Rule
›
Verify that Activity Log Alert exists for Delete Network Security Group
›
Verify that the storage account containing the container with activity logs is encrypted with Customer Managed Key
›
Verify that Activity Log Alert exists for Delete Policy Assignment
›
Verify that Activity Log Alert exists for Create or Update Network Security Group
›
Verify that Diagnostic Setting captures appropriate categories
›
Verify that Activity Log Alert exists for Create or Update Security Solution
›
Verify that Activity Log Alert exists for Delete Public IP Address rule
›
Verify that logging for Azure AppService 'HTTP logs' is enabled
›
Verify that logging for Azure Key Vault is 'Enabled'
›
Verify that the Expiration Date is set for all Keys in RBAC Key Vaults
›
Enable Role Based Access Control for Azure Key Vault
›
Verify that Private Endpoints are Used for Azure Key Vault
›
Verify that the Key Vault is Recoverable
›
Verify that HTTP(S) access from the Internet is evaluated and restricted
›
Verify that SSH access from the Internet is evaluated and restricted
›
Verify that RDP access from the Internet is evaluated and restricted
›
Verify that That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
›
Verify that That Private Endpoints Are Used Where Possible
›
Verify that 'Enforce SSL connection' is set to 'Enabled' for Standard MySQL Database Server
›
Verify that 'TLS Version' is set to 'TLSV1.2' for MySQL flexible Database Server
›
Verify that SQL server's Transparent Data Encryption (TDE) protector is encrypted
›
Verify that 'Auditing' Retention is 'greater than 90 days'
›
Verify that Application Insights are Configured.
›
Verify that 'Restrict non-admin users from creating tenants' is set to 'Yes'
›
Verify that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'
›
Verify that That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
›
Ensure Microsoft Defender for open-source relational databases is enabled
›
Verify that That Microsoft Defender for App Services Is Set To 'On'
›
Verify that That 'Notify about alerts with the following severity' is Set to 'High'
›
Verify that 'Additional email addresses' is Configured with a Security Contact Email
›
Verify that That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
›
Verify that That 'All users with the following roles' is set to 'Owner'
›
Verify that That Microsoft Defender for Storage Is Set To 'On'
›
Verify That Microsoft Defender for IoT Hub Is Set To 'On'
›
Verify that Microsoft Defender for Containers Is Set To 'On'
›
Verify that That 'Users Can Register Applications' Is Set to 'No'
›
Verify that the Expiration Date is set for all Secrets in RBAC Key Vaults
›
Verify that Activity Log Alert exists for Delete Security Solution
›
Verify that 'Allow access to Azure services' for PostgreSQL Database Server is disabled
›