Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. Learn how to protect and connect your AWS environment and your GCP organization with Microsoft Defender for Cloud. This definition requires a SSH private key secret in Key Vault. Automate the deployment of Azure Monitor Agent extension on your Linux Arc-enabled machines for collecting telemetry data from the guest OS. Each monitoring component indicates the Defender plans that it is related to. Learn more at: Private endpoints connect your virtual networks to Azure services without a public IP address at the source or destination. This policy will also change the patch mode for the Azure Virtual Machine to 'AutomaticByPlatform'. category property in metadata. This helps prevention against data exfiltration by validating the target before sending data. Secrets found in repositories can be leaked or discovered by adversaries, leading to compromise of an application or service. Read in CORS should not allow every resource to access your API App: but still allows you to filter out undesired vulnerabilities by using the provided Disable rule. Configure machines to create the Microsoft Defender for Cloud user-defined pipeline using Azure Monitor Agent. Scenario level monitoring enables you to diagnose problems at an end to end network level view. You can then configure specific IP ranges to limit access to those networks. Note that the list of input files uses wildcards in the file names in many cases, since the file names for each data set will likely vary slightly from data set to data set. Disabling the public network access property improves security by ensuring your Azure Database for PostgreSQL flexible servers can only be accessed from a private endpoint. You will, however, be responsible for the costs associated with that storage account. Configuring geo-redundant storage for backup is only allowed during server create. By mapping private endpoints to your Azure Web PubSub Service, you can reduce data leakage risks. csdnit,1999,,it. A private endpoint is a private IP address allocated inside a customer-owned virtual network via which an Azure resource is reachable. Ownership, see Azure Policy policy definition and Manage your organizational compliance requirements by specifying whether a certificate lifetime action is triggered at a specific percentage of its lifetime or at a certain number of days prior to its expiration. Allow only required domains to interact with your web app. You can run a solution on your own data by modifying the files specified in run_ppk.py. NSGs contain a list of Access Control List (ACL) rules that allow or deny network traffic to your subnet. Many of the questions allowed for multiple answers and some respondents didnt answer all the questions, so both the total answers and total percentages vary from question to question. There is any way to disable CORS (Cross-origin resource sharing) mechanism for debugging purpose? This policy audits any Azure SQL Database with long-term geo-redundant backup not enabled. It is a recommended security practice to set expiration dates on cryptographic keys. This definition requires a SSH private key secret stored in Key Vault. Remote debugging requires inbound ports to be opened on a web application. By mapping private endpoints to your BotService resource, you can reduce data leakage risks. Learn more at: Media Services accounts should be created with an API that supports private link. I thought it would be an interesting exercise to rewrite the python code to be more closely aligned to RTKLIB, add all of the changes and enhancements in the demo5 version, and try to match the solutions of the demo5 solutions as closely as possible. More info about Internet Explorer and Microsoft Edge, Microsoft Managed Control 1000 - Access Control Policy And Procedures, Microsoft Managed Control 1001 - Access Control Policy And Procedures, A maximum of 3 owners should be designated for your subscription, An Azure Active Directory administrator should be provisioned for SQL servers, Cognitive Services accounts should have local authentication methods disabled, Deprecated accounts should be removed from your subscription, Deprecated accounts with owner permissions should be removed from your subscription, External accounts with owner permissions should be removed from your subscription, External accounts with read permissions should be removed from your subscription, External accounts with write permissions should be removed from your subscription, Managed identity should be used in your API App, Managed identity should be used in your Function App, Managed identity should be used in your Web App, Microsoft Managed Control 1002 - Account Management, Microsoft Managed Control 1003 - Account Management, Microsoft Managed Control 1004 - Account Management, Microsoft Managed Control 1005 - Account Management, Microsoft Managed Control 1006 - Account Management, Microsoft Managed Control 1007 - Account Management, Microsoft Managed Control 1008 - Account Management, Microsoft Managed Control 1009 - Account Management, Microsoft Managed Control 1010 - Account Management, Microsoft Managed Control 1011 - Account Management, Microsoft Managed Control 1012 - Account Management, Service Fabric clusters should only use Azure Active Directory for client authentication, Microsoft Managed Control 1013 - Account Management | Automated System Account Management, Microsoft Managed Control 1014 - Account Management | Removal Of Temporary / Emergency Accounts, Microsoft Managed Control 1015 - Account Management | Disable Inactive Accounts, Microsoft Managed Control 1016 - Account Management | Automated Audit Actions, Microsoft Managed Control 1017 - Account Management | Inactivity Logout, Microsoft Managed Control 1018 - Account Management | Role-Based Schemes, Microsoft Managed Control 1019 - Account Management | Role-Based Schemes, Microsoft Managed Control 1020 - Account Management | Role-Based Schemes, Service principals should be used to protect your subscriptions instead of management certificates, Microsoft Managed Control 1021 - Account Management | Restrictions On Use Of Shared / Group Accounts, Microsoft Managed Control 1022 - Account Management | Shared / Group Account Credential Termination, Microsoft Managed Control 1023 - Account Management | Usage Conditions, Azure Arc enabled Kubernetes clusters should have Azure Defender's extension installed, https://docs.microsoft.com/azure/security-center/defender-for-kubernetes-azure-arc, Azure Defender for App Service should be enabled, Azure Defender for Azure SQL Database servers should be enabled, Azure Defender for container registries should be enabled, Azure Defender for Key Vault should be enabled, Azure Defender for Kubernetes should be enabled, Azure Defender for Resource Manager should be enabled, https://aka.ms/defender-for-resource-manager, Azure Defender for servers should be enabled, Azure Defender for SQL servers on machines should be enabled, Azure Defender for SQL should be enabled for unprotected SQL Managed Instances, Azure Defender for Storage should be enabled, Management ports of virtual machines should be protected with just-in-time network access control, Microsoft Managed Control 1024 - Account Management | Account Monitoring / Atypical Usage, Microsoft Managed Control 1025 - Account Management | Account Monitoring / Atypical Usage, Microsoft Managed Control 1026 - Account Management | Disable Accounts For High-Risk Individuals, Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identities, Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identity, Audit Linux machines that have accounts without passwords, Authentication to Linux machines should require SSH keys, https://docs.microsoft.com/azure/virtual-machines/linux/create-ssh-keys-detailed, Deploy the Linux Guest Configuration extension to enable Guest Configuration assignments on Linux VMs, MFA should be enabled accounts with write permissions on your subscription, MFA should be enabled on accounts with owner permissions on your subscription, MFA should be enabled on accounts with read permissions on your subscription, Microsoft Managed Control 1027 - Access Enforcement, Storage accounts should be migrated to new Azure Resource Manager resources, Virtual machines should be migrated to new Azure Resource Manager resources, Role-Based Access Control (RBAC) should be used on Kubernetes Services, Adaptive network hardening recommendations should be applied on internet facing virtual machines, All Internet traffic should be routed via your deployed Azure Firewall, All network ports should be restricted on network security groups associated to your virtual machine, API Management services should use a virtual network, App Configuration should use private link, https://aka.ms/appconfig/private-endpoint, Authorized IP ranges should be defined on Kubernetes Services, Azure API for FHIR should use private link, Azure Cache for Redis should use private link, https://docs.microsoft.com/azure/azure-cache-for-redis/cache-private-link, Azure Cognitive Search service should use a SKU that supports private link, https://aka.ms/azure-cognitive-search/inbound-private-endpoints, Azure Cognitive Search services should disable public network access, Azure Cognitive Search services should use private link, Azure Cosmos DB accounts should have firewall rules, Azure Data Factory should use private link, https://docs.microsoft.com/azure/data-factory/data-factory-private-link, Azure Event Grid domains should use private link, Azure Event Grid topics should use private link, Azure Key Vault should disable public network access, Azure Machine Learning workspaces should use private link, https://docs.microsoft.com/azure/machine-learning/how-to-configure-private-link, Azure Service Bus namespaces should use private link, https://docs.microsoft.com/azure/service-bus-messaging/private-link-service, Azure SignalR Service should use private link, Azure Synapse workspaces should use private link, https://docs.microsoft.com/azure/synapse-analytics/security/how-to-connect-to-workspace-with-private-links, Azure Web PubSub Service should use private link, Cognitive Services accounts should disable public network access, https://go.microsoft.com/fwlink/?linkid=2129800, Cognitive Services accounts should restrict network access, Cognitive Services should use private link, Container registries should not allow unrestricted network access, Container registries should use private link, CORS should not allow every resource to access your Web Applications, CosmosDB accounts should use private link, https://docs.microsoft.com/azure/cosmos-db/how-to-configure-private-endpoints, Disk access resources should use private link, Event Hub namespaces should use private link, https://docs.microsoft.com/azure/event-hubs/private-link-service, Internet-facing virtual machines should be protected with network security groups, IoT Hub device provisioning service instances should use private link, IP Forwarding on your virtual machine should be disabled, Management ports should be closed on your virtual machines, Microsoft Managed Control 1028 - Information Flow Enforcement, Non-internet-facing virtual machines should be protected with network security groups, Private endpoint connections on Azure SQL Database should be enabled, Private endpoint should be configured for Key Vault, Private endpoint should be enabled for MariaDB servers, Private endpoint should be enabled for MySQL servers, Private endpoint should be enabled for PostgreSQL servers, Public network access on Azure SQL Database should be disabled, Public network access should be disabled for MariaDB servers, Public network access should be disabled for MySQL servers, Public network access should be disabled for PostgreSQL servers, Storage account public access should be disallowed, Storage accounts should restrict network access, Storage accounts should restrict network access using virtual network rules, Subnets should be associated with a Network Security Group, VM Image Builder templates should use private link, https://docs.microsoft.com/azure/virtual-machines/linux/image-builder-networking#deploy-using-an-existing-vnet, Microsoft Managed Control 1029 - Information Flow Enforcement | Security Policy Filters, Microsoft Managed Control 1030 - Information Flow Enforcement | Physical / Logical Separation Of Information Flows, Microsoft Managed Control 1031 - Separation Of Duties, Microsoft Managed Control 1032 - Separation Of Duties, Microsoft Managed Control 1033 - Separation Of Duties, There should be more than one owner assigned to your subscription, Microsoft Managed Control 1034 - Least Privilege, Microsoft Managed Control 1035 - Least Privilege | Authorize Access To Security Functions, Microsoft Managed Control 1036 - Least Privilege | Non-Privileged Access For Nonsecurity Functions, Microsoft Managed Control 1037 - Least Privilege | Network Access To Privileged Commands, Microsoft Managed Control 1038 - Least Privilege | Privileged Accounts, Microsoft Managed Control 1039 - Least Privilege | Review Of User Privileges, Microsoft Managed Control 1040 - Least Privilege | Review Of User Privileges, Microsoft Managed Control 1041 - Least Privilege | Privilege Levels For Code Execution, Microsoft Managed Control 1042 - Least Privilege | Auditing Use Of Privileged Functions, Microsoft Managed Control 1043 - Least Privilege | Prohibit Non-Privileged Users From Executing Privileged Functions, Microsoft Managed Control 1044 - Unsuccessful Logon Attempts, Microsoft Managed Control 1045 - Unsuccessful Logon Attempts, Microsoft Managed Control 1046 - Automatic Account Lock | Purge / Wipe Mobile Device, Microsoft Managed Control 1047 - System Use Notification, Microsoft Managed Control 1048 - System Use Notification, Microsoft Managed Control 1049 - System Use Notification, Microsoft Managed Control 1050 - Concurrent Session Control, Microsoft Managed Control 1051 - Session Lock, Microsoft Managed Control 1052 - Session Lock, Microsoft Managed Control 1053 - Session Lock | Pattern-Hiding Displays, Microsoft Managed Control 1054 - Session Termination, Microsoft Managed Control 1055 - Session Termination| User-Initiated Logouts / Message Displays, Microsoft Managed Control 1056 - Session Termination | User-Initiated Logouts / Message Displays, Microsoft Managed Control 1057 - Permitted Actions Without Identification Or Authentication, Microsoft Managed Control 1058 - Permitted Actions Without Identification Or Authentication, Azure Defender for SQL should be enabled for unprotected Azure SQL servers, Audit Linux machines that allow remote connections from accounts without passwords, Azure Cache for Redis should reside within a virtual network, Azure Spring Cloud should use network injection, Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMs, Microsoft Managed Control 1059 - Remote Access, Microsoft Managed Control 1060 - Remote Access, Remote debugging should be turned off for API Apps, Remote debugging should be turned off for Function Apps, Remote debugging should be turned off for Web Applications, Microsoft Managed Control 1061 - Remote Access | Automated Monitoring / Control, Microsoft Managed Control 1062 - Remote Access | Protection Of Confidentiality / Integrity Using Encryption, Microsoft Managed Control 1063 - Remote Access | Managed Access Control Points, Microsoft Managed Control 1064 - Remote Access | Privileged Commands / Access, Microsoft Managed Control 1065 - Remote Access | Privileged Commands / Access, Microsoft Managed Control 1066 - Remote Access | Disconnect / Disable Access, Microsoft Managed Control 1067 - Wireless Access, Microsoft Managed Control 1068 - Wireless Access, Microsoft Managed Control 1069 - Wireless Access | Authentication And Encryption, Microsoft Managed Control 1070 - Wireless Access | Disable Wireless Networking, Microsoft Managed Control 1071 - Wireless Access | Restrict Configurations By Users, Microsoft Managed Control 1072 - Wireless Access | Antennas / Transmission Power Levels, Microsoft Managed Control 1073 - Access Control For Mobile Devices, Microsoft Managed Control 1074 - Access Control For Mobile Devices, Microsoft Managed Control 1075 - Access Control For Mobile Devices | Full Device / Container-Based Encryption, Microsoft Managed Control 1076 - Use Of External Information Systems, Microsoft Managed Control 1077 - Use Of External Information Systems, Microsoft Managed Control 1078 - Use Of External Information Systems | Limits On Authorized Use, Microsoft Managed Control 1079 - Use Of External Information Systems | Limits On Authorized Use, Microsoft Managed Control 1080 - Use Of External Information Systems | Portable Storage Devices, Microsoft Managed Control 1081 - Information Sharing, Microsoft Managed Control 1082 - Information Sharing, Microsoft Managed Control 1083 - Publicly Accessible Content, Microsoft Managed Control 1084 - Publicly Accessible Content, Microsoft Managed Control 1085 - Publicly Accessible Content, Microsoft Managed Control 1086 - Publicly Accessible Content, Microsoft Managed Control 1087 - Security Awareness And Training Policy And Procedures, Microsoft Managed Control 1088 - Security Awareness And Training Policy And Procedures, Microsoft Managed Control 1089 - Security Awareness Training, Microsoft Managed Control 1090 - Security Awareness Training, Microsoft Managed Control 1091 - Security Awareness Training, Microsoft Managed Control 1092 - Security Awareness Training | Insider Threat, Microsoft Managed Control 1093 - Role-Based Security Training, Microsoft Managed Control 1094 - Role-Based Security Training, Microsoft Managed Control 1095 - Role-Based Security Training, Microsoft Managed Control 1096 - Role-Based Security Training | Practical Exercises, Microsoft Managed Control 1097 - Role-Based Security Training | Suspicious Communications And Anomalous System Behavior, Microsoft Managed Control 1098 - Security Training Records, Microsoft Managed Control 1099 - Security Training Records, Microsoft Managed Control 1100 - Audit And Accountability Policy And Procedures, Microsoft Managed Control 1101 - Audit And Accountability Policy And Procedures, Microsoft Managed Control 1102 - Audit Events, Microsoft Managed Control 1103 - Audit Events, Microsoft Managed Control 1104 - Audit Events, Microsoft Managed Control 1105 - Audit Events, Microsoft Managed Control 1106 - Audit Events | Reviews And Updates, Microsoft Managed Control 1107 - Content Of Audit Records, Microsoft Managed Control 1108 - Content Of Audit Records | Additional Audit Information, Microsoft Managed Control 1109 - Content Of Audit Records | Centralized Management Of Planned Audit Record Content, Microsoft Managed Control 1110 - Audit Storage Capacity, Microsoft Managed Control 1111 - Response To Audit Processing Failures, Microsoft Managed Control 1112 - Response To Audit Processing Failures, Microsoft Managed Control 1113 - Response To Audit Processing Failures | Audit Storage Capacity, Microsoft Managed Control 1114 - Response To Audit Processing Failures | Real-Time Alerts, Microsoft Managed Control 1115 - Audit Review, Analysis, And Reporting, Microsoft Managed Control 1116 - Audit Review, Analysis, And Reporting, Network traffic data collection agent should be installed on Linux virtual machines, Network traffic data collection agent should be installed on Windows virtual machines, Microsoft Managed Control 1117 - Audit Review, Analysis, And Reporting | Process Integration, Microsoft Managed Control 1118 - Audit Review, Analysis, And Reporting | Correlate Audit Repositories, Auto provisioning of the Log Analytics agent should be enabled on your subscription, Guest Configuration extension should be installed on your machines, Log Analytics agent health issues should be resolved on your machines, Log Analytics agent should be installed on your Linux Azure Arc machines, Log Analytics agent should be installed on your virtual machine for Azure Security Center monitoring, Log Analytics agent should be installed on your virtual machine scale sets for Azure Security Center monitoring, Log Analytics agent should be installed on your Windows Azure Arc machines, Microsoft Managed Control 1119 - Audit Review, Analysis, And Reporting | Central Review And Analysis, Resource logs in Azure Data Lake Store should be enabled, Resource logs in Azure Stream Analytics should be enabled, Resource logs in Batch accounts should be enabled, Resource logs in Data Lake Analytics should be enabled, Resource logs in Event Hub should be enabled, Resource logs in IoT Hub should be enabled, Resource logs in Key Vault should be enabled, Resource logs in Logic Apps should be enabled, Resource logs in Search services should be enabled, Resource logs in Service Bus should be enabled, Resource logs in Virtual Machine Scale Sets should be enabled, Virtual machines' Guest Configuration extension should be deployed with system-assigned managed identity, Microsoft Managed Control 1120 - Audit Review, Analysis, And Reporting | Integration / Scanning And Monitoring Capabilities, Microsoft Managed Control 1121 - Audit Review, Analysis, And Reporting | Correlation With Physical Monitoring, Microsoft Managed Control 1122 - Audit Review, Analysis, And Reporting | Permitted Actions, Microsoft Managed Control 1123 - Audit Review, Analysis, And Reporting | Audit Level Adjustment, Microsoft Managed Control 1124 - Audit Reduction And Report Generation, Microsoft Managed Control 1125 - Audit Reduction And Report Generation, Microsoft Managed Control 1126 - Audit Reduction And Report Generation | Automatic Processing, Microsoft Managed Control 1127 - Time Stamps, Microsoft Managed Control 1128 - Time Stamps, Microsoft Managed Control 1129 - Time Stamps | Synchronization With Authoritative Time Source, Microsoft Managed Control 1130 - Time Stamps | Synchronization With Authoritative Time Source, Microsoft Managed Control 1131 - Protection Of Audit Information, Microsoft Managed Control 1132 - Protection Of Audit Information | Audit Backup On Separate Physical Systems / Components, Microsoft Managed Control 1133 - Protection Of Audit Information | Cryptographic Protection, Microsoft Managed Control 1134 - Protection Of Audit Information | Access By Subset Of Privileged Users, Microsoft Managed Control 1135 - Non-Repudiation, Microsoft Managed Control 1136 - Audit Record Retention, SQL servers with auditing to storage account destination should be configured with 90 days retention or higher, Microsoft Managed Control 1137 - Audit Generation, Microsoft Managed Control 1138 - Audit Generation, Microsoft Managed Control 1139 - Audit Generation, Microsoft Managed Control 1140 - Audit Generation | System-Wide / Time-Correlated Audit Trail, Microsoft Managed Control 1141 - Audit Generation | Changes By Authorized Individuals, Microsoft Managed Control 1142 - Security Assessment And Authorization Policy And Procedures, Microsoft Managed Control 1143 - Security Assessment And Authorization Policy And Procedures, Microsoft Managed Control 1144 - Security Assessments, Microsoft Managed Control 1145 - Security Assessments, Microsoft Managed Control 1146 - Security Assessments, Microsoft Managed Control 1147 - Security Assessments, Microsoft Managed Control 1148 - Security Assessments | Independent Assessors, Microsoft Managed Control 1149 - Security Assessments | Specialized Assessments, Microsoft Managed Control 1150 - Security Assessments | External Organizations, Microsoft Managed Control 1151 - System Interconnections, Microsoft Managed Control 1152 - System Interconnections, Microsoft Managed Control 1153 - System Interconnections, Microsoft Managed Control 1154 - System Interconnections | Unclassified Non-National Security System Connections, Microsoft Managed Control 1155 - System Interconnections | Restrictions On External System Connections, Microsoft Managed Control 1156 - Plan Of Action And Milestones, Microsoft Managed Control 1157 - Plan Of Action And Milestones, Microsoft Managed Control 1158 - Security Authorization, Microsoft Managed Control 1159 - Security Authorization, Microsoft Managed Control 1160 - Security Authorization, Microsoft Managed Control 1161 - Continuous Monitoring, Microsoft Managed Control 1162 - Continuous Monitoring, Microsoft Managed Control 1163 - Continuous Monitoring, Microsoft Managed Control 1164 - Continuous Monitoring, Microsoft Managed Control 1165 - Continuous Monitoring, Microsoft Managed Control 1166 - Continuous Monitoring, Microsoft Managed Control 1167 - Continuous Monitoring, Microsoft Managed Control 1168 - Continuous Monitoring | Independent Assessment, Microsoft Managed Control 1169 - Continuous Monitoring | Trend Analyses, Microsoft Managed Control 1170 - Penetration Testing, Microsoft Managed Control 1171 - Penetration Testing | Independent Penetration Agent Or Team, Microsoft Managed Control 1172 - Internal System Connections, Microsoft Managed Control 1173 - Internal System Connections, Microsoft Managed Control 1174 - Configuration Management Policy And Procedures, Microsoft Managed Control 1175 - Configuration Management Policy And Procedures, Microsoft Managed Control 1176 - Baseline Configuration, Microsoft Managed Control 1177 - Baseline Configuration | Reviews And Updates, Microsoft Managed Control 1178 - Baseline Configuration | Reviews And Updates, Microsoft Managed Control 1179 - Baseline Configuration | Reviews And Updates, Microsoft Managed Control 1180 - Baseline Configuration | Automation Support For Accuracy / Currency, Microsoft Managed Control 1181 - Baseline Configuration | Retention Of Previous Configurations, Microsoft Managed Control 1182 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas, Microsoft Managed Control 1183 - Baseline Configuration | Configure Systems, Components, Or Devices For High-Risk Areas, Microsoft Managed Control 1184 - Configuration Change Control, Microsoft Managed Control 1185 - Configuration Change Control, Microsoft Managed Control 1186 - Configuration Change Control, Microsoft Managed Control 1187 - Configuration Change Control, Microsoft Managed Control 1188 - Configuration Change Control, Microsoft Managed Control 1189 - Configuration Change Control, Microsoft Managed Control 1190 - Configuration Change Control, Microsoft Managed Control 1191 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1192 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1193 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1194 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1195 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1196 - Configuration Change Control | Automated Document / Notification / Prohibition Of Changes, Microsoft Managed Control 1197 - Configuration Change Control | Test / Validate / Document Changes, Microsoft Managed Control 1198 - Configuration Change Control | Security Representative, Microsoft Managed Control 1199 - Configuration Change Control | Cryptography Management, Microsoft Managed Control 1200 - Security Impact Analysis, Microsoft Managed Control 1201 - Security Impact Analysis | Separate Test Environments, Microsoft Managed Control 1202 - Access Restrictions For Change, Microsoft Managed Control 1203 - Access Restrictions For Change | Automated Access Enforcement / Auditing, Microsoft Managed Control 1204 - Access Restrictions For Change | Review System Changes, Microsoft Managed Control 1205 - Access Restrictions For Change | Signed Components, Microsoft Managed Control 1206 - Access Restrictions For Change | Limit Production / Operational Privileges, Microsoft Managed Control 1207 - Access Restrictions For Change | Limit Production / Operational Privileges, Azure Policy Add-on for Kubernetes service (AKS) should be installed and enabled on your clusters, CORS should not allow every resource to access your API App, CORS should not allow every resource to access your Function Apps, Ensure API app has 'Client Certificates (Incoming client certificates)' set to 'On', Ensure WEB app has 'Client Certificates (Incoming client certificates)' set to 'On', Function apps should have 'Client Certificates (Incoming client certificates)' enabled, Kubernetes cluster containers CPU and memory resource limits should not exceed the specified limits, Kubernetes cluster containers should not share host process ID or host IPC namespace, Kubernetes cluster containers should only listen on allowed ports, Kubernetes cluster containers should only use allowed AppArmor profiles, Kubernetes cluster containers should only use allowed capabilities, Kubernetes cluster containers should only use allowed images, Kubernetes cluster containers should run with a read only root file system, Kubernetes cluster pod hostPath volumes should only use allowed host paths, Kubernetes cluster pods and containers should only run with approved user and group IDs, Kubernetes cluster pods should only use approved host network and port range, Kubernetes cluster services should listen only on allowed ports, Kubernetes cluster should not allow privileged containers, Kubernetes clusters should not allow container privilege escalation, Linux machines should meet requirements for the Azure compute security baseline, Microsoft Managed Control 1208 - Configuration Settings, Microsoft Managed Control 1209 - Configuration Settings, Microsoft Managed Control 1210 - Configuration Settings, Microsoft Managed Control 1211 - Configuration Settings, Windows machines should meet requirements of the Azure compute security baseline, Microsoft Managed Control 1212 - Configuration Settings | Automated Central Management / Application / Verification, Microsoft Managed Control 1213 - Configuration Settings | Respond To Unauthorized Changes, Adaptive application controls for defining safe applications should be enabled on your machines, Allowlist rules in your adaptive application control policy should be updated, Microsoft Managed Control 1214 - Least Functionality, Microsoft Managed Control 1215 - Least Functionality, Microsoft Managed Control 1216 - Least Functionality | Periodic Review, Microsoft Managed Control 1217 - Least Functionality | Periodic Review, Microsoft Managed Control 1218 - Least Functionality | Prevent Program Execution, Microsoft Managed Control 1219 - Least Functionality | Authorized Software / Whitelisting, Microsoft Managed Control 1220 - Least Functionality | Authorized Software / Whitelisting, Microsoft Managed Control 1221 - Least Functionality | Authorized Software / Whitelisting, Microsoft Managed Control 1222 - Information System Component Inventory, Microsoft Managed Control 1223 - Information System Component Inventory, Microsoft Managed Control 1224 - Information System Component Inventory | Updates During Installations / Removals, Microsoft Managed Control 1225 - Information System Component Inventory | Automated Maintenance, Microsoft Managed Control 1226 - Information System Component Inventory | Automated Unauthorized Component Detection, Microsoft Managed Control 1227 - Information System Component Inventory | Automated Unauthorized Component Detection, Microsoft Managed Control 1228 - Information System Component Inventory | Accountability Information, Microsoft Managed Control 1229 - Information System Component Inventory | No Duplicate Accounting Of Components, Microsoft Managed Control 1230 - Configuration Management Plan, Microsoft Managed Control 1231 - Configuration Management Plan, Microsoft Managed Control 1232 - Configuration Management Plan, Microsoft Managed Control 1233 - Configuration Management Plan, Microsoft Managed Control 1234 - Software Usage Restrictions, Microsoft Managed Control 1235 - Software Usage Restrictions, Microsoft Managed Control 1236 - Software Usage Restrictions, Microsoft Managed Control 1237 - Software Usage Restrictions | Open Source Software, Microsoft Managed Control 1238 - User-Installed Software, Microsoft Managed Control 1239 - User-Installed Software, Microsoft Managed Control 1240 - User-Installed Software, Microsoft Managed Control 1241 - User-Installed Software | Alerts For Unauthorized Installations, Microsoft Managed Control 1242 - Contingency Planning Policy And Procedures, Microsoft Managed Control 1243 - Contingency Planning Policy And Procedures, Microsoft Managed Control 1244 - Contingency Plan, Microsoft Managed Control 1245 - Contingency Plan, Microsoft Managed Control 1246 - Contingency Plan, Microsoft Managed Control 1247 - Contingency Plan, Microsoft Managed Control 1248 - Contingency Plan, Microsoft Managed Control 1249 - Contingency Plan, Microsoft Managed Control 1250 - Contingency Plan, Microsoft Managed Control 1251 - Contingency Plan | Coordinate With Related Plans, Microsoft Managed Control 1252 - Contingency Plan | Capacity Planning, Microsoft Managed Control 1253 - Contingency Plan | Resume Essential Missions / Business Functions, Microsoft Managed Control 1254 - Contingency Plan | Resume All Missions / Business Functions, Microsoft Managed Control 1255 - Contingency Plan | Continue Essential Missions / Business Functions, Microsoft Managed Control 1256 - Contingency Plan | Identify Critical Assets, Microsoft Managed Control 1257 - Contingency Training, Microsoft Managed Control 1258 - Contingency Training, Microsoft Managed Control 1259 - Contingency Training, Microsoft Managed Control 1260 - Contingency Training | Simulated Events, Microsoft Managed Control 1261 - Contingency Plan Testing, Microsoft Managed Control 1262 - Contingency Plan Testing, Microsoft Managed Control 1263 - Contingency Plan Testing, Microsoft Managed Control 1264 - Contingency Plan Testing | Coordinate With Related Plans, Microsoft Managed Control 1265 - Contingency Plan Testing | Alternate Processing Site, Microsoft Managed Control 1266 - Contingency Plan Testing | Alternate Processing Site, Geo-redundant backup should be enabled for Azure Database for MariaDB, Geo-redundant backup should be enabled for Azure Database for MySQL, Geo-redundant backup should be enabled for Azure Database for PostgreSQL, Geo-redundant storage should be enabled for Storage Accounts, Long-term geo-redundant backup should be enabled for Azure SQL Databases, Microsoft Managed Control 1267 - Alternate Storage Site, Microsoft Managed Control 1268 - Alternate Storage Site, Microsoft Managed Control 1269 - Alternate Storage Site | Separation From Primary Site, Microsoft Managed Control 1270 - Alternate Storage Site | Recovery Time / Point Objectives, Microsoft Managed Control 1271 - Alternate Storage Site | Accessibility, Audit virtual machines without disaster recovery configured, Microsoft Managed Control 1272 - Alternate Processing Site, Microsoft Managed Control 1273 - Alternate Processing Site, Microsoft Managed Control 1274 - Alternate Processing Site, Microsoft Managed Control 1275 - Alternate Processing Site | Separation From Primary Site, Microsoft Managed Control 1276 - Alternate Processing Site | Accessibility, Microsoft Managed Control 1277 - Alternate Processing Site | Priority Of Service, Microsoft Managed Control 1278 - Alternate Processing Site | Preparation For Use, Microsoft Managed Control 1279 - Telecommunications Services, Microsoft Managed Control 1280 - Telecommunications Services | Priority Of Service Provisions, Microsoft Managed Control 1281 - Telecommunications Services | Priority Of Service Provisions, Microsoft Managed Control 1282 - Telecommunications Services | Single Points Of Failure, Microsoft Managed Control 1283 - Telecommunications Services | Separation Of Primary / Alternate Providers, Microsoft Managed Control 1284 - Telecommunications Services | Provider Contingency Plan, Microsoft Managed Control 1285 - Telecommunications Services | Provider Contingency Plan, Microsoft Managed Control 1286 - Telecommunications Services | Provider Contingency Plan, Azure Backup should be enabled for Virtual Machines, Key vaults should have purge protection enabled, Key vaults should have soft delete enabled, Microsoft Managed Control 1287 - Information System Backup, Microsoft Managed Control 1288 - Information System Backup, Microsoft Managed Control 1289 - Information System Backup, Microsoft Managed Control 1290 - Information System Backup, Microsoft Managed Control 1291 - Information System Backup | Testing For Reliability / Integrity, Microsoft Managed Control 1292 - Information System Backup | Test Restoration Using Sampling, Microsoft Managed Control 1293 - Information System Backup | Separate Storage For Critical Information, Microsoft Managed Control 1294 - Information System Backup | Transfer To Alternate Storage Site, Microsoft Managed Control 1295 - Information System Recovery And Reconstitution, Microsoft Managed Control 1296 - Information System Recovery And Reconstitution | Transaction Recovery, Microsoft Managed Control 1297 - Information System Recovery And Reconstitution | Restore Within Time Period, Microsoft Managed Control 1298 - Identification And Authentication Policy And Procedures, Microsoft Managed Control 1299 - Identification And Authentication Policy And Procedures, Microsoft Managed Control 1300 - Identification And Authentication (Organizational Users), Microsoft Managed Control 1301 - Identification And Authentication (Org.
Music Rest For Roland Go:keys, Glassdoor Boston Consulting Group, How To Add Plugins To Aternos Bedrock, Kendo Textbox Prefix Template, Amex 10x Points Restaurants, A Doll's House Quotes About Marriage, Java Httpclient Multipart/form-data, Oracle Applications Cloud Company Single Sign-on, Go Away From Crossword Clue 6 Letters, Minecraft Server Stuck In Void, Cumulus Media Little Rock, Rush University Medical Center Medical Records Fax Number, Eleanor Rigby Tablature,