Azure Compute
Overview
Critical
0High
5Medium
42Low
12Informational
0Security issues (59)
| Severity | Non-Compliance | Region | Resource | Issue | Remediation | Read more | Action |
|---|---|---|---|---|---|---|---|
| Medium | — | eastus | test-vm | Virtual Machine has Accelerated Networking feature disabled. | To provide low latency and high throughput for the network interfaces (NICs) attached to the VMs, ensure that Accelerated Networking feature is enabled for your VMs. | More info | |
| Medium | — | eastus | test-vm | Virtual Machine does not have a system-assigned managed identity enabled. | To allow secure VMs authenticate to any service that supports Azure AD authentication, without having credentials in your code, ensure that your VMs have system-assigned managed identities enabled. | More info | |
| Low | — | eastus | test-vm | Virtual Machine is not launched from an Azure managed VM image. | To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images. | More info | |
| Medium | CIS 2.5 | eastus | test-vm | Virtual Machine does not have Automatic Update configured. | To fulfill PCI DSS requirements on having the latest updates and patches installed, ensure that your VMs have Automatic Update enabled. | More info | |
| Medium | — | eastus | test-vm | Virtual Machine does not have Availability Set enabled. | To keep the VM available during planned or unplanned maintenance events, make sure the VMs is created with Availability Set enabled. | More info | |
| Medium | — | eastus | test-vm | Virtual Machine has Guest-Level Diagnostics disabled. | For more insight into the state of your VMs, ensure that Guest-Level Diagnostics is enabled for all your VMs. | More info | |
| Medium | — | eastus | test-vm | Virtual Machine has Performance Diagnostics disabled. | To help mitigate VM performance issues, ensure that Performance Diagnostics is enabled for all your VMs. | More info | |
| Medium | — | eastus | test-vm | Virtual Machine uses no Azure Active Directory (AAD) credentials for secure SSH/RDP access. | To simplify the access permission management by enforcing policies that allow or deny access to your VMs from one central location, ensure that your VMs have AAD based SSH Login extension installed. | More info | |
| Low | — | eastus | test-vm | Virtual Machine has instant restore backups configured to be retained for 2 days, while the recommended limit is 5 days. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. | More info | |
| Low | — | eastus | test-vm | Virtual Machine has daily backup retention period configured as 21 days, while the recommended limit is 30 days. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. | More info | |
| High | — | eastus | test-vm | Virtual Machine does not have Just-in-Time (JIT) access enabled. | To allow you to lock down inbound traffic to your VMs and reduce exposure to attacks while providing easy SSH/RDP access when needed, make sure the VMs have JIT access enabled. | More info | |
| High | — | eastus | test-scale-set | Virtual Machine Scale Set is not in multiple availability zones. | To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations. | More info | |
| Medium | — | eastus | test-scale-set | Virtual Machine Scale Set has Automatic Repairs feature disabled. | To have unhealthy VM instances automatically deleted and the new ones created with the latest instance model settings, ensure that your VM scale sets have Health Monitoring and Automatic Repairs features enabled. | More info | |
| Medium | — | eastus | test-scale-set | Virtual Machine Scale Set has neither Rolling nor Automatic upgrade policy. | To ease update management by safely and automatically upgrading the OS disk for all instances in the scale set, ensure that your VM scale sets have either Rolling or Automatic upgrade policy enabled. | More info | |
| Medium | — | eastus | test-scale-set | Virtual Machine Scale Set has autoscale notifications disabled. | To get notified about the status of autoscale actions, ensure that your VM scale sets have email or webhook-based alert notifications enabled. | More info | |
| Medium | — | eastus | test-scale-set | Virtual Machine Scale Set does not have a Load Balancer. | To distribute incoming traffic among healthy VM instances running within the scale set, ensure that your VM scale sets have integrated Load Balancers. | More info | |
| Low | — | eastus | my-disk-snapshot | VM Disk Snapshot was created 779 days ago. | To eliminate unnecessary costs and meet compliance requirements regarding unused resources, ensure there are no undesired old VM Disk Snapshots. | More info | |
| Low | — | westus2 | test-vm2 | Virtual Machine is not launched from an Azure managed VM image. | To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images. | More info | |
| Medium | CIS 7.1 | westus2 | test-vm2 | Virtual Machine is not configured to use Azure managed Disk Volume. | For reliable, efficient and simplified disk management, ensure that your VMs are configured to use managed Disk Volumes. | More info | |
| Medium | — | westus2 | test-vm2 | Virtual Machine has no VM agent enabled. | To let Defender for Cloud collect data from your VMs to monitor for security vulnerabilities and threats, ensure that your VMs have VM agent enabled. | More info | |
| Medium | — | westus2 | test-vm2 | Virtual Machine does not have boot diagnostics enabled. | To capture server serial console output and the OS screenshots required for diagnosing and troubleshooting VM startup issues, make sure the VMs have boot diagnostics enabled. | More info | |
| Medium | — | westus2 | test-vm2 | Virtual Machine has Guest-Level Diagnostics disabled. | For more insight into the state of your VMs, ensure that Guest-Level Diagnostics is enabled for all your VMs. | More info | |
| Medium | — | westus2 | test-vm2 | Virtual Machine has Performance Diagnostics disabled. | To help mitigate VM performance issues, ensure that Performance Diagnostics is enabled for all your VMs. | More info | |
| Medium | — | westus2 | test-vm2 | Virtual Machine uses no Azure Active Directory (AAD) credentials for secure SSH/RDP access. | To simplify the access permission management by enforcing policies that allow or deny access to your VMs from one central location, ensure that your VMs have AAD based SSH Login extension installed. | More info | |
| Medium | HIPAA (Backup) | westus2 | test-vm2 | Virtual Machine does not have backups enabled. | To follow data security best practices and compliance requirements, make sure the VMs have backups enabled. | More info | |
| Low | — | westus2 | test-vm2 | Virtual Machine has no backup policies configured. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. | More info | |
| Low | — | westus2 | test-vm2 | Virtual Machine has no daily backup retention period configured. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. | More info | |
| High | — | westus2 | test-vm2 | Virtual Machine has password authentication enabled. | To remove the ability for remote attackers to brute-force credentials, ensure that your VMs are configured to use SSH keys instead of username/password credentials for SSH authentication. | More info | |
| Medium | — | westus2 | test-vm3 | Virtual Machine does not have a system-assigned managed identity enabled. | To allow secure VMs authenticate to any service that supports Azure AD authentication, without having credentials in your code, ensure that your VMs have system-assigned managed identities enabled. | More info | |
| Medium | — | westus2 | test-vm3 | Virtual Machine is classic. | As the use of Azure Cloud Services (classic) is deprecated, ensure that your VMs are migrated to Azure Resource Manager. | More info | |
| Low | — | westus2 | test-vm3 | Virtual Machine uses Premium SSD Disk Volume. | For cost-effective storage that fits a broad range of workloads from web servers to enterprise applications, consider using Standard SSD disk volumes instead of Premium SSD volumes for your VMs. | More info | |
| Medium | — | westus2 | test-vm3 | Virtual Machine does not have Availability Set enabled. | To keep the VM available during planned or unplanned maintenance events, make sure the VMs is created with Availability Set enabled. | More info | |
| Medium | — | westus2 | test-vm3 | Virtual Machine has Guest-Level Diagnostics disabled. | For more insight into the state of your VMs, ensure that Guest-Level Diagnostics is enabled for all your VMs. | More info | |
| Medium | — | westus2 | test-vm3 | Virtual Machine has Performance Diagnostics disabled. | To help mitigate VM performance issues, ensure that Performance Diagnostics is enabled for all your VMs. | More info | |
| Low | — | westus2 | test-vm3 | Virtual Machine has no backup policies configured. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days. | More info | |
| Low | — | westus2 | test-vm3 | Virtual Machine has no daily backup retention period configured. | To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have daily backup retention period set to 30 days. | More info | |
| Medium | — | westus2 | aks-agentpool-17955050-vmss | Virtual Machine Scale Set has health monitoring disabled. | To have reports on the application health from inside the VM scale set instances, ensure that your VM scale sets have health monitoring enabled. | More info | |
| Medium | — | westus2 | aks-agentpool-17955050-vmss | Virtual Machine Scale Set uses no Azure Active Directory (AAD) credentials for secure SSH/RDP access. | To simplify the access permission management by enforcing policies that allow or deny access to your VM scale sets from one central location, ensure that your VM scale sets have AAD based login extension installed. | More info | |
| Medium | — | westus2 | aks-agentpool-17955050-vmss | Virtual Machine Scale Set has Automatic Repairs feature disabled. | To have unhealthy VM instances automatically deleted and the new ones created with the latest instance model settings, ensure that your VM scale sets have Health Monitoring and Automatic Repairs features enabled. | More info | |
| Medium | — | westus2 | aks-agentpool-17955050-vmss | Virtual Machine Scale Set has Termination Notifications feature disabled. | To receive instance termination notifications through the Azure Metadata service, ensure that your VM scale sets have Termination Notifications feature enabled. | More info | |
| Medium | — | westus2 | aks-agentpool-17955050-vmss | Virtual Machine Scale Set has autoscale disabled. | To have a highly available scale set, ensure that your VM scale sets have autoscale enabled. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set has health monitoring disabled. | To have reports on the application health from inside the VM scale set instances, ensure that your VM scale sets have health monitoring enabled. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set uses no Azure Active Directory (AAD) credentials for secure SSH/RDP access. | To simplify the access permission management by enforcing policies that allow or deny access to your VM scale sets from one central location, ensure that your VM scale sets have AAD based login extension installed. | More info | |
| High | — | westus2 | empty-scale-set | Virtual Machine Scale Set is not in multiple availability zones. | To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set has Automatic Repairs feature disabled. | To have unhealthy VM instances automatically deleted and the new ones created with the latest instance model settings, ensure that your VM scale sets have Health Monitoring and Automatic Repairs features enabled. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set has neither Rolling nor Automatic upgrade policy. | To ease update management by safely and automatically upgrading the OS disk for all instances in the scale set, ensure that your VM scale sets have either Rolling or Automatic upgrade policy enabled. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set has Termination Notifications feature disabled. | To receive instance termination notifications through the Azure Metadata service, ensure that your VM scale sets have Termination Notifications feature enabled. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set has autoscale disabled. | To have a highly available scale set, ensure that your VM scale sets have autoscale enabled. | More info | |
| Low | — | westus2 | empty-scale-set | Virtual Machine Scale Set has no VM instances attached. | To eliminate unnecessary costs and meet compliance requirements regarding unused resources, delete VM Scale Sets that have no VM instances attached. | More info | |
| Medium | — | westus2 | empty-scale-set | Virtual Machine Scale Set does not have a Load Balancer. | To distribute incoming traffic among healthy VM instances running within the scale set, ensure that your VM scale sets have integrated Load Balancers. | More info | |
| Medium | — | westus2 | test-scale-set2 | Virtual Machine Scale Set uses no Azure Active Directory (AAD) credentials for secure SSH/RDP access. | To simplify the access permission management by enforcing policies that allow or deny access to your VM scale sets from one central location, ensure that your VM scale sets have AAD based login extension installed. | More info | |
| High | — | westus2 | test-scale-set2 | Virtual Machine Scale Set is not in multiple availability zones. | To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations. | More info | |
| Medium | — | westus2 | test-scale-set2 | Virtual Machine Scale Set has Termination Notifications feature disabled. | To receive instance termination notifications through the Azure Metadata service, ensure that your VM scale sets have Termination Notifications feature enabled. | More info | |
| Low | — | westus2 | test-scale-set2 | Virtual Machine Scale Set has no VM instances attached. | To eliminate unnecessary costs and meet compliance requirements regarding unused resources, delete VM Scale Sets that have no VM instances attached. | More info | |
| Medium | — | westus2 | test-scale-set2 | Virtual Machine Scale Set does not have a Load Balancer. | To distribute incoming traffic among healthy VM instances running within the scale set, ensure that your VM scale sets have integrated Load Balancers. | More info | |
| Medium | CIS 7.2 PCI DSS 3.5 HIPAA (Encryption) | westus2 | data-disk | Disk Volume is not encrypted. | To fulfill HIPAA and PCI DSS compliance requirements for encryption of data at rest, ensure that all VM disks are encrypted. | More info | |
| Medium | — | westus2 | data-disk | Disk Volume is not attached to a VM. | To eliminate unnecessary costs and meet compliance requirements regarding unused resources, ensure that there are no unattached VM Disk Volumes. | More info | |
| Medium | — | westus2 | data-disk | Disk Volume is not attached to a VM. | To eliminate unnecessary costs and meet compliance requirements regarding unused resources, ensure that there are no unattached VM Disk Volumes. | More info | |
| Medium | CIS 7.2 | westus2 | test-vm2_disk1_bcf51a4e96ba4accb5b16c34beb0fd23 | Disk Volume does not use customer-managed keys. | To have a more granular control over your VM data encryption/decryption process, ensure that VM disks are created using customer-managed keys (also known as Bring Your Own Keys - BYOKs). | More info |
Virtual Machines (3)
| VM name | Location | Resource group | Operating system | Size | Security issues |
|---|---|---|---|---|---|
| test-vm | East US | TEST-VM_GROUP | Linux | Standard_D2s_v3 | 1 High + 10 others (details) |
| test-vm2 | West US 2 | TEST-SCALE-SET_GROUP | Linux | Standard_D2s_v3 | 1 High + 10 others (details) |
| test-vm3 | West US 2 | MC_TEST-CLUST_GROUP_TEST-CLUSTER_WESTUS2 | Linux | Standard_D2s_v3 | 5 Medium + 3 others (details) |
Virtual machine scale sets (4)
| Scale set name | Location | Resource group | SKU name | Security issues |
|---|---|---|---|---|
| test-scale-set | East US | TEST-SCALE-SET_GROUP | Standard_D2s_v3 | 1 High + 4 others (details) |
| aks-agentpool-17955050-vmss | West US 2 | MC_TEST-CLUST_GROUP_TEST-CLUSTER_WESTUS2 | Standard_DS2_v2 | 5 Medium (details) |
| empty-scale-set | West US 2 | DEFAULTRESOURCEGROUP-WUS2 | Standard_D2s_v3 | 1 High + 8 others (details) |
| test-scale-set2 | West US 2 | MC_TEST-CLUST_GROUP_TEST-CLUSTER_WESTUS2 | Standard_D2s_v3 | 1 High + 4 others (details) |
Disks (3)
| Disk name | Location | Resource group | SKU name | Size (GiB) | Owner | Security issues |
|---|---|---|---|---|---|---|
| test-vm_disk1_54766c2d36a9496e9fe83c2cd338459e | East US | TEST-VM_GROUP | Premium_LRS | 30 | test-vm | — |
| data-disk | West US 2 | MC_TEST-CLUST_GROUP_TEST-CLUSTER_WESTUS2 | Premium_LRS | 4 | — | 3 Medium (details) |
| test-vm2_disk1_bcf51a4e96ba4accb5b16c34beb0fd23 | West US 2 | TEST-SCALE-SET_GROUP | Premium_LRS | 30 | test-vm2 | 1 Medium (details) |
Snapshots (1)
| Snapshot name | Location | Resource group | Size (GiB) | Created | Security issues |
|---|---|---|---|---|---|
| my-disk-snapshot | East US | TEST-VM_GROUP | 30 | 1 Low (details) |