Cosmos DB Account does not have Advanced Threat Protection enabled.
To prevent attempts to exploit your Cosmos DB account resources, make sure your Cosmos DB Accounts have the Advanced Threat Protection feature enabled.
PostgreSQL Server has no geo-redundant backup storage enabled.
To allow you to restore your PostgreSQL Servers to a different Azure region in the event of a regional outage or a disaster, ensure the geo-redundant backups are enabled for all PostgreSQL Database Servers.
PostgreSQL Server is not configured to have its data in-transit encrypted.
To fulfill HIPAA requirements for all data to be transmitted over secure channels, ensure that PostgreSQL Server is set to use SSL for data transmission.
PostgreSQL Server has Storage Auto-Growth feature disabled.
To prevent your PostgreSQL Servers from running out of storage and becoming read-only, ensure that all your PostgreSQL Servers have Storage Auto-Growth feature enabled.
Redis Cache is not configured to use SSL connection.
To fulfill HIPAA requirements for all data to be transmitted over secure channels, ensure that the SSL connection to your Redis Cache servers is enabled.
Virtual Machine does not have Just-in-Time (JIT) access enabled.
To allow you to lock down inbound traffic to your VMs and reduce exposure to attacks while providing easy SSH/RDP access when needed, make sure the VMs have JIT access enabled.
Virtual Machine Scale Set is not in multiple availability zones.
To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations.
Virtual Machine has password authentication enabled.
To remove the ability for remote attackers to brute-force credentials, ensure that your VMs are configured to use SSH keys instead of username/password credentials for SSH authentication.
Virtual Machine Scale Set is not in multiple availability zones.
To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations.
Virtual Machine Scale Set is not in multiple availability zones.
To protect your VM scale sets from datacenter-level failures, ensure that your VM scale sets are using zone-redundant availability configurations instead of single-zone (zonal) configurations.
To enhance security and protect the applications from unauthorized access, ensure that your App Services web applications have remote debugging disabled.
In order to eliminate the exposure from the public Internet, ensure that your SQL Database Servers are accessible through private endpoints instead of public IP addresses or service endpoints.
SQL Server has no list of emails configured to which alerts could be sent upon detection of anomalous activities.
To send alerts on unusual activity, vulnerabilities, and threats, specify email address(es) under "Send alerts to" in Advanced Threat Protection settings of Microsoft Defender for SQL.
Key Vault has no Purge Protection and therefore, is not recoverable.
To prevent permanent deletion/purging of encryption keys, secrets and certificates stored within the Key Vaults, ensure that all Key Vaults have Purge Protection enabled.
The default set of policies monitored by Defender for Cloud contains 1 disabled policy.
To meet security and compliance requirements, ensure that all security policies (specified as parameters) provided by Defender for Cloud default policy (ASC Default) are enabled.