No activity log alert found for "Delete Load Balancer" events.
To mitigate any accidental or intentional deletion of Load Balancers available within your Azure cloud account, create an activity log alert for "Delete Load Balancer" events.
No activity log alert found for "Create/Update Network Security Group" events.
To enable insights into the changes made at the Azure Network Security Group (NSG) level, create an activity log alert for "Create/Update Network Security Group" events.
No activity log alert found for "Delete Network Security Group" events.
To enable insights into the changes made at the Azure Network Security Group (NSG) level, create an activity log alert for "Delete Network Security Group" events.
No activity log alert found for "Create or Update Security Solution" events.
To enable insights into the changes made for your Azure Security Solutions, create an activity log alert for "Create or Update Security Solution" events.
No activity log alert found for "Delete Key Vault" events.
To mitigate any accidental or intentional deletion of Key Vaults available within your Azure cloud account, create an activity log alert for "Delete Key Vault" events.
No activity log alert found for "Create or Update Virtual Machine" events.
To enable insights into the changes made within your cloud environment regarding Azure virtual machines (VMs), create an activity log alert for "Create or Update Virtual Machine" events.
No activity log alert found for "Delete Virtual Machine" events.
To mitigate any accidental or intentional deletion of virtual machines (VMs) available within your Azure cloud account, create an activity log alert for "Delete Virtual Machine" events.
No activity log alert found for "Deallocate Virtual Machine" events.
To mitigate any security issues in case a virtual machine (VM) was accidentally or intentionally stopped, create an activity log alert for "Deallocate Virtual Machine" events.
No activity log alert found for "Power Off Virtual Machine" events.
To mitigate any security issues in case a virtual machine (VM) was accidentally or intentionally powered off, create an activity log alert for "Power Off Virtual Machine" events.
No activity log alert found for "Delete Storage Account" events.
To mitigate any accidental or intentional deletion of storage accounts available within your Azure cloud account, create an activity log alert for "Delete Storage Account" events.
No activity log alert found for "Create/Update Azure SQL Database" events.
To enable insights into the changes made within your cloud environment regarding Azure SQL database resources, create an activity log alert for "Create/Update Azure SQL Database" events.
No activity log alert found for "Delete Azure SQL Database" events.
To mitigate any accidental or intentional deletion of SQL Databases available within your Azure cloud account, create an activity log alert for "Delete Azure SQL Database" events.
No activity log alert found for "Rename Azure SQL Database" events.
To mitigate any security issues in case an SQL database was accidentally or intentionally renamed, create an activity log alert for "Rename Azure SQL Database" events.
Log Profile does not archive your activity log from Australia, Brazil.
To fulfill HIPAA and PCI requirements on secure audit record for environments containing sensitive data, ensures the Log Profile is configured to export all activities from all Azure locations.
Log Profile does not collect logs for "Delete" event categories.
To fulfill HIPAA and PCI requirements on secure audit record for environments containing sensitive data, ensure the Log Profile is configured to collect logs for "Write", "Delete" and "Action" event categories.
Virtual Machine is not launched from an Azure managed VM image.
To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images.
Virtual Machine has instant restore backups configured to be retained for 2 days, while the recommended limit is 5 days.
To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days.
Virtual Machine is not launched from an Azure managed VM image.
To have a consistent baseline VM that could be helpful in development and test environments, ensure that your VMs are created from Azure managed VM images.
Virtual Machine has no backup policies configured.
To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days.
For cost-effective storage that fits a broad range of workloads from web servers to enterprise applications, consider using Standard SSD disk volumes instead of Premium SSD volumes for your VMs.
Virtual Machine has no backup policies configured.
To handle more efficiently the restoration process in the event of a failure, ensure that your VMs have the instant restore retention period set to 5 days.
App Service uses Java 8u232, while the latest version of Java is 11.
To take advantage of the latest security fixes, performance improvements, and new functionalities and features, ensure that all App Service web applications developed with Java use the latest available version of Java.
SQL Database is not configured to be zone redundant.
To avoid a single point of failure for all systems relying on SQL Databases, ensure that all SQL Database instances are created in multiple availability zones.
SQL Database is not configured to be zone redundant.
To avoid a single point of failure for all systems relying on SQL Databases, ensure that all SQL Database instances are created in multiple availability zones.
To connect your virtual network to services in Azure without a public IP address at the source or destination, ensure the SQL Servers are accessible only through private endpoints.
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each Load Balancer.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
CDN Profile endpoint has request logging disabled.
To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile.
To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that AuditEvent logging is enabled for each Key Vault.