Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Network Security Group (NSG) has flow log retention set to 31 days, while the recommended limit is 90 days.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that NSGs have a sufficient flow log retention period, i.e. 90 days or more.
Network Security Group (NSG) contains an inbound rule "SSH" that allows unrestricted access on TCP port 22 (SSH server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Network Load Balancer has no HTTPS configured, while other ports are open.
To fulfill HIPAA requirements for all data to be transmitted over secure channels, ensure that each Load Balancer is configured to only accept HTTPS connections.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each Load Balancer.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Network Security Group (NSG) contains an inbound rule "Port_ANY" that allows unrestricted access on all ports (all services).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on all ports (all services) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 22 (SSH server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 21 (FTP server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 21 (FTP server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 4333 (MySQL server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 4333 (MySQL server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Port_RDP" that allows unrestricted access on TCP port 3389 (RDP server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 3389 (RDP server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 135 (RPC server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 135 (RPC server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 445 (SMB over TCP).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 445 (SMB over TCP) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 25 (SMTP server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 25 (SMTP server) to known IP addresses only.
Network Security Group (NSG) contains an inbound rule "Ranges" that allows unrestricted access on TCP port 23 (Telnet).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 23 (Telnet) to known IP addresses only.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Network Security Group (NSG) contains an inbound rule "SSH" that allows unrestricted access on TCP port 22 (SSH server).
To implement the principle of least privilege and reduce the possibility of a breach, configure your NSGs to limit inbound traffic on TCP port 22 (SSH server) to known IP addresses only.
Network Security Group (NSG) has no diagnostic settings.
To fulfill HIPAA requirements on secure audit record for read/write/delete activities in the system, ensure that diagnostic logging is enabled for each NSG.
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
Virtual Network has DDoS Standard Protection disabled.
To protect your cloud resources against DDoS attacks with always-on monitoring and automatic network attack mitigation, ensure that DDoS Protection Standard for Virtual Networks is enabled (a paid feature).
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enable HTTPS and disable HTTP for each custom origin endpoint for each CDN Profile.
CDN Profile endpoint has request logging disabled.
To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile.
To fulfill HIPAA and PCI DSS requirements on strong cryptographic and security protocols for transmitting user data, enable HTTPS and disable HTTP for each custom origin endpoint for each CDN Profile.
To export basic usage metrics from your CDN endpoint to different sources, ensure that diagnostic logging is enabled for each CDN endpoint for each CDN Profile.