All Subnets should have a Network Security Group associated
Impact:LowCategory:Security
APRL GUID:f0bf9ae6-25a5-974d-87d5-025abec73539
Description:
Network security groups and application security groups allow filtering of inbound and outbound traffic by IP, port, and protocol, adding a security layer at the Subnet level.
Shield public endpoints in Azure VNets with Azure DDoS Standard Protection Plans
Impact:HighCategory:Security
APRL GUID:69ea1185-19b7-de40-9da1-9e8493547a5c
Description:
Azure DDoS Protection offers enhanced mitigation features against DDoS attacks and is auto-tuned to protect specific resources in a virtual network, combined with application design best practices.
When available, use Private Endpoints instead of Service Endpoints for PaaS Services
Impact:MediumCategory:Security
APRL GUID:24ae3773-cc2c-3649-88de-c9788e25b463
Description:
Use VNet service endpoints only if Private Link isn't available and no data movement concerns. This feature restricts Azure service access to specified VNet and subnet, enhancing network security and isolating service traffic.