Azure.CAF_2025_03#
Includes rules related to Azure CAF based on a March 2025 snapshot.
Rules#
The following rules are included within the Azure.CAF_2025_03 baseline.
This baseline includes a total of 69 rules.
| Name | Synopsis | Severity |
|---|---|---|
| Azure.ACR.Name | Container registry names should meet naming requirements. | Awareness |
| Azure.AI.Naming | Azure AI services without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.AKS.Name | Azure Kubernetes Service (AKS) cluster names should meet naming requirements. | Awareness |
| Azure.APIM.Name | API Management service names should meet naming requirements. | Awareness |
| Azure.AppConfig.Name | App Configuration store names should meet naming requirements. | Awareness |
| Azure.AppGw.Name | Application Gateways should meet naming requirements. | Awareness |
| Azure.AppInsights.Name | Azure Application Insights resources names should meet naming requirements. | Awareness |
| Azure.ASG.Name | Application Security Group (ASG) names should meet naming requirements. | Awareness |
| Azure.Bastion.Name | Bastion hosts should meet naming requirements. | Awareness |
| Azure.CDN.EndpointName | Azure CDN Endpoint names should meet naming requirements. | Awareness |
| Azure.ContainerApp.Name | Container Apps should meet naming requirements. | Awareness |
| Azure.Cosmos.AccountName | Cosmos DB account names should meet naming requirements. | Awareness |
| Azure.Deployment.Name | Nested deployments should meet naming requirements of deployments. | Awareness |
| Azure.EventGrid.DomainNaming | Event Grid domains without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.EventGrid.SystemTopicNaming | Event Grid system topics without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.EventGrid.TopicNaming | Event Grid topics without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.Firewall.Name | Firewall names should meet naming requirements. | Awareness |
| Azure.Firewall.PolicyName | Firewall policy names should meet naming requirements. | Awareness |
| Azure.FrontDoor.Name | Front Door names should meet naming requirements. | Awareness |
| Azure.FrontDoor.WAF.Name | Front Door WAF policy names should meet naming requirements. | Awareness |
| Azure.Group.Name | Azure Resource Manager (ARM) has requirements for Resource Groups names. | Awareness |
| Azure.Group.Naming | Resource Groups without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.Group.RequiredTags | Resource groups without a standard tagging convention may be difficult to identify and manage. | Awareness |
| Azure.Identity.UserAssignedName | Managed Identity names should meet naming requirements. | Awareness |
| Azure.KeyVault.KeyName | Key Vault Key names should meet naming requirements. | Awareness |
| Azure.KeyVault.Name | Key Vault names should meet naming requirements. | Awareness |
| Azure.KeyVault.SecretName | Key Vault Secret names should meet naming requirements. | Awareness |
| Azure.LB.Name | Load Balancer names should meet naming requirements. | Awareness |
| Azure.LB.Naming | Load balancer names should use a standard prefix. | Awareness |
| Azure.MariaDB.DatabaseName | Azure Database for MariaDB databases should meet naming requirements. | Awareness |
| Azure.MariaDB.FirewallRuleName | Azure Database for MariaDB firewall rules should meet naming requirements. | Awareness |
| Azure.MariaDB.ServerName | Azure Database for MariaDB servers should meet naming requirements. | Awareness |
| Azure.MariaDB.VNETRuleName | Azure Database for MariaDB VNET rules should meet naming requirements. | Awareness |
| Azure.MySQL.ServerName | Azure MySQL DB server names should meet naming requirements. | Awareness |
| Azure.NSG.Name | Azure Resource Manager (ARM) has requirements for Network Security Group (NSG) names. | Awareness |
| Azure.NSG.Naming | Network security group (NSG) without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.PostgreSQL.ServerName | Azure PostgreSQL DB server names should meet naming requirements. | Awareness |
| Azure.PrivateEndpoint.Name | Private Endpoint names should meet naming requirements. | Awareness |
| Azure.PublicIP.Name | Azure Resource Manager (ARM) has requirements for Public IP address names. | Awareness |
| Azure.PublicIP.Naming | Public IP addresses without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.Resource.RequiredTags | Resources without a standard tagging convention may be difficult to identify and manage. | Awareness |
| Azure.Route.Name | Azure Resource Manager (ARM) has requirements for Route table names. | Awareness |
| Azure.Route.Naming | Route tables without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.RSV.Name | Recovery Services vaults should meet naming requirements. | Awareness |
| Azure.Search.Name | Azure Resource Manager (ARM) has requirements for AI Search service names. | Awareness |
| Azure.Search.Naming | Azure AI Search services without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.SignalR.Name | SignalR service instance names should meet naming requirements. | Awareness |
| Azure.SQL.DBName | Azure SQL Database names should meet naming requirements. | Awareness |
| Azure.SQL.FGName | Azure SQL failover group names should meet naming requirements. | Awareness |
| Azure.SQL.ServerName | Azure SQL logical server names should meet naming requirements. | Awareness |
| Azure.SQLMI.Name | SQL Managed Instance names should meet naming requirements. | Awareness |
| Azure.Storage.Name | Azure Resource Manager (ARM) has requirements for Storage Account names. | Awareness |
| Azure.Storage.Naming | Storage Accounts without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.Subscription.RequiredTags | Subscriptions without a standard tagging convention may be difficult to identify and manage. | Awareness |
| Azure.VM.ASName | Availability Set names should meet naming requirements. | Awareness |
| Azure.VM.DiskName | Managed Disk names should meet naming requirements. | Awareness |
| Azure.VM.Name | Virtual Machine (VM) names should meet naming requirements. | Awareness |
| Azure.VM.Naming | Virtual machines without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.VM.PPGName | Proximity Placement Group (PPG) names should meet naming requirements. | Awareness |
| Azure.VMSS.Name | Virtual Machine Scale Set (VMSS) names should meet naming requirements. | Awareness |
| Azure.VNET.Name | Azure Resource Manager (ARM) has requirements for Virtual Network names. | Awareness |
| Azure.VNET.Naming | Virtual Networks without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.VNET.SubnetName | Azure Resource Manager (ARM) has requirements for Virtual Network Subnet names. | Awareness |
| Azure.VNET.SubnetNaming | Virtual Network subnets without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.VNG.ConnectionName | Virtual Network Gateway (VNG) connection names should meet naming requirements. | Awareness |
| Azure.VNG.ConnectionNaming | Virtual network gateway connections without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.VNG.Name | Virtual Network Gateway (VNG) names should meet naming requirements. | Awareness |
| Azure.VNG.Naming | Virtual network gateway without a standard naming convention may be difficult to identify and manage. | Awareness |
| Azure.vWAN.Name | Virtual WAN (vWAN) names should meet naming requirements. | Awareness |