Skip to content

Azure.Pillar.OperationalExcellence#

v1.35.0

Microsoft Azure Well-Architected Framework - Operational Excellence pillar specific baseline.

Rules#

The following rules are included within the Azure.Pillar.OperationalExcellence baseline.

This baseline includes a total of 105 rules.

Name Synopsis Severity
Azure.ACR.Name Container registry names should meet naming requirements. Awareness
Azure.AKS.ContainerInsights Enable Container insights to monitor AKS cluster workloads. Important
Azure.AKS.DNSPrefix Azure Kubernetes Service (AKS) cluster DNS prefix should meet naming requirements. Awareness
Azure.AKS.Name Azure Kubernetes Service (AKS) cluster names should meet naming requirements. Awareness
Azure.AKS.PlatformLogs AKS clusters should collect platform diagnostic logs to monitor the state of workloads. Important
Azure.APIM.APIDescriptors API Management APIs should have a display name and description. Awareness
Azure.APIM.MinAPIVersion API Management instances should limit control plane API calls to API Management with version '2021-08-01' or newer. Important
Azure.APIM.Name API Management service names should meet naming requirements. Awareness
Azure.APIM.ProductDescriptors API Management products should have a display name and description. Awareness
Azure.APIM.ProductTerms Set legal terms for each product registered in API Management. Important
Azure.APIM.SampleProducts Remove starter and unlimited sample products. Awareness
Azure.AppConfig.Name App Configuration store names should meet naming requirements. Awareness
Azure.AppGw.MigrateV2 Use a Application Gateway v2 SKU. Important
Azure.AppGw.MinSku Application Gateway should use a minimum instance size of Medium. Important
Azure.AppGw.Name Application Gateways should meet naming requirements. Awareness
Azure.AppInsights.Name Azure Application Insights resources names should meet naming requirements. Awareness
Azure.AppInsights.Workspace Configure Application Insights resources to store data in workspaces. Important
Azure.ASE.MigrateV3 Use ASEv3 as replacement for the classic app service environment versions ASEv1 and ASEv2. Important
Azure.ASG.Name Application Security Group (ASG) names should meet naming requirements. Awareness
Azure.Automation.PlatformLogs Ensure automation account platform diagnostic logs are enabled. Important
Azure.Bastion.Name Bastion hosts should meet naming requirements. Awareness
Azure.CDN.EndpointName Azure CDN Endpoint names should meet naming requirements. Awareness
Azure.ContainerApp.APIVersion Migrate from retired API version to a supported version. Important
Azure.ContainerApp.Name Container Apps should meet naming requirements. Awareness
Azure.Cosmos.AccountName Cosmos DB account names should meet naming requirements. Awareness
Azure.DataFactory.Version Consider migrating to DataFactory v2. Awareness
Azure.Deployment.Name Nested deployments should meet naming requirements of deployments. Awareness
Azure.Firewall.Name Firewall names should meet naming requirements. Awareness
Azure.Firewall.PolicyName Firewall policy names should meet naming requirements. Awareness
Azure.FrontDoor.Name Front Door names should meet naming requirements. Awareness
Azure.FrontDoor.WAF.Name Front Door WAF policy names should meet naming requirements. Awareness
Azure.Identity.UserAssignedName Managed Identity names should meet naming requirements. Awareness
Azure.KeyVault.KeyName Key Vault Key names should meet naming requirements. Awareness
Azure.KeyVault.Name Key Vault names should meet naming requirements. Awareness
Azure.KeyVault.SecretName Key Vault Secret names should meet naming requirements. Awareness
Azure.LB.Name Load Balancer names should meet naming requirements. Awareness
Azure.MariaDB.DatabaseName Azure Database for MariaDB databases should meet naming requirements. Awareness
Azure.MariaDB.FirewallRuleName Azure Database for MariaDB firewall rules should meet naming requirements. Awareness
Azure.MariaDB.ServerName Azure Database for MariaDB servers should meet naming requirements. Awareness
Azure.MariaDB.VNETRuleName Azure Database for MariaDB VNET rules should meet naming requirements. Awareness
Azure.MySQL.ServerName Azure MySQL DB server names should meet naming requirements. Awareness
Azure.NIC.Name Network Interface (NIC) names should meet naming requirements. Awareness
Azure.NIC.UniqueDns Network interfaces (NICs) should inherit DNS from virtual networks. Awareness
Azure.NSG.AKSRules AKS Network Security Group (NSG) should not have custom rules. Awareness
Azure.NSG.Name Network Security Group (NSG) names should meet naming requirements. Awareness
Azure.Policy.AssignmentAssignedBy Policy assignments should use assignedBy metadata. Awareness
Azure.Policy.AssignmentDescriptors Policy assignments should use a display name and description. Awareness
Azure.Policy.Descriptors Policy and initiative definitions should use a display name, description, and category. Awareness
Azure.Policy.ExemptionDescriptors Policy exemptions should use a display name and description. Awareness
Azure.Policy.WaiverExpiry Configure policy waiver exemptions to expire. Awareness
Azure.PostgreSQL.ServerName Azure PostgreSQL DB server names should meet naming requirements. Awareness
Azure.PrivateEndpoint.Name Private Endpoint names should meet naming requirements. Awareness
Azure.PublicIP.DNSLabel Public IP domain name labels should meet naming requirements. Awareness
Azure.PublicIP.MigrateStandard Use the Standard SKU for Public IP addresses as the Basic SKU will be retired. Important
Azure.PublicIP.Name Public IP names should meet naming requirements. Awareness
Azure.ResourceGroup.Name Resource Group names should meet naming requirements. Awareness
Azure.Route.Name Route table names should meet naming requirements. Awareness
Azure.RSV.Name Recovery Services vaults should meet naming requirements. Awareness
Azure.Search.Name AI Search service names should meet naming requirements. Awareness
Azure.SignalR.Name SignalR service instance names should meet naming requirements. Awareness
Azure.SQL.DBName Azure SQL Database names should meet naming requirements. Awareness
Azure.SQL.FGName Azure SQL failover group names should meet naming requirements. Awareness
Azure.SQL.ServerName Azure SQL logical server names should meet naming requirements. Awareness
Azure.SQLMI.Name SQL Managed Instance names should meet naming requirements. Awareness
Azure.Storage.Name Storage Account names should meet naming requirements. Awareness
Azure.Template.DebugDeployment Use default deployment detail level for nested deployments. Awareness
Azure.Template.ExpressionLength Template expressions should not exceed the maximum length. Awareness
Azure.Template.LocationType Location parameters should use a string value. Important
Azure.Template.MetadataLink Configure a metadata link for each parameter file. Important
Azure.Template.ParameterDataTypes Set the parameter default value to a value of the same type. Important
Azure.Template.ParameterFile Use ARM template parameter files that are valid. Important
Azure.Template.ParameterMetadata Set metadata descriptions in Azure Resource Manager (ARM) template for each parameter. Awareness
Azure.Template.ParameterMinMaxValue Template parameters minValue and maxValue constraints must be valid. Important
Azure.Template.ParameterScheme Use an Azure template parameter file schema with the https scheme. Awareness
Azure.Template.ParameterStrongType Set the parameter value to a value that matches the specified strong type. Awareness
Azure.Template.ParameterValue Specify a value for each parameter in template parameter files. Awareness
Azure.Template.ResourceLocation Resource locations should be an expression or global. Awareness
Azure.Template.Resources Each Azure Resource Manager (ARM) template file should deploy at least one resource. Awareness
Azure.Template.TemplateFile Use ARM template files that are valid. Important
Azure.Template.TemplateSchema Use a more recent version of the Azure template schema. Awareness
Azure.Template.TemplateScheme Use an Azure template file schema with the https scheme. Awareness
Azure.Template.UseComments Use comments for each resource in ARM template to communicate purpose. Awareness
Azure.Template.UseDescriptions Use descriptions for each resource in generated template(bicep, psarm, AzOps) to communicate purpose. Awareness
Azure.Template.UseLocationParameter Template should reference a location parameter to specify resource location. Awareness
Azure.VM.Agent Ensure the VM agent is provisioned automatically. Important
Azure.VM.AMA Use Azure Monitor Agent for collecting monitoring data from VMs. Important
Azure.VM.ASName Availability Set names should meet naming requirements. Awareness
Azure.VM.BasicSku Virtual machines (VMs) should not use Basic sizes. Important
Azure.VM.ComputerName Virtual Machine (VM) computer name should meet naming requirements. Awareness
Azure.VM.DiskName Managed Disk names should meet naming requirements. Awareness
Azure.VM.MigrateAMA Use Azure Monitor Agent as replacement for Log Analytics Agent. Important
Azure.VM.Name Virtual Machine (VM) names should meet naming requirements. Awareness
Azure.VM.PPGName Proximity Placement Group (PPG) names should meet naming requirements. Awareness
Azure.VMSS.AMA Use Azure Monitor Agent for collecting monitoring data from VM scale sets. Important
Azure.VMSS.ComputerName Virtual Machine Scale Set (VMSS) computer name should meet naming requirements. Awareness
Azure.VMSS.MigrateAMA Use Azure Monitor Agent as replacement for Log Analytics Agent. Important
Azure.VMSS.Name Virtual Machine Scale Set (VMSS) names should meet naming requirements. Awareness
Azure.VNET.Name Virtual Network (VNET) names should meet naming requirements. Awareness
Azure.VNET.PeerState VNET peering connections must be connected. Important
Azure.VNET.SubnetName Subnet names should meet naming requirements. Awareness
Azure.VNG.ConnectionName Virtual Network Gateway (VNG) connection names should meet naming requirements. Awareness
Azure.VNG.ERLegacySKU Migrate from legacy SKUs to improve reliability and performance of ExpressRoute (ER) gateways. Important
Azure.VNG.Name Virtual Network Gateway (VNG) names should meet naming requirements. Awareness
Azure.VNG.VPNLegacySKU Migrate from legacy SKUs to improve reliability and performance of VPN gateways. Important
Azure.vWAN.Name Virtual WAN (vWAN) names should meet naming requirements. Awareness