Azure.Preview_2024_09#
Include rules released September 2024 or prior for Azure preview only features.
Rules#
The following rules are included within the Azure.Preview_2024_09 baseline.
This baseline includes a total of 13 rules.
| Name | Synopsis | Severity |
|---|---|---|
| Azure.ACR.AnonymousAccess | Anonymous pull access allows unidentified downloading of images and metadata from a container registry. | Important |
| Azure.ACR.Quarantine | Enable container image quarantine, scan, and mark images as verified. | Important |
| Azure.ACR.Retention | Use a retention policy to cleanup untagged manifests. | Important |
| Azure.ACR.SoftDelete | Azure Container Registries should have soft delete policy enabled. | Important |
| Azure.Arc.Kubernetes.Defender | Deploy Microsoft Defender for Containers extension for Arc-enabled Kubernetes clusters. | Important |
| Azure.Arc.Server.MaintenanceConfig | Use a maintenance configuration for Arc-enabled servers. | Important |
| Azure.Defender.Storage.DataScan | Enable sensitive data threat detection in Microsoft Defender for Storage. | Critical |
| Azure.LogAnalytics.Replication | Log Analytics workspaces should have workspace replication enabled to improve service availability. | Important |
| Azure.ServiceBus.GeoReplica | Enhance resilience to regional outages by replicating namespaces. | Important |
| Azure.Storage.Defender.DataScan | Enable sensitive data threat detection in Microsoft Defender for Storage. | Critical |
| Azure.VMSS.AutoInstanceRepairs | Automatic instance repairs are enabled. | Important |
| Azure.VNET.PrivateSubnet | Disable default outbound access for virtual machines. | Critical |
| Azure.VNG.MaintenanceConfig | Use a customer-controlled maintenance configuration for virtual network gateways. | Important |