Recommendations
Recommendations
Azure Quick Review checks the following recommendations for Azure resources. The recommendations are categorized based on their impact and category:
| # | Id | Resource Type | Category | Impact | Recommendation | Learn |
|---|---|---|---|---|---|---|
| 1 | dbw-001 | Microsoft.Databricks/workspaces | Monitoring and Alerting | Low | Azure Databricks should have diagnostic settings enabled | Learn |
| 2 | dbw-003 | Microsoft.Databricks/workspaces | High Availability | High | Azure Databricks should have a SLA | Learn |
| 3 | dbw-004 | Microsoft.Databricks/workspaces | Security | High | Azure Databricks should have private endpoints enabled | Learn |
| 4 | dbw-006 | Microsoft.Databricks/workspaces | Governance | Low | Azure Databricks Name should comply with naming conventions | Learn |
| 5 | dbw-007 | Microsoft.Databricks/workspaces | Security | Medium | Azure Databricks should have the Public IP disabled | Learn |
| 6 | adf-001 | Microsoft.DataFactory/factories | Monitoring and Alerting | Low | Azure Data Factory should have diagnostic settings enabled | Learn |
| 7 | adf-002 | Microsoft.DataFactory/factories | Security | High | Azure Data Factory should have private endpoints enabled | Learn |
| 8 | adf-003 | Microsoft.DataFactory/factories | High Availability | High | Azure Data Factory SLA | Learn |
| 9 | adf-004 | Microsoft.DataFactory/factories | Governance | Low | Azure Data Factory Name should comply with naming conventions | Learn |
| 10 | adf-005 | Microsoft.DataFactory/factories | Governance | Low | Azure Data Factory should have tags | Learn |
| 11 | afd-001 | Microsoft.Cdn/profiles | Monitoring and Alerting | Low | Azure FrontDoor should have diagnostic settings enabled | Learn |
| 12 | afd-003 | Microsoft.Cdn/profiles | High Availability | High | Azure FrontDoor SLA | Learn |
| 13 | afd-006 | Microsoft.Cdn/profiles | Governance | Low | Azure FrontDoor Name should comply with naming conventions | Learn |
| 14 | afd-007 | Microsoft.Cdn/profiles | Governance | Low | Azure FrontDoor should have tags | Learn |
| 15 | 38f3d542-6de6-a44b-86c6-97e3be690281 | Microsoft.Cdn/profiles | HighAvailability | Low | Disable health probes when there is only one origin in an origin group | Learn |
| 16 | d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1 | Microsoft.Cdn/profiles | Security | High | Use end-to-end TLS | Learn |
| 17 | 1bd2b7e8-400f-e64a-99a2-c572f7b08a62 | Microsoft.Cdn/profiles | Security | Medium | Enable the WAF | Learn |
| 18 | 24ab9f11-a3e4-3043-a985-22cf94c4933a | Microsoft.Cdn/profiles | Security | High | Use HTTP to HTTPS redirection | Learn |
| 19 | afw-001 | Microsoft.Network/azureFirewalls | Monitoring and Alerting | Low | Azure Firewall should have diagnostic settings enabled | Learn |
| 20 | afw-003 | Microsoft.Network/azureFirewalls | High Availability | High | Azure Firewall SLA | Learn |
| 21 | afw-006 | Microsoft.Network/azureFirewalls | Governance | Low | Azure Firewall Name should comply with naming conventions | Learn |
| 22 | afw-007 | Microsoft.Network/azureFirewalls | Governance | Low | Azure Firewall should have tags | Learn |
| 23 | c72b7fee-1fa0-5b4b-98e5-54bcae95bb74 | Microsoft.Network/azureFirewalls | HighAvailability | High | Deploy Azure Firewall across multiple availability zones | Learn |
| 24 | 3c8fa7c6-6b78-a24a-a63f-348a7c71acb9 | Microsoft.Network/azureFirewalls | MonitoringAndAlerting | High | Monitor Azure Firewall metrics | Learn |
| 25 | 1b2dbf4a-8a0b-5e4b-8f4e-3f758188910d | Microsoft.Network/azureFirewalls | Security | High | Configure DDoS Protection on the Azure Firewall VNet | Learn |
| 26 | agw-005 | Microsoft.Network/applicationGateways | Monitoring and Alerting | Low | Application Gateway: Monitor and Log the configurations and traffic | Learn |
| 27 | agw-103 | Microsoft.Network/applicationGateways | High Availability | High | Application Gateway SLA | Learn |
| 28 | agw-105 | Microsoft.Network/applicationGateways | Governance | Low | Application Gateway Name should comply with naming conventions | Learn |
| 29 | agw-106 | Microsoft.Network/applicationGateways | Governance | Low | Application Gateway should have tags | Learn |
| 30 | 233a7008-71e9-e745-923e-1a1c7a0b92f3 | Microsoft.Network/applicationGateways | Security | High | Secure all incoming connections with SSL | Learn |
| 31 | 8d9223c4-730d-ca47-af88-a9a024c37270 | Microsoft.Network/applicationGateways | Security | Low | Enable Web Application Firewall policies | Learn |
| 32 | 8364fd0a-7c0e-e240-9d95-4bf965aec243 | Microsoft.Network/applicationGateways | OtherBestPractices | High | Ensure Application Gateway Subnet is using a /24 subnet mask | Learn |
| 33 | 823b0cff-05c0-2e4e-a1e7-9965e1cfa16f | Microsoft.Network/applicationGateways | Scalability | Medium | Ensure Autoscale feature has been enabled | Learn |
| 34 | 7893f0b3-8622-1d47-beed-4b50a19f7895 | Microsoft.Network/applicationGateways | Scalability | High | Migrate to Application Gateway v2 | Learn |
| 35 | 847a8d88-21c4-bc48-a94e-562206edd767 | Microsoft.Network/applicationGateways | MonitoringAndAlerting | High | Use Health Probes to detect backend availability | Learn |
| 36 | c9c00f2a-3888-714b-a72b-b4c9e8fcffb2 | Microsoft.Network/applicationGateways | HighAvailability | High | Deploy Application Gateway in a zone-redundant configuration | Learn |
| 37 | 10f02bc6-e2e7-004d-a2c2-f9bf9f16b915 | Microsoft.Network/applicationGateways | HighAvailability | Medium | Plan for backend maintenance by using connection draining | Learn |
| 38 | aks-001 | Microsoft.ContainerService/managedClusters | Monitoring and Alerting | Low | AKS Cluster should have diagnostic settings enabled | Learn |
| 39 | aks-003 | Microsoft.ContainerService/managedClusters | High Availability | High | AKS Cluster should have an SLA | Learn |
| 40 | aks-004 | Microsoft.ContainerService/managedClusters | Security | High | AKS Cluster should be private | Learn |
| 41 | aks-006 | Microsoft.ContainerService/managedClusters | Governance | Low | AKS Name should comply with naming conventions | Learn |
| 42 | aks-007 | Microsoft.ContainerService/managedClusters | Security | Medium | AKS should integrate authentication with AAD (Managed) | Learn |
| 43 | aks-008 | Microsoft.ContainerService/managedClusters | Security | Medium | AKS should be RBAC enabled. | Learn |
| 44 | aks-010 | Microsoft.ContainerService/managedClusters | Security | Medium | AKS should have httpApplicationRouting disabled | Learn |
| 45 | aks-012 | Microsoft.ContainerService/managedClusters | Security | High | AKS should have outbound type set to user defined routing | Learn |
| 46 | aks-015 | Microsoft.ContainerService/managedClusters | Governance | Low | AKS should have tags | Learn |
| 47 | aks-016 | Microsoft.ContainerService/managedClusters | Scalability | Low | AKS Node Pools should have MaxSurge set | Learn |
| 48 | dcaf8128-94bd-4d53-9235-3a0371df6b74 | Microsoft.ContainerService/managedClusters | MonitoringAndAlerting | High | Enable AKS Monitoring | Learn |
| 49 | 5ee083cd-6ac3-4a83-8913-9549dd36cf56 | Microsoft.ContainerService/managedClusters | HighAvailability | High | Isolate system and application pods | Learn |
| 50 | 0611251f-e70f-4243-8ddd-cfe894bec2e7 | Microsoft.ContainerService/managedClusters | HighAvailability | High | Update AKS tier to Standard or Premium | Learn |
| 51 | a7bfcc18-b0d8-4d37-81f3-8131ed8bead5 | Microsoft.ContainerService/managedClusters | Scalability | Medium | Use Ephemeral OS disks on AKS clusters | Learn |
| 52 | c22db132-399b-4e7c-995d-577a60881be8 | Microsoft.ContainerService/managedClusters | Scalability | Medium | Configure Azure CNI networking for dynamic allocation of IPs or use CNI overlay | Learn |
| 53 | 269a9f1a-6675-460a-831e-b05a887a8c4b | Microsoft.ContainerService/managedClusters | DisasterRecovery | Low | Back up Azure Kubernetes Service | Learn |
| 54 | 5f3cbd68-692a-4121-988c-9770914859a9 | Microsoft.ContainerService/managedClusters | OtherBestPractices | Low | Enable GitOps when using DevOps frameworks | Learn |
| 55 | 902c82ff-4910-4b61-942d-0d6ef7f39b67 | Microsoft.ContainerService/managedClusters | Scalability | High | Enable the cluster auto-scaler on an existing cluster | Learn |
| 56 | 26ebaf1f-c70d-4ebd-8641-4b60a0ce0094 | Microsoft.ContainerService/managedClusters | Governance | Low | Enable and remediate Azure Policies configured for AKS | Learn |
| 57 | 7f7ae535-a5ba-4665-b7e0-c451dbdda01f | Microsoft.ContainerService/managedClusters | HighAvailability | High | Configure system nodepool count | Learn |
| 58 | 005ccbbd-aeab-46ef-80bd-9bd4479412ec | Microsoft.ContainerService/managedClusters | HighAvailability | High | Configure user nodepool count | Learn |
| 59 | e620fa98-7a40-41a0-bfc9-b4407297fb58 | Microsoft.ContainerService/managedClusters | HighAvailability | High | Nodepool subnet size needs to accommodate maximum auto-scale settings | Learn |
| 60 | f46b0d1d-56ef-4795-b98a-f6ee00cb341a | Microsoft.ContainerService/managedClusters | HighAvailability | High | Use Azure Linux for Linux nodepools | Learn |
| 61 | 4f63619f-5001-439c-bacb-8de891287727 | Microsoft.ContainerService/managedClusters | HighAvailability | High | Deploy AKS cluster across availability zones | Learn |
| 62 | ca324d71-54b0-4a3e-b9e4-10e767daa9fc | Microsoft.ContainerService/managedClusters | Security | High | Disable local accounts | Learn |
| 63 | amg-001 | Microsoft.Dashboard/managedGrafana | Governance | Low | Azure Managed Grafana name should comply with naming conventions | Learn |
| 64 | amg-002 | Microsoft.Dashboard/managedGrafana | High Availability | High | Azure Managed Grafana SLA | Learn |
| 65 | amg-003 | Microsoft.Dashboard/managedGrafana | Governance | Low | Azure Managed Grafana should have tags | Learn |
| 66 | amg-004 | Microsoft.Dashboard/managedGrafana | Security | High | Azure Managed Grafana should disable public network access | Learn |
| 67 | amg-005 | Microsoft.Dashboard/managedGrafana | High Availability | High | Azure Managed Grafana should have availability zones enabled | Learn |
| 68 | 6cd57b65-ef84-4088-9ada-c0d8de74c2f7 | Microsoft.Dashboard/grafana | HighAvailability | Medium | Enable zone redundancy in Managed Grafana | Learn |
| 69 | apim-001 | Microsoft.ApiManagement/service | Monitoring and Alerting | Low | APIM should have diagnostic settings enabled | Learn |
| 70 | apim-003 | Microsoft.ApiManagement/service | High Availability | High | APIM should have a SLA | Learn |
| 71 | apim-004 | Microsoft.ApiManagement/service | Security | High | APIM should have private endpoints enabled | Learn |
| 72 | apim-006 | Microsoft.ApiManagement/service | Governance | Low | APIM should comply with naming conventions | Learn |
| 73 | apim-007 | Microsoft.ApiManagement/service | Governance | Low | APIM should have tags | Learn |
| 74 | apim-008 | Microsoft.ApiManagement/service | Security | Medium | APIM should use Managed Identities | Learn |
| 75 | apim-009 | Microsoft.ApiManagement/service | Security | High | APIM should only accept a minimum of TLS 1.2 | Learn |
| 76 | apim-010 | Microsoft.ApiManagement/service | Security | High | APIM should should not accept weak or deprecated ciphers. | Learn |
| 77 | apim-011 | Microsoft.ApiManagement/service | Security | High | APIM: Renew expiring certificates | Learn |
| 78 | 740f2c1c-8857-4648-80eb-47d2c56d5a50 | Microsoft.ApiManagement/service | HighAvailability | High | Enable Availability Zones on Premium API Management instances | Learn |
| 79 | e35cf148-8eee-49d1-a1c9-956160f99e0b | Microsoft.ApiManagement/service | HighAvailability | High | Azure API Management platform version should be stv2 | Learn |
| 80 | baf3bfc0-32a2-4c0c-926d-c9bf0b49808e | Microsoft.ApiManagement/service | HighAvailability | High | Migrate API Management services to Premium SKU to support Availability Zones | Learn |
| 81 | appcs-001 | Microsoft.AppConfiguration/configurationStores | Monitoring and Alerting | Low | AppConfiguration should have diagnostic settings enabled | Learn |
| 82 | appcs-003 | Microsoft.AppConfiguration/configurationStores | High Availability | High | AppConfiguration should have a SLA | Learn |
| 83 | appcs-004 | Microsoft.AppConfiguration/configurationStores | Security | High | AppConfiguration should have private endpoints enabled | Learn |
| 84 | appcs-006 | Microsoft.AppConfiguration/configurationStores | Governance | Low | AppConfiguration Name should comply with naming conventions | Learn |
| 85 | appcs-007 | Microsoft.AppConfiguration/configurationStores | Governance | Low | AppConfiguration should have tags | Learn |
| 86 | appcs-008 | Microsoft.AppConfiguration/configurationStores | Security | Medium | AppConfiguration should have local authentication disabled | Learn |
| 87 | bb4c8db4-f821-475b-b1ea-16e95358665e | Microsoft.AppConfiguration/configurationStores | Governance | Low | Enable Purge protection for Azure App Configuration | Learn |
| 88 | 2102a57a-a056-4d5e-afe5-9df9f92177ca | Microsoft.AppConfiguration/configurationStores | HighAvailability | High | Upgrade to App Configuration Standard tier | Learn |
| 89 | appi-001 | Microsoft.Insights/components | High Availability | High | Azure Application Insights SLA | Learn |
| 90 | appi-002 | Microsoft.Insights/components | Governance | Low | Azure Application Insights Name should comply with naming conventions | Learn |
| 91 | appi-003 | Microsoft.Insights/components | Governance | Low | Azure Application Insights should have tags | Learn |
| 92 | dac421ec-2832-4c37-839e-b6dc5a38f2fa | Microsoft.Insights/components | ServiceUpgradeAndRetirement | Medium | Convert Classic Deployments | Learn |
| 93 | as-001 | Microsoft.AnalysisServices/servers | Monitoring and Alerting | Low | Azure Analysis Service should have diagnostic settings enabled | Learn |
| 94 | as-002 | Microsoft.AnalysisServices/servers | High Availability | High | Azure Analysis Service should have a SLA | Learn |
| 95 | as-004 | Microsoft.AnalysisServices/servers | Governance | Low | Azure Analysis Service Name should comply with naming conventions | Learn |
| 96 | as-005 | Microsoft.AnalysisServices/servers | Governance | Low | Azure Analysis Service should have tags | Learn |
| 97 | 4232eb32-3241-4049-9e14-9b8005817b56 | Microsoft.AVS/privateClouds | MonitoringAndAlerting | High | Configure Azure Monitor Alert warning thresholds for vSAN datastore utilization | Learn |
| 98 | 029208c8-5186-4a76-8ee8-6e3445fef4dd | Microsoft.AVS/privateClouds | MonitoringAndAlerting | High | Monitor Memory Utilization to ensure sufficient resources for workloads | Learn |
| 99 | 74fcb9f2-9a25-49a6-8c42-d32851c4afb7 | Microsoft.AVS/privateClouds | MonitoringAndAlerting | High | Configure Azure Service Health notifications and alerts for Azure VMware Solution | Learn |
| 100 | 9ec5b4c8-3dd8-473a-86ee-3273290331b9 | Microsoft.AVS/privateClouds | HighAvailability | Low | Enable Stretched Clusters for Multi-AZ Availability of the vSAN Datastore | Learn |
| 101 | 4ee5d535-c47b-470a-9557-4a3dd297d62f | Microsoft.AVS/privateClouds | MonitoringAndAlerting | High | Monitor CPU Utilization to ensure sufficient resources for workloads | Learn |
| 102 | cae-001 | Microsoft.App/managedenvironments | Monitoring and Alerting | Low | Container Apps Environment should have diagnostic settings enabled | Learn |
| 103 | cae-003 | Microsoft.App/managedenvironments | High Availability | High | Container Apps Environment should have a SLA | Learn |
| 104 | cae-004 | Microsoft.App/managedenvironments | Security | High | Container Apps Environment should have private endpoints enabled | Learn |
| 105 | cae-006 | Microsoft.App/managedenvironments | Governance | Low | Container Apps Environment Name should comply with naming conventions | Learn |
| 106 | cae-007 | Microsoft.App/managedenvironments | Governance | Low | Container Apps Environment should have tags | Learn |
| 107 | f4201965-a88d-449d-b3b4-021394719eb2 | Microsoft.App/managedenvironments | HighAvailability | High | Deploy zone redundant Container app environments | Learn |
| 108 | ca-003 | Microsoft.App/containerApps | High Availability | High | ContainerApp should have a SLA | Learn |
| 109 | ca-006 | Microsoft.App/containerApps | Governance | Low | ContainerApp Name should comply with naming conventions | Learn |
| 110 | ca-007 | Microsoft.App/containerApps | Governance | Low | ContainerApp should have tags | Learn |
| 111 | ca-008 | Microsoft.App/containerApps | Security | Low | ContainerApp should not allow insecure ingress traffic | Learn |
| 112 | ca-009 | Microsoft.App/containerApps | Security | Low | ContainerApp should use Managed Identities | Learn |
| 113 | ca-010 | Microsoft.App/containerApps | High Availability | Low | ContainerApp should use Azure Files to persist container data | Learn |
| 114 | ca-011 | Microsoft.App/containerApps | High Availability | Low | ContainerApp should avoid using session affinity | Learn |
| 115 | ci-002 | Microsoft.ContainerInstance/containerGroups | High Availability | High | ContainerInstance should have availability zones enabled | Learn |
| 116 | ci-003 | Microsoft.ContainerInstance/containerGroups | High Availability | High | ContainerInstance should have a SLA | Learn |
| 117 | ci-004 | Microsoft.ContainerInstance/containerGroups | Security | High | ContainerInstance should use private IP addresses | Learn |
| 118 | ci-006 | Microsoft.ContainerInstance/containerGroups | Governance | Low | ContainerInstance Name should comply with naming conventions | Learn |
| 119 | ci-007 | Microsoft.ContainerInstance/containerGroups | Governance | Low | ContainerInstance should have tags | Learn |
| 120 | cog-001 | Microsoft.CognitiveServices/accounts | Monitoring and Alerting | Low | Cognitive Service Account should have diagnostic settings enabled | Learn |
| 121 | cog-003 | Microsoft.CognitiveServices/accounts | High Availability | High | Cognitive Service Account should have a SLA | Learn |
| 122 | cog-004 | Microsoft.CognitiveServices/accounts | Security | High | Cognitive Service Account should have private endpoints enabled | Learn |
| 123 | cog-006 | Microsoft.CognitiveServices/accounts | Governance | Low | Cognitive Service Account Name should comply with naming conventions | Learn |
| 124 | cog-007 | Microsoft.CognitiveServices/accounts | Governance | Low | Cognitive Service Account should have tags | Learn |
| 125 | cog-008 | Microsoft.CognitiveServices/accounts | Security | Medium | Cognitive Service Account should have local authentication disabled | Learn |
| 126 | d6d9e18a-9ad2-491e-878d-86d621785453 | Microsoft.CognitiveServices/Accounts | MonitoringAndAlerting | Low | Enable diagnostic logging for Azure AI services and send the data to Log Analytics | Learn |
| 127 | f6a14b32-a727-4ace-b5fa-7b1c6bdff402 | Microsoft.Network/connections | Scalability | Medium | For better data path performance enable FastPath on ExpressRoute Connections | Learn |
| 128 | cosmos-001 | Microsoft.DocumentDB/databaseAccounts | Monitoring and Alerting | Low | CosmosDB should have diagnostic settings enabled | Learn |
| 129 | cosmos-002 | Microsoft.DocumentDB/databaseAccounts | High Availability | High | CosmosDB should have availability zones enabled | Learn |
| 130 | cosmos-003 | Microsoft.DocumentDB/databaseAccounts | High Availability | High | CosmosDB should have a SLA | Learn |
| 131 | cosmos-004 | Microsoft.DocumentDB/databaseAccounts | Security | High | CosmosDB should have private endpoints enabled | Learn |
| 132 | cosmos-006 | Microsoft.DocumentDB/databaseAccounts | Governance | Low | CosmosDB Name should comply with naming conventions | Learn |
| 133 | cosmos-007 | Microsoft.DocumentDB/databaseAccounts | Governance | Low | CosmosDB should have tags | Learn |
| 134 | cosmos-008 | Microsoft.DocumentDB/databaseAccounts | Security | High | CosmosDB should have local authentication disabled | Learn |
| 135 | cosmos-009 | Microsoft.DocumentDB/databaseAccounts | Security | High | CosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keys | Learn |
| 136 | 921631f6-ed59-49a5-94c1-f0f3ececa580 | Microsoft.DocumentDB/databaseAccounts | HighAvailability | High | Enable availability zones | Learn |
| 137 | 9ce78192-74a0-104c-b5bb-9a443f941649 | Microsoft.DocumentDB/databaseAccounts | HighAvailability | High | Evaluate multi-region write capability | Learn |
| 138 | e544520b-8505-7841-9e77-1f1974ee86ec | Microsoft.DocumentDB/databaseAccounts | DisasterRecovery | High | Configure continuous backup mode | Learn |
| 139 | 43663217-a1d3-844b-80ea-571a2ce37c6c | Microsoft.DocumentDB/databaseAccounts | HighAvailability | High | Configure at least two regions for high availability | Learn |
| 140 | 9cabded7-a1fc-6e4a-944b-d7dd98ea31a2 | Microsoft.DocumentDB/databaseAccounts | DisasterRecovery | High | Enable service-managed failover for multi-region accounts with single write region | Learn |
| 141 | cr-001 | Microsoft.ContainerRegistry/registries | Monitoring and Alerting | Low | ContainerRegistry should have diagnostic settings enabled | Learn |
| 142 | cr-003 | Microsoft.ContainerRegistry/registries | High Availability | High | ContainerRegistry should have a SLA | Learn |
| 143 | cr-004 | Microsoft.ContainerRegistry/registries | Security | High | ContainerRegistry should have private endpoints enabled | Learn |
| 144 | cr-006 | Microsoft.ContainerRegistry/registries | Governance | Low | ContainerRegistry Name should comply with naming conventions | Learn |
| 145 | cr-008 | Microsoft.ContainerRegistry/registries | Security | Medium | ContainerRegistry should have the Administrator account disabled | Learn |
| 146 | cr-009 | Microsoft.ContainerRegistry/registries | Governance | Low | ContainerRegistry should have tags | Learn |
| 147 | cr-010 | Microsoft.ContainerRegistry/registries | Governance | Medium | ContainerRegistry should use retention policies | Learn |
| 148 | 63491f70-22e4-3b4a-8b0c-845450e46fac | Microsoft.ContainerRegistry/registries | HighAvailability | Medium | Enable zone redundancy | Learn |
| 149 | 36ea6c09-ef6e-d743-9cfb-bd0c928a430b | Microsoft.ContainerRegistry/registries | DisasterRecovery | High | Create container registries with geo-replication enabled | Learn |
| 150 | e7f0fd54-fba0-054e-9ab8-e676f2851f88 | Microsoft.ContainerRegistry/registries | DisasterRecovery | Low | Enable soft delete policy | Learn |
| 151 | eb005943-40a8-194b-9db2-474d430046b7 | Microsoft.ContainerRegistry/registries | Scalability | High | Use Premium tier for critical production workloads | Learn |
| 152 | 8e389532-5db5-7e4c-9d4d-443b3e55ae82 | Microsoft.ContainerRegistry/registries | Governance | Low | Move Container Registry to a dedicated resource group | Learn |
| 153 | 3ef86f16-f65b-c645-9901-7830d6dc3a1b | Microsoft.ContainerRegistry/registries | Scalability | Medium | Manage registry size | Learn |
| 154 | 03f4a7d8-c5b4-7842-8e6e-14997a34842b | Microsoft.ContainerRegistry/registries | Security | Medium | Disable anonymous pull access | Learn |
| 155 | dec-001 | Microsoft.Kusto/clusters | Monitoring and Alerting | Low | Azure Data Explorer should have diagnostic settings enabled | Learn |
| 156 | dec-002 | Microsoft.Kusto/clusters | High Availability | High | Azure Data Explorer SLA | Learn |
| 157 | dec-003 | Microsoft.Kusto/clusters | High Availability | High | Azure Data Explorer Production Cluster should not use Dev SKU | Learn |
| 158 | dec-004 | Microsoft.Kusto/clusters | Governance | Low | Azure Data Explorer Name should comply with naming conventions | Learn |
| 159 | dec-005 | Microsoft.Kusto/clusters | Governance | Low | Azure Data Explorer should have tags | Learn |
| 160 | dec-008 | Microsoft.Kusto/clusters | Security | High | Azure Data Explorer should use Disk Encryption | Learn |
| 161 | dec-009 | Microsoft.Kusto/clusters | Security | Low | Azure Data Explorer should use Managed Identities | Learn |
| 162 | 3263a64a-c256-de48-9818-afd3cbc55c2a | Microsoft.Compute/disks | OtherBestPractices | Medium | Shared disks should only be enabled in clustered servers | Learn |
| 163 | fa0cf4f5-0b21-47b7-89a9-ee936f193ce1 | Microsoft.Compute/disks | HighAvailability | Medium | Use Azure Disks with Zone Redundant Storage for higher resiliency and availability | Learn |
| 164 | d40c769d-2f08-4980-8d8f-a386946276e6 | Microsoft.Network/expressRouteCircuits | Scalability | Medium | Implement rate-limiting across ExpressRoute Direct Circuits to optimize network flow | Learn |
| 165 | 60077378-7cb1-4b35-89bb-393884d9921d | Microsoft.Network/ExpressRoutePorts | HighAvailability | High | The Admin State of both Links of an ExpressRoute Direct should be in Enabled state | Learn |
| 166 | 0bee356b-7348-4799-8cab-0c71ffe13018 | Microsoft.Network/ExpressRoutePorts | Scalability | High | Ensure you do not over-subscribe an ExpressRoute Direct | Learn |
| 167 | evgd-001 | Microsoft.EventGrid/domains | Monitoring and Alerting | Low | Event Grid Domain should have diagnostic settings enabled | Learn |
| 168 | evgd-003 | Microsoft.EventGrid/domains | High Availability | High | Event Grid Domain should have a SLA | Learn |
| 169 | evgd-004 | Microsoft.EventGrid/domains | Security | High | Event Grid Domain should have private endpoints enabled | Learn |
| 170 | evgd-006 | Microsoft.EventGrid/domains | Governance | Low | Event Grid Domain Name should comply with naming conventions | Learn |
| 171 | evgd-007 | Microsoft.EventGrid/domains | Governance | Low | Event Grid Domain should have tags | Learn |
| 172 | evgd-008 | Microsoft.EventGrid/domains | Security | Medium | Event Grid Domain should have local authentication disabled | Learn |
| 173 | evh-001 | Microsoft.EventHub/namespaces | Monitoring and Alerting | Low | Event Hub Namespace should have diagnostic settings enabled | Learn |
| 174 | evh-003 | Microsoft.EventHub/namespaces | High Availability | High | Event Hub Namespace should have a SLA | Learn |
| 175 | evh-004 | Microsoft.EventHub/namespaces | Security | High | Event Hub Namespace should have private endpoints enabled | Learn |
| 176 | evh-006 | Microsoft.EventHub/namespaces | Governance | Low | Event Hub Namespace Name should comply with naming conventions | Learn |
| 177 | evh-007 | Microsoft.EventHub/namespaces | Governance | Low | Event Hub should have tags | Learn |
| 178 | evh-008 | Microsoft.EventHub/namespaces | Security | Medium | Event Hub should have local authentication disabled | Learn |
| 179 | 84636c6c-b317-4722-b603-7b1ffc16384b | Microsoft.EventHub/namespaces | HighAvailability | High | Ensure zone redundancy is enabled in supported regions | Learn |
| 180 | fbfef3df-04a5-41b2-a8fd-b8541eb04956 | Microsoft.EventHub/namespaces | Scalability | High | Enable auto-inflate on Event Hub Standard tier | Learn |
| 181 | it-006 | Microsoft.VirtualMachineImages/imageTemplates | Governance | Low | Image Template Name should comply with naming conventions | Learn |
| 182 | it-007 | Microsoft.VirtualMachineImages/imageTemplates | Governance | Low | Image Template should have tags | Learn |
| 183 | 21fb841b-ba70-1f4e-a460-1f72fb41aa51 | Microsoft.VirtualMachineImages/imageTemplates | DisasterRecovery | Low | Replicate your Image Templates to a secondary region | Learn |
| 184 | e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1e | Microsoft.Devices/IotHubs | MonitoringAndAlerting | Low | Disabled Fallback Route | Learn |
| 185 | eeba3a49-fef0-481f-a471-7ff01139b474 | Microsoft.Devices/IotHubs | HighAvailability | High | Do not use free tier | Learn |
| 186 | b1e1378d-4572-4414-bebd-b8872a6d4d1c | Microsoft.Devices/IotHubs | Scalability | High | Use Device Provisioning Service | Learn |
| 187 | b49a39fd-f431-4b61-9062-f2157849d845 | Microsoft.Compute/galleries | HighAvailability | Medium | A minimum of three replicas should be kept for production image versions | Learn |
| 188 | 488dcc8b-f2e3-40ce-bf95-73deb2db095f | Microsoft.Compute/galleries | HighAvailability | Medium | Zone redundant storage should be used for image versions | Learn |
| 189 | 1c5e1e58-4e56-491c-8529-10f37af9d4ed | Microsoft.Compute/galleries | HighAvailability | Low | Consider creating TrustedLaunchSupported images where possible | Learn |
| 190 | kv-001 | Microsoft.KeyVault/vaults | Monitoring and Alerting | Low | Key Vault should have diagnostic settings enabled | Learn |
| 191 | kv-003 | Microsoft.KeyVault/vaults | High Availability | High | Key Vault should have a SLA | Learn |
| 192 | kv-006 | Microsoft.KeyVault/vaults | Governance | Low | Key Vault Name should comply with naming conventions | Learn |
| 193 | kv-007 | Microsoft.KeyVault/vaults | Governance | Low | Key Vault should have tags | Learn |
| 194 | 1cca00d2-d9ab-8e42-a788-5d40f49405cb | Microsoft.KeyVault/vaults | DisasterRecovery | High | Key vaults should have soft delete enabled | Learn |
| 195 | 70fcfe6d-00e9-5544-a63a-fff42b9f2edb | Microsoft.KeyVault/vaults | DisasterRecovery | Medium | Key vaults should have purge protection enabled | Learn |
| 196 | 00c3d2b0-ea6e-4c4b-89be-b78a35caeb51 | Microsoft.KeyVault/vaults | Security | Medium | Private endpoint should be configured for Key Vault | Learn |
| 197 | lb-001 | Microsoft.Network/loadBalancers | Monitoring and Alerting | Low | Load Balancer should have diagnostic settings enabled | Learn |
| 198 | lb-003 | Microsoft.Network/loadBalancers | High Availability | High | Load Balancer should have a SLA | Learn |
| 199 | lb-006 | Microsoft.Network/loadBalancers | Governance | Low | Load Balancer Name should comply with naming conventions | Learn |
| 200 | lb-007 | Microsoft.Network/loadBalancers | Governance | Low | Load Balancer should have tags | Learn |
| 201 | e5f5fcea-f925-4578-8599-9a391e888a60 | Microsoft.Network/loadBalancers | MonitoringAndAlerting | High | Use Health Probes to detect backend instances availability | Learn |
| 202 | 38c3bca1-97a1-eb42-8cd3-838b243f35ba | Microsoft.Network/loadBalancers | HighAvailability | High | Use Standard Load Balancer SKU | Learn |
| 203 | 6d82d042-6d61-ad49-86f0-6a5455398081 | Microsoft.Network/loadBalancers | HighAvailability | High | Ensure the Backend Pool contains at least two instances | Learn |
| 204 | 8d319a05-677b-944f-b9b4-ca0fb42e883c | Microsoft.Network/loadBalancers | HighAvailability | Medium | Use NAT Gateway instead of Outbound Rules for Production Workloads | Learn |
| 205 | 621dbc78-3745-4d32-8eac-9e65b27b7512 | Microsoft.Network/loadBalancers | HighAvailability | High | Ensure Standard Load Balancer is zone-redundant | Learn |
| 206 | log-003 | Microsoft.OperationalInsights/workspaces | High Availability | High | Log Analytics Workspace SLA | Learn |
| 207 | log-006 | Microsoft.OperationalInsights/workspaces | Governance | Low | Log Analytics Workspace Name should comply with naming conventions | Learn |
| 208 | log-007 | Microsoft.OperationalInsights/workspaces | Governance | Low | Log Analytics Workspace should have tags | Learn |
| 209 | logic-001 | Microsoft.Logic/workflows | Monitoring and Alerting | Low | Logic App should have diagnostic settings enabled | Learn |
| 210 | logic-003 | Microsoft.Logic/workflows | High Availability | High | Logic App should have a SLA | Learn |
| 211 | logic-004 | Microsoft.Logic/workflows | Security | High | Logic App should limit access to Http Triggers | Learn |
| 212 | logic-006 | Microsoft.Logic/workflows | Governance | Low | Logic App Name should comply with naming conventions | Learn |
| 213 | logic-007 | Microsoft.Logic/workflows | Governance | Low | Logic App should have tags | Learn |
| 214 | maria-001 | Microsoft.DBforMariaDB/servers | Monitoring and Alerting | Low | MariaDB should have diagnostic settings enabled | Learn |
| 215 | maria-002 | Microsoft.DBforMariaDB/servers | Security | High | MariaDB should have private endpoints enabled | Learn |
| 216 | maria-003 | Microsoft.DBforMariaDB/servers | Governance | Low | MariaDB server Name should comply with naming conventions | Learn |
| 217 | maria-004 | Microsoft.DBforMariaDB/servers | High Availability | High | MariaDB server should have a SLA | Learn |
| 218 | maria-005 | Microsoft.DBforMariaDB/servers | Governance | Low | MariaDB should have tags | Learn |
| 219 | maria-006 | Microsoft.DBforMariaDB/servers | Security | Low | MariaDB should enforce TLS >= 1.2 | Learn |
| 220 | mysqlf-001 | Microsoft.DBforMySQL/flexibleServers | Monitoring and Alerting | Low | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Learn |
| 221 | mysqlf-003 | Microsoft.DBforMySQL/flexibleServers | High Availability | High | Azure Database for MySQL - Flexible Server should have a SLA | Learn |
| 222 | mysqlf-004 | Microsoft.DBforMySQL/flexibleServers | Security | High | Azure Database for MySQL - Flexible Server should have private access enabled | Learn |
| 223 | mysqlf-006 | Microsoft.DBforMySQL/flexibleServers | Governance | Low | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Learn |
| 224 | mysqlf-007 | Microsoft.DBforMySQL/flexibleServers | Governance | Low | Azure Database for MySQL - Flexible Server should have tags | Learn |
| 225 | 5c96afc3-7d2e-46ff-a4c7-9c32850c441b | Microsoft.DBforMySQL/flexibleServers | DisasterRecovery | High | Configure geo redundant backup storage | Learn |
| 226 | b49a8653-cc43-48c9-8513-a2d2e3f14dd1 | Microsoft.DBforMySQL/flexibleServers | DisasterRecovery | High | Configure one or more read replicas | Learn |
| 227 | 8176a79d-8645-4e52-96be-a10fc0204fe5 | Microsoft.DBforMySQL/flexibleServers | Scalability | High | Configure storage auto-grow | Learn |
| 228 | 88856605-53d8-4bbd-a75b-4a7b14939d32 | Microsoft.DBforMySQL/flexibleServers | HighAvailability | High | Enable HA with zone redundancy | Learn |
| 229 | 82a9a0f2-24ee-496f-9ad2-25f81710942d | Microsoft.DBforMySQL/flexibleServers | Scalability | High | Enable custom maintenance schedule | Learn |
| 230 | mysql-001 | Microsoft.DBforMySQL/servers | Monitoring and Alerting | Low | Azure Database for MySQL - Single Server should have diagnostic settings enabled | Learn |
| 231 | mysql-003 | Microsoft.DBforMySQL/servers | High Availability | High | Azure Database for MySQL - Single Server should have a SLA | Learn |
| 232 | mysql-004 | Microsoft.DBforMySQL/servers | Security | High | Azure Database for MySQL - Single Server should have private endpoints enabled | Learn |
| 233 | mysql-006 | Microsoft.DBforMySQL/servers | Governance | Low | Azure Database for MySQL - Single Server Name should comply with naming conventions | Learn |
| 234 | mysql-007 | Microsoft.DBforMySQL/servers | High Availability | High | Azure Database for MySQL - Single Server is on the retirement path | Learn |
| 235 | mysql-008 | Microsoft.DBforMySQL/servers | Governance | Low | Azure Database for MySQL - Single Server should have tags | Learn |
| 236 | ng-001 | Microsoft.Network/natGateways | Monitoring and Alerting | Low | NAT Gateway should have diagnostic settings enabled | Learn |
| 237 | ng-003 | Microsoft.Network/natGateways | High Availability | High | NAT Gateway SLA | Learn |
| 238 | ng-006 | Microsoft.Network/natGateways | Governance | Low | NAT Gateway Name should comply with naming conventions | Learn |
| 239 | ng-007 | Microsoft.Network/natGateways | Governance | Low | NAT Gateway should have tags | Learn |
| 240 | 72827434-c773-4345-9493-34848ddf5803 | Microsoft.NetApp/netAppAccounts | HighAvailability | High | Use snapshots for data protection in Azure NetApp Files | Learn |
| 241 | b2fb3e60-97ec-e34d-af29-b16a0d61c2ac | Microsoft.NetApp/netAppAccounts | DisasterRecovery | High | Enable backup for data protection in Azure NetApp Files | Learn |
| 242 | e3d742e1-dacd-9b48-b6b1-510ec9f87c96 | Microsoft.NetApp/netAppAccounts | DisasterRecovery | High | Enable Cross-zone replication of Azure NetApp Files volumes | Learn |
| 243 | ab984130-c57b-6c4a-8d04-6723b4e1bdb6 | Microsoft.NetApp/netAppAccounts | Scalability | High | Use standard network features for production in Azure NetApp Files | Learn |
| 244 | e30317d2-c502-4dfe-a2d3-0a737cc79545 | Microsoft.NetApp/netAppAccounts | DisasterRecovery | High | Enable Cross-region replication of Azure NetApp Files volumes | Learn |
| 245 | 47d100a5-7f85-5742-967a-67eb5081240a | Microsoft.NetApp/netAppAccounts | HighAvailability | High | Use availability zones for high availability in Azure NetApp Files | Learn |
| 246 | nsg-001 | Microsoft.Network/networkSecurityGroups | Monitoring and Alerting | Low | NSG should have diagnostic settings enabled | Learn |
| 247 | nsg-003 | Microsoft.Network/networkSecurityGroups | High Availability | High | NSG SLA | Learn |
| 248 | nsg-006 | Microsoft.Network/networkSecurityGroups | Governance | Low | NSG Name should comply with naming conventions | Learn |
| 249 | nsg-007 | Microsoft.Network/networkSecurityGroups | Governance | Low | NSG should have tags | Learn |
| 250 | 8bb4a57b-55e4-d24e-9c19-2679d8bc779f | Microsoft.Network/networkSecurityGroups | MonitoringAndAlerting | Low | Monitor changes in Network Security Groups with Azure Monitor | Learn |
| 251 | 8291c1fa-650c-b44b-b008-4deb7465919d | Microsoft.Network/networkSecurityGroups | Security | Medium | The NSG only has Default Security Rules, make sure to configure the necessary rules | Learn |
| 252 | nw-003 | Microsoft.Network/networkWatchers | High Availability | High | Network Watcher SLA | Learn |
| 253 | nw-006 | Microsoft.Network/networkWatchers | Governance | Low | Network Watcher Name should comply with naming conventions | Learn |
| 254 | nw-007 | Microsoft.Network/networkWatchers | Governance | Low | Network Watcher should have tags | Learn |
| 255 | 22a769ed-0ecb-8b49-bafe-8f52e6373d9c | Microsoft.Network/networkWatchers | MonitoringAndAlerting | Low | Fix Flow Log configurations in Failed state or Disabled Status | Learn |
| 256 | app-001 | Microsoft.Web/sites | Monitoring and Alerting | Low | App Service should have diagnostic settings enabled | Learn |
| 257 | app-004 | Microsoft.Web/sites | Security | High | App Service should have private endpoints enabled | Learn |
| 258 | app-006 | Microsoft.Web/sites | Governance | Low | App Service Name should comply with naming conventions | Learn |
| 259 | app-007 | Microsoft.Web/sites | Security | High | App Service should use HTTPS only | Learn |
| 260 | app-008 | Microsoft.Web/sites | Governance | Low | App Service should have tags | Learn |
| 261 | app-009 | Microsoft.Web/sites | Security | Medium | App Service should use VNET integration | Learn |
| 262 | app-010 | Microsoft.Web/sites | Security | Medium | App Service should have VNET Route all enabled for VNET integration | Learn |
| 263 | app-011 | Microsoft.Web/sites | Security | High | App Service should use TLS 1.2 | Learn |
| 264 | app-012 | Microsoft.Web/sites | Security | High | App Service remote debugging should be disabled | Learn |
| 265 | app-013 | Microsoft.Web/sites | Security | High | App Service should not allow insecure FTP | Learn |
| 266 | app-014 | Microsoft.Web/sites | Scalability | High | App Service should have Always On enabled | Learn |
| 267 | app-015 | Microsoft.Web/sites | High Availability | Medium | App Service should avoid using Client Affinity | Learn |
| 268 | app-016 | Microsoft.Web/sites | Security | Medium | App Service should use Managed Identities | Learn |
| 269 | asp-001 | Microsoft.Web/serverfarms | Monitoring and Alerting | Low | Plan should have diagnostic settings enabled | Learn |
| 270 | asp-003 | Microsoft.Web/serverfarms | High Availability | High | Plan should have a SLA | Learn |
| 271 | asp-006 | Microsoft.Web/serverfarms | Governance | Low | Plan Name should comply with naming conventions | Learn |
| 272 | asp-007 | Microsoft.Web/serverfarms | Governance | Low | Plan should have tags | Learn |
| 273 | func-001 | Microsoft.Web/sites | Monitoring and Alerting | Low | Function should have diagnostic settings enabled | Learn |
| 274 | func-004 | Microsoft.Web/sites | Security | High | Function should have private endpoints enabled | Learn |
| 275 | func-006 | Microsoft.Web/sites | Governance | Low | Function Name should comply with naming conventions | Learn |
| 276 | func-007 | Microsoft.Web/sites | Security | High | Function should use HTTPS only | Learn |
| 277 | func-008 | Microsoft.Web/sites | Governance | Low | Function should have tags | Learn |
| 278 | func-009 | Microsoft.Web/sites | Security | Medium | Function should use VNET integration | Learn |
| 279 | func-010 | Microsoft.Web/sites | Security | Medium | Function should have VNET Route all enabled for VNET integration | Learn |
| 280 | func-011 | Microsoft.Web/sites | Security | Medium | Function should use TLS 1.2 | Learn |
| 281 | func-012 | Microsoft.Web/sites | Security | Medium | Function remote debugging should be disabled | Learn |
| 282 | func-013 | Microsoft.Web/sites | High Availability | Medium | Function should avoid using Client Affinity | Learn |
| 283 | func-014 | Microsoft.Web/sites | Security | Medium | Function should use Managed Identities | Learn |
| 284 | logics-001 | Microsoft.Web/sites | Monitoring and Alerting | Low | Logic App should have diagnostic settings enabled | Learn |
| 285 | logics-004 | Microsoft.Web/sites | Security | High | Logic App should have private endpoints enabled | Learn |
| 286 | logics-006 | Microsoft.Web/sites | Governance | Low | Logic App Name should comply with naming conventions | Learn |
| 287 | logics-007 | Microsoft.Web/sites | Security | High | Logic App should use HTTPS only | Learn |
| 288 | logics-008 | Microsoft.Web/sites | Governance | Low | Logic App should have tags | Learn |
| 289 | logics-009 | Microsoft.Web/sites | Security | Medium | Logic App should use VNET integration | Learn |
| 290 | logics-010 | Microsoft.Web/sites | Security | Medium | Logic App should have VNET Route all enabled for VNET integration | Learn |
| 291 | logics-011 | Microsoft.Web/sites | Security | Medium | Logic App should use TLS 1.2 | Learn |
| 292 | logics-012 | Microsoft.Web/sites | Security | Medium | Logic App remote debugging should be disabled | Learn |
| 293 | logics-013 | Microsoft.Web/sites | High Availability | Medium | Logic App should avoid using Client Affinity | Learn |
| 294 | logics-014 | Microsoft.Web/sites | Security | Medium | Logic App should use Managed Identities | Learn |
| 295 | 88cb90c2-3b99-814b-9820-821a63f600dd | Microsoft.Web/serverFarms | HighAvailability | High | Migrate App Service to availability Zone Support | Learn |
| 296 | b2113023-a553-2e41-9789-597e2fb54c31 | Microsoft.Web/serverFarms | HighAvailability | High | Use Standard or Premium tier | Learn |
| 297 | 07243659-4643-d44c-a1c6-07ac21635072 | Microsoft.Web/serverFarms | Scalability | Medium | Avoid scaling up or down | Learn |
| 298 | c6c4b962-5af4-447a-9d74-7b9c53a5dff5 | Microsoft.Web/sites | HighAvailability | Low | Enable auto heal for Functions App | Learn |
| 299 | 0b80b67c-afbe-4988-ad58-a85a146b681e | Microsoft.Web/sites | OtherBestPractices | Medium | Store configuration as app settings | Learn |
| 300 | 9e6682ac-31bc-4635-9959-ab74b52454e6 | Microsoft.Web/sites | Scalability | High | Set minimum instance count to 2 for app service | Learn |
| 301 | fd049c28-ae6d-48f0-a641-cc3ba1a3fe1d | Microsoft.Web/sites | OtherBestPractices | High | Enable Health check for App Services | Learn |
| 302 | aab6b4a4-9981-43a4-8728-35c7ecbb746d | Microsoft.Web/sites | Governance | Medium | Configure network access restrictions | Learn |
| 303 | a1d91661-32d4-430b-b3b6-5adeb0975df7 | Microsoft.Web/sites | Governance | Low | Deploy to a staging slot | Learn |
| 304 | pep-003 | Microsoft.Network/privateEndpoints | High Availability | High | Private Endpoint SLA | Learn |
| 305 | pep-006 | Microsoft.Network/privateEndpoints | Governance | Low | Private Endpoint Name should comply with naming conventions | Learn |
| 306 | pep-007 | Microsoft.Network/privateEndpoints | Governance | Low | Private Endpoint should have tags | Learn |
| 307 | b89c9acc-0aba-fb44-9ff2-3dbfcf97dce7 | Microsoft.Network/privateEndpoints | HighAvailability | Medium | Resolve issues with Private Endpoints in non Succeeded connection state | Learn |
| 308 | pip-003 | Microsoft.Network/publicIPAddresses | High Availability | High | Public IP SLA | Learn |
| 309 | pip-006 | Microsoft.Network/publicIPAddresses | Governance | Low | Public IP Name should comply with naming conventions | Learn |
| 310 | pip-007 | Microsoft.Network/publicIPAddresses | Governance | Low | Public IP should have tags | Learn |
| 311 | c63b81fb-7afc-894c-a840-91bb8a8dcfaf | Microsoft.Network/publicIPAddresses | HighAvailability | High | Use Standard SKU and Zone-Redundant IPs when applicable | Learn |
| 312 | 1adba190-5c4c-e646-8527-dd1b2a6d8b15 | Microsoft.Network/publicIPAddresses | HighAvailability | Medium | Use NAT gateway for outbound connectivity to avoid SNAT Exhaustion | Learn |
| 313 | 5cea1501-6fe4-4ec4-ac8f-f72320eb18d3 | Microsoft.Network/publicIPAddresses | HighAvailability | Medium | Upgrade Basic SKU public IP addresses to Standard SKU | Learn |
| 314 | c4254c66-b8a5-47aa-82f6-e7d7fb418f47 | Microsoft.Network/publicIPAddresses | Security | Medium | Public IP addresses should have DDoS protection enabled | Learn |
| 315 | psqlf-001 | Microsoft.DBforPostgreSQL/flexibleServers | Monitoring and Alerting | Low | PostgreSQL should have diagnostic settings enabled | Learn |
| 316 | psqlf-003 | Microsoft.DBforPostgreSQL/flexibleServers | High Availability | High | PostgreSQL should have a SLA | Learn |
| 317 | psqlf-004 | Microsoft.DBforPostgreSQL/flexibleServers | Security | High | PostgreSQL should have private access enabled | Learn |
| 318 | psqlf-006 | Microsoft.DBforPostgreSQL/flexibleServers | Governance | Low | PostgreSQL Name should comply with naming conventions | Learn |
| 319 | psqlf-007 | Microsoft.DBforPostgreSQL/flexibleServers | Governance | Low | PostgreSQL should have tags | Learn |
| 320 | ca87914f-aac4-4783-ab67-82a6f936f194 | Microsoft.DBforPostgreSQL/flexibleServers | HighAvailability | High | Enable HA with zone redundancy | Learn |
| 321 | b2bad57d-7e03-4c0f-9024-597c9eb295bb | Microsoft.DBforPostgreSQL/flexibleServers | Scalability | High | Enable custom maintenance schedule | Learn |
| 322 | 31f4ac4b-29cb-4588-8de2-d8fe6f13ceb3 | Microsoft.DBforPostgreSQL/flexibleServers | DisasterRecovery | High | Configure geo redundant backup storage | Learn |
| 323 | 2ab85a67-26be-4ed2-a0bb-101b2513ec63 | Microsoft.DBforPostgreSQL/flexibleServers | DisasterRecovery | High | Configure one or more read replicas | Learn |
| 324 | psql-001 | Microsoft.DBforPostgreSQL/servers | Monitoring and Alerting | Low | PostgreSQL should have diagnostic settings enabled | Learn |
| 325 | psql-003 | Microsoft.DBforPostgreSQL/servers | High Availability | High | PostgreSQL should have a SLA | Learn |
| 326 | psql-004 | Microsoft.DBforPostgreSQL/servers | Security | High | PostgreSQL should have private endpoints enabled | Learn |
| 327 | psql-006 | Microsoft.DBforPostgreSQL/servers | Governance | Low | PostgreSQL Name should comply with naming conventions | Learn |
| 328 | psql-007 | Microsoft.DBforPostgreSQL/servers | Governance | Low | PostgreSQL should have tags | Learn |
| 329 | psql-008 | Microsoft.DBforPostgreSQL/servers | Security | High | PostgreSQL should enforce SSL | Learn |
| 330 | psql-009 | Microsoft.DBforPostgreSQL/servers | Security | Low | PostgreSQL should enforce TLS >= 1.2 | Learn |
| 331 | udr-003 | Microsoft.Network/routeTables | High Availability | High | Rout Table SLA | Learn |
| 332 | udr-006 | Microsoft.Network/routeTables | Governance | Low | Rout Table Name should comply with naming conventions | Learn |
| 333 | udr-007 | Microsoft.Network/routeTables | Governance | Low | Rout Table should have tags | Learn |
| 334 | 23b2dfc7-7e5d-9443-9f62-980ca621b561 | Microsoft.Network/routeTables | MonitoringAndAlerting | High | Monitor changes in Route Tables with Azure Monitor | Learn |
| 335 | 17e877f7-3a89-4205-8a24-0670de54ddcd | Microsoft.RecoveryServices/vaults | DisasterRecovery | High | Validate VM functionality with a Site Recovery test failover to check performance at target | Learn |
| 336 | 1549b91f-2ea0-4d4f-ba2a-4596becbe3de | Microsoft.RecoveryServices/vaults | DisasterRecovery | Medium | Enable Cross Region Restore for your GRS Recovery Services Vault | Learn |
| 337 | 9e39919b-78af-4a0b-b70f-c548dae97c25 | Microsoft.RecoveryServices/vaults | DisasterRecovery | Medium | Enable Soft Delete for Recovery Services Vaults in Azure Backup | Learn |
| 338 | redis-001 | Microsoft.Cache/Redis | Monitoring and Alerting | Low | Redis should have diagnostic settings enabled | Learn |
| 339 | redis-003 | Microsoft.Cache/Redis | High Availability | High | Redis should have a SLA | Learn |
| 340 | redis-006 | Microsoft.Cache/Redis | Governance | Low | Redis Name should comply with naming conventions | Learn |
| 341 | redis-007 | Microsoft.Cache/Redis | Governance | Low | Redis should have tags | Learn |
| 342 | redis-008 | Microsoft.Cache/Redis | Security | High | Redis should not enable non SSL ports | Learn |
| 343 | redis-009 | Microsoft.Cache/Redis | Security | Low | Redis should enforce TLS >= 1.2 | Learn |
| 344 | 5a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8 | Microsoft.Cache/Redis | HighAvailability | High | Enable zone redundancy for Azure Cache for Redis | Learn |
| 345 | c474fc96-4e6a-4fb0-95d0-a26b3f35933c | Microsoft.Cache/redis | Security | Medium | Configure Private Endpoints | Learn |
| 346 | sb-001 | Microsoft.ServiceBus/namespaces | Monitoring and Alerting | Low | Service Bus should have diagnostic settings enabled | Learn |
| 347 | sb-003 | Microsoft.ServiceBus/namespaces | High Availability | High | Service Bus should have a SLA | Learn |
| 348 | sb-004 | Microsoft.ServiceBus/namespaces | Security | High | Service Bus should have private endpoints enabled | Learn |
| 349 | sb-006 | Microsoft.ServiceBus/namespaces | Governance | Low | Service Bus Name should comply with naming conventions | Learn |
| 350 | sb-007 | Microsoft.ServiceBus/namespaces | Governance | Low | Service Bus should have tags | Learn |
| 351 | sb-008 | Microsoft.ServiceBus/namespaces | Security | Medium | Service Bus should have local authentication disabled | Learn |
| 352 | f075a1bd-de9e-4819-9a1d-1ac41037a74f | Microsoft.ServiceBus/namespaces | ServiceUpgradeAndRetirement | High | Configure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higher | Learn |
| 353 | sigr-001 | Microsoft.SignalRService/SignalR | Monitoring and Alerting | Low | SignalR should have diagnostic settings enabled | Learn |
| 354 | sigr-003 | Microsoft.SignalRService/SignalR | High Availability | High | SignalR should have a SLA | Learn |
| 355 | sigr-004 | Microsoft.SignalRService/SignalR | Security | High | SignalR should have private endpoints enabled | Learn |
| 356 | sigr-006 | Microsoft.SignalRService/SignalR | Governance | Low | SignalR Name should comply with naming conventions | Learn |
| 357 | sigr-007 | Microsoft.SignalRService/SignalR | Governance | Low | SignalR should have tags | Learn |
| 358 | 6a8b3db9-5773-413a-a127-4f7032f34bbd | Microsoft.SignalRService/SignalR | HighAvailability | High | Enable zone redundancy for SignalR | Learn |
| 359 | sql-004 | Microsoft.Sql/servers | Security | High | SQL should have private endpoints enabled | Learn |
| 360 | sql-006 | Microsoft.Sql/servers | Governance | Low | SQL Name should comply with naming conventions | Learn |
| 361 | sql-007 | Microsoft.Sql/servers | Governance | Low | SQL should have tags | Learn |
| 362 | sql-008 | Microsoft.Sql/servers | Security | Low | SQL should enforce TLS >= 1.2 | Learn |
| 363 | sqldb-001 | Microsoft.Sql/servers/databases | Monitoring and Alerting | Low | SQL Database should have diagnostic settings enabled | Learn |
| 364 | sqldb-003 | Microsoft.Sql/servers/databases | High Availability | High | SQL Database should have a SLA | Learn |
| 365 | sqldb-006 | Microsoft.Sql/servers/databases | Governance | Low | SQL Database Name should comply with naming conventions | Learn |
| 366 | sqldb-007 | Microsoft.Sql/servers/databases | Governance | Low | SQL Database should have tags | Learn |
| 367 | sqlep-002 | Microsoft.Sql/servers/elasticPools | Governance | Low | SQL Elastic Pool Name should comply with naming conventions | Learn |
| 368 | sqlep-003 | Microsoft.Sql/servers/elasticPools | Governance | Low | SQL Elastic Pool should have tags | Learn |
| 369 | 74c2491d-048b-0041-a140-935960220e20 | Microsoft.Sql/servers | DisasterRecovery | High | Use Active Geo Replication to Create a Readable Secondary in Another Region | Learn |
| 370 | 943c168a-2ec2-a94c-8015-85732a1b4859 | Microsoft.Sql/servers | DisasterRecovery | High | Auto Failover Groups can encompass one or multiple databases, usually used by the same app. | Learn |
| 371 | c0085c32-84c0-c247-bfa9-e70977cbf108 | Microsoft.Sql/servers | HighAvailability | Medium | Enable zone redundancy for Azure SQL Database to achieve high availability and resiliency | Learn |
| 372 | 7e7daec9-6a81-3546-a4cc-9aef72fec1f7 | Microsoft.Sql/servers | MonitoringAndAlerting | High | Monitor your Azure SQL Database in Near Real-Time to Detect Reliability Incidents | Learn |
| 373 | syndp-001 | Microsoft.Synapse/workspaces/sqlPools | Governance | Low | Azure Synapse Dedicated SQL Pool Name should comply with naming conventions | Learn |
| 374 | syndp-002 | Microsoft.Synapse/workspaces/sqlPools | High Availability | High | Azure Synapse Dedicated SQL Pool SLA | Learn |
| 375 | syndp-003 | Microsoft.Synapse/workspaces/sqlPools | Governance | Low | Azure Synapse Dedicated SQL Pool should have tags | Learn |
| 376 | synsp-001 | Microsoft.Synapse workspaces/bigDataPools | Governance | Low | Azure Synapse Spark Pool Name should comply with naming conventions | Learn |
| 377 | synsp-002 | Microsoft.Synapse workspaces/bigDataPools | High Availability | High | Azure Synapse Spark Pool SLA | Learn |
| 378 | synsp-003 | Microsoft.Synapse workspaces/bigDataPools | Governance | Low | Azure Synapse Spark Pool should have tags | Learn |
| 379 | synw-001 | Microsoft.Synapse/workspaces | Monitoring and Alerting | Low | Azure Synapse Workspace should have diagnostic settings enabled | Learn |
| 380 | synw-002 | Microsoft.Synapse/workspaces | Security | High | Azure Synapse Workspace should have private endpoints enabled | Learn |
| 381 | synw-003 | Microsoft.Synapse/workspaces | High Availability | High | Azure Synapse Workspace SLA | Learn |
| 382 | synw-004 | Microsoft.Synapse/workspaces | Governance | Low | Azure Synapse Workspace Name should comply with naming conventions | Learn |
| 383 | synw-005 | Microsoft.Synapse/workspaces | Governance | Low | Azure Synapse Workspace should have tags | Learn |
| 384 | synw-006 | Microsoft.Synapse/workspaces | Security | High | Azure Synapse Workspace should establish network segmentation boundaries | Learn |
| 385 | synw-007 | Microsoft.Synapse/workspaces | Security | High | Azure Synapse Workspace should disable public network access | Learn |
| 386 | traf-001 | Microsoft.Network/trafficManagerProfiles | Monitoring and Alerting | Low | Traffic Manager should have diagnostic settings enabled | Learn |
| 387 | traf-002 | Microsoft.Network/trafficManagerProfiles | High Availability | High | Traffic Manager should have availability zones enabled | Learn |
| 388 | traf-003 | Microsoft.Network/trafficManagerProfiles | High Availability | High | Traffic Manager should have a SLA | Learn |
| 389 | traf-006 | Microsoft.Network/trafficManagerProfiles | Governance | Low | Traffic Manager Name should comply with naming conventions | Learn |
| 390 | traf-007 | Microsoft.Network/trafficManagerProfiles | Governance | Low | Traffic Manager should have tags | Learn |
| 391 | traf-009 | Microsoft.Network/trafficManagerProfiles | Security | High | Traffic Manager: HTTP endpoints should be monitored using HTTPS | Learn |
| 392 | f05a3e6d-49db-2740-88e2-2b13706c1f67 | Microsoft.Network/trafficManagerProfiles | HighAvailability | High | Traffic Manager Monitor Status Should be Online | Learn |
| 393 | 5b422a7f-8caa-3d48-becb-511599e5bba9 | Microsoft.Network/trafficManagerProfiles | HighAvailability | Medium | Traffic manager profiles should have more than one endpoint | Learn |
| 394 | 1ad9d7b7-9692-1441-a8f4-93792efbe97a | Microsoft.Network/trafficManagerProfiles | DisasterRecovery | Medium | Configure at least one endpoint within a another region | Learn |
| 395 | c31f76a0-48cd-9f44-aa43-99ee904db9bc | Microsoft.Network/trafficManagerProfiles | DisasterRecovery | High | Ensure endpoint configured to (All World) for geographic profiles | Learn |
| 396 | 9437634c-d69e-2747-b13e-631c13182150 | Microsoft.Network/trafficManagerProfiles | BusinessContinuity | High | Avoid combining Traffic Manager and Front Door | Learn |
| 397 | st-001 | Microsoft.Storage/storageAccounts | Monitoring and Alerting | Low | Storage should have diagnostic settings enabled | Learn |
| 398 | st-003 | Microsoft.Storage/storageAccounts | High Availability | High | Storage should have a SLA | Learn |
| 399 | st-006 | Microsoft.Storage/storageAccounts | Governance | Low | Storage Name should comply with naming conventions | Learn |
| 400 | st-007 | Microsoft.Storage/storageAccounts | Security | High | Storage Account should use HTTPS only | Learn |
| 401 | st-008 | Microsoft.Storage/storageAccounts | Governance | Low | Storage Account should have tags | Learn |
| 402 | st-009 | Microsoft.Storage/storageAccounts | Security | Low | Storage Account should enforce TLS >= 1.2 | Learn |
| 403 | st-010 | Microsoft.Storage/storageAccounts | Disaster Recovery | Low | Storage Account should have inmutable storage versioning enabled | Learn |
| 404 | st-011 | Microsoft.Storage/storageAccounts | Disaster Recovery | Medium | Storage Account should have soft delete enabled | Learn |
| 405 | 2ad78dec-5a4d-4a30-8fd1-8584335ad781 | Microsoft.Storage/storageAccounts | Scalability | Low | Consider upgrading legacy storage accounts to v2 storage accounts | Learn |
| 406 | dc55be60-6f8c-461e-a9d5-a3c7686ed94e | Microsoft.Storage/storageAccounts | Security | Medium | Enable Azure Private Link service for storage accounts | Learn |
| 407 | e6c7e1cc-2f47-264d-aa50-1da421314472 | Microsoft.Storage/storageAccounts | HighAvailability | High | Ensure that storage accounts are zone or region redundant | Learn |
| 408 | 979ff8be-5f3a-4d8e-9aa3-407ecdd6d6f7 | Microsoft.DesktopVirtualization/hostPools | Governance | Medium | Configure host pool scheduled agent updates | Learn |
| 409 | vm-003 | Microsoft.Compute/virtualMachines | High Availability | High | Virtual Machine should have a SLA | Learn |
| 410 | vm-006 | Microsoft.Compute/virtualMachines | Governance | Low | Virtual Machine Name should comply with naming conventions | Learn |
| 411 | vm-007 | Microsoft.Compute/virtualMachines | Governance | Low | Virtual Machine should have tags | Learn |
| 412 | 2bd0be95-a825-6f47-a8c6-3db1fb5eb387 | Microsoft.Compute/virtualMachines | HighAvailability | High | Deploy VMs across Availability Zones | Learn |
| 413 | 41a22a5e-5e08-9647-92d0-2ffe9ef1bdad | Microsoft.Compute/virtualMachines | Security | Medium | IP Forwarding should only be enabled for Network Virtual Appliances | Learn |
| 414 | 52ab9e5c-eec0-3148-8bd7-b6dd9e1be870 | Microsoft.Compute/virtualMachines | HighAvailability | High | Use maintenance configurations for the VMs | Learn |
| 415 | 4a9d8973-6dba-0042-b3aa-07924877ebd5 | Microsoft.Compute/virtualMachines | MonitoringAndAlerting | Low | Configure monitoring for all Azure Virtual Machines | Learn |
| 416 | 3201dba8-d1da-4826-98a4-104066545170 | Microsoft.Compute/virtualMachines | Scalability | High | Don’t use A or B-Series VMs for production needing constant full CPU performance | Learn |
| 417 | 1981f704-97b9-b645-9c57-33f8ded9261a | Microsoft.Compute/virtualMachines | DisasterRecovery | Medium | Backup VMs with Azure Backup service | Learn |
| 418 | 98b334c0-8578-6046-9e43-b6e8fce6318e | Microsoft.Compute/virtualMachines | Governance | Low | Review VMs in stopped state | Learn |
| 419 | 70b1d2be-e6c4-b54e-9959-b1b690f9e485 | Microsoft.Compute/virtualMachines | Security | Low | Network access to the VM disk should be set to Disable public access and enable private access | Learn |
| 420 | b72214bb-e879-5f4b-b9cd-642db84f36f4 | Microsoft.Compute/virtualMachines | MonitoringAndAlerting | Low | Enable VM Insights | Learn |
| 421 | 4ea2878f-0d69-8d4a-b715-afc10d1e538e | Microsoft.Compute/virtualMachines | Scalability | Low | Host database data on a data disk | Learn |
| 422 | 1f629a30-c9d0-d241-82ee-6f2eb9d42cb4 | Microsoft.Compute/virtualMachines | Security | Medium | VMs should not have a Public IP directly associated | Learn |
| 423 | 1cf8fe21-9593-1e4e-966b-779a294c0d30 | Microsoft.Compute/virtualMachines | OtherBestPractices | Low | Customer DNS Servers should be configured in the Virtual Network level | Learn |
| 424 | df0ff862-814d-45a3-95e4-4fad5a244ba6 | Microsoft.Compute/virtualMachines | Scalability | High | Mission Critical Workloads should consider using Premium or Ultra Disks | Learn |
| 425 | a8d25876-7951-b646-b4e8-880c9031596b | Microsoft.Compute/virtualMachines | HighAvailability | High | Migrate VMs using availability sets to VMSS Flex | Learn |
| 426 | cfe22a65-b1db-fd41-9e8e-d573922709ae | Microsoft.Compute/virtualMachines | DisasterRecovery | Medium | Replicate VMs using Azure Site Recovery | Learn |
| 427 | 82b3cf6b-9ae2-2e44-b193-10793213f676 | Microsoft.Compute/virtualMachines | Security | Low | VM network interfaces and associated subnets both have a Network Security Group associated | Learn |
| 428 | 302fda08-ee65-4fbe-a916-6dc0b33169c4 | Microsoft.Compute/virtualMachines | HighAvailability | High | Reserve Compute Capacity for critical workloads | Learn |
| 429 | 122d11d7-b91f-8747-a562-f56b79bcfbdc | Microsoft.Compute/virtualMachines | HighAvailability | High | Use Managed Disks for VM disks | Learn |
| 430 | dfedbeb1-1519-fc47-86a5-52f96cf07105 | Microsoft.Compute/virtualMachines | Scalability | Medium | Enable Accelerated Networking (AccelNet) | Learn |
| 431 | c42343ae-2712-2843-a285-3437eb0b28a1 | Microsoft.Compute/virtualMachines | Governance | Low | Ensure that your VMs are compliant with Azure Policies | Learn |
| 432 | 273f6b30-68e0-4241-85ea-acf15ffb60bf | Microsoft.Compute/virtualMachines | HighAvailability | High | Run production workloads on two or more VMs using VMSS Flex | Learn |
| 433 | f0a97179-133a-6e4f-8a49-8a44da73ffce | Microsoft.Compute/virtualMachines | Security | High | Virtual Machines should have Azure Disk Encryption or EncryptionAtHost enabled | Learn |
| 434 | vmss-003 | Microsoft.Compute/virtualMachineScaleSets | High Availability | High | Virtual Machine should have a SLA | Learn |
| 435 | vmss-004 | Microsoft.Compute/virtualMachineScaleSets | Governance | Low | Virtual Machine Scale Set Name should comply with naming conventions | Learn |
| 436 | vmss-005 | Microsoft.Compute/virtualMachineScaleSets | Governance | Low | Virtual Machine Scale Set should have tags | Learn |
| 437 | 3f85a51c-e286-9f44-b4dc-51d00768696c | Microsoft.Compute/virtualMachineScaleSets | Scalability | Low | Enable Predictive autoscale and configure at least for Forecast Only | Learn |
| 438 | b5a63aa0-c58e-244f-b8a6-cbba0560a6db | Microsoft.Compute/virtualMachineScaleSets | HighAvailability | High | Disable Force strictly even balance across zones to avoid scale in and out fail attempts | Learn |
| 439 | 1422c567-782c-7148-ac7c-5fc14cf45adc | Microsoft.Compute/virtualMachineScaleSets | HighAvailability | High | Deploy VMSS across availability zones with VMSS Flex | Learn |
| 440 | e7495e1c-0c75-0946-b266-b429b5c7f3bf | Microsoft.Compute/virtualMachineScaleSets | Scalability | Medium | Deploy VMSS with Flex orchestration mode instead of Uniform | Learn |
| 441 | ee66ff65-9aa3-2345-93c1-25827cf79f44 | Microsoft.Compute/virtualMachineScaleSets | Scalability | High | Configure VMSS Autoscale to custom and configure the scaling metrics | Learn |
| 442 | e4ffd7b0-ba24-c84e-9352-ba4819f908c0 | Microsoft.Compute/virtualMachineScaleSets | OtherBestPractices | Low | Set Patch orchestration options to Azure-orchestrated | Learn |
| 443 | 94794d2a-eff0-2345-9b67-6f9349d0a627 | Microsoft.Compute/virtualMachineScaleSets | MonitoringAndAlerting | Medium | Enable Azure Virtual Machine Scale Set Application Health Monitoring | Learn |
| 444 | 820f4743-1f94-e946-ae0b-45efafd87962 | Microsoft.Compute/virtualMachineScaleSets | HighAvailability | High | Enable Automatic Repair Policy on Azure Virtual Machine Scale Sets | Learn |
| 445 | vnet-001 | Microsoft.Network/virtualNetworks | Monitoring and Alerting | Low | Virtual Network should have diagnostic settings enabled | Learn |
| 446 | vnet-006 | Microsoft.Network/virtualNetworks | Governance | Low | Virtual Network Name should comply with naming conventions | Learn |
| 447 | vnet-007 | Microsoft.Network/virtualNetworks | Governance | Low | Virtual Network should have tags | Learn |
| 448 | vnet-009 | Microsoft.Network/virtualNetworks | High Availability | High | Virtual Network should have at least two DNS servers assigned | Learn |
| 449 | 69ea1185-19b7-de40-9da1-9e8493547a5c | Microsoft.Network/virtualNetworks | Security | High | Shield public endpoints in Azure VNets with Azure DDoS Standard Protection Plans | Learn |
| 450 | 24ae3773-cc2c-3649-88de-c9788e25b463 | Microsoft.Network/virtualNetworks | Security | Medium | When available, use Private Endpoints instead of Service Endpoints for PaaS Services | Learn |
| 451 | f0bf9ae6-25a5-974d-87d5-025abec73539 | Microsoft.Network/virtualNetworks | Security | Low | All Subnets should have a Network Security Group associated | Learn |
| 452 | vgw-001 | Microsoft.Network/virtualNetworkGateways | Monitoring and Alerting | Low | Virtual Network Gateway should have diagnostic settings enabled | Learn |
| 453 | vgw-002 | Microsoft.Network/virtualNetworkGateways | Governance | Low | Virtual Network Gateway Name should comply with naming conventions | Learn |
| 454 | vgw-003 | Microsoft.Network/virtualNetworkGateways | Governance | Low | Virtual Network Gateway should have tags | Learn |
| 455 | vgw-004 | Microsoft.Network/virtualNetworkGateways | High Availability | High | Virtual Network Gateway should have a SLA | Learn |
| 456 | vgw-005 | Microsoft.Network/virtualNetworkGateways | High Availability | High | Storage should have availability zones enabled | Learn |
| 457 | 281a2713-c0e0-3c48-b596-19f590c46671 | Microsoft.Network/virtualNetworkGateways | HighAvailability | Medium | Enable Active-Active VPN Gateways for redundancy | Learn |
| 458 | bbe668b7-eb5c-c746-8b82-70afdedf0cae | Microsoft.Network/virtualNetworkGateways | HighAvailability | High | Use Zone-redundant ExpressRoute gateway SKUs | Learn |
| 459 | 5b1933a6-90e4-f642-a01f-e58594e5aab2 | Microsoft.Network/virtualNetworkGateways | HighAvailability | High | Choose a Zone-redundant VPN gateway | Learn |
| 460 | 4bae5a28-5cf4-40d9-bcf1-623d28f6d917 | Microsoft.Network/virtualNetworkGateways | HighAvailability | High | Deploy zone-redundant VPN gateways with zone-redundant Public IP(s) | Learn |
| 461 | d37db635-157f-584d-9bce-4f6fc8c65ce5 | Microsoft.Network/virtualNetworkGateways | HighAvailability | High | Connect ExpressRoute gateway with circuits from diverse peering locations | Learn |
| 462 | 3e115044-a3aa-433e-be01-ce17d67e50da | Microsoft.Network/virtualNetworkGateways | HighAvailability | High | Configure customer-controlled ExpressRoute gateway maintenance | Learn |
| 463 | wps-001 | Microsoft.SignalRService/webPubSub | Monitoring and Alerting | Low | Web Pub Sub should have diagnostic settings enabled | Learn |
| 464 | wps-002 | Microsoft.SignalRService/webPubSub | High Availability | High | Web Pub Sub should have availability zones enabled | Learn |
| 465 | wps-003 | Microsoft.SignalRService/webPubSub | High Availability | High | Web Pub Sub should have a SLA | Learn |
| 466 | wps-004 | Microsoft.SignalRService/webPubSub | Security | High | Web Pub Sub should have private endpoints enabled | Learn |
| 467 | wps-006 | Microsoft.SignalRService/webPubSub | Governance | Low | Web Pub Sub Name should comply with naming conventions | Learn |
| 468 | wps-007 | Microsoft.SignalRService/webPubSub | Governance | Low | Web Pub Sub should have tags | Learn |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified December 10, 2024: feat: updated aprl to add disk scanning, fixes #274 (4891102)