Recommendations

Recommendations

Azure Quick Review checks the following recommendations for Azure resources. The recommendations are categorized based on their impact and category:

## Recommendations List

Total Supported Azure Resource Types: 105

IdResource TypeCategoryImpactRecommendationLearn
1005ccbbd-aeab-46ef-80bd-9bd4479412ecMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure user nodepool countLearn
2029208c8-5186-4a76-8ee8-6e3445fef4ddMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor Memory Utilization to ensure sufficient resources for workloadsLearn
302bdbdb8-d138-4090-951c-23e45b8700f7Microsoft.Network/vpnSitesDisasterRecoveryMediumConfigure diverse VPN Site links to different VPN concentrators on-premisesLearn
403f4a7d8-c5b4-7842-8e6e-14997a34842bMicrosoft.ContainerRegistry/registriesOtherBestPracticesMediumDisable anonymous pull accessLearn
50611251f-e70f-4243-8ddd-cfe894bec2e7Microsoft.ContainerService/managedClustersHighAvailabilityHighUpdate AKS tier to Standard or PremiumLearn
606b77be9-56a3-4d41-b362-8b295c5a283dMicrosoft.Network/virtualNetworksMonitoringAndAlertingMediumEnable Virtual Network Flow LogsLearn
70b1c2d3e-4f5a-6b7c-8d9e-0f1a2b3c4d5eMicrosoft.Network/ddosProtectionPlansGovernanceMediumDDoS protection without protected resourcesLearn
80b80b67c-afbe-4988-ad58-a85a146b681eMicrosoft.Web/sitesOtherBestPracticesMediumStore configuration as app settings for Web SitesLearn
90bee356b-7348-4799-8cab-0c71ffe13018Microsoft.Network/ExpressRoutePortsScalabilityMediumEnsure ExpressRoute Direct is not over-subscribedLearn
100d1e2f3a-4b5c-6d7e-8f9a-0b1c2d3e4f5aMicrosoft.Network/frontDoorWebApplicationFirewallPoliciesGovernanceMediumFront Door WAF Policy without associationsLearn
1110f02bc6-e2e7-004d-a2c2-f9bf9f16b915Microsoft.Network/applicationGatewaysHighAvailabilityMediumPlan for backend maintenance by using connection drainingLearn
12122d11d7-b91f-8747-a562-f56b79bcfbdcMicrosoft.Compute/virtualMachinesHighAvailabilityHighUse Managed Disks for VM disksLearn
1313794a63-8d95-47ce-acbd-5925ede5b208Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighEnsure to create Machine Learning Compute resources in secondary regionLearn
141422c567-782c-7148-ac7c-5fc14cf45adcMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDeploy VMSS across availability zones with VMSS FlexLearn
151549b91f-2ea0-4d4f-ba2a-4596becbe3deMicrosoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Cross Region Restore for your GRS Recovery Services VaultLearn
1615e2712c-f3ea-4a8d-9081-11e822b1ccfbMicrosoft.Sql/managedInstancesDisasterRecoveryHighUse Zone-redundant or Geo-zone-redundant Backup storage redundancyLearn
1717e877f7-3a89-4205-8a24-0670de54ddcdMicrosoft.Compute/virtualMachinesDisasterRecoveryHighValidate VM functionality with a Site Recovery test failover to check performance at targetLearn
1817e8d380-e4b4-41a1-9b37-2e4df9fd5125Microsoft.Network/expressRouteGatewaysMonitoringAndAlertingHighMonitor health for ExpressRoute gatewayLearn
191981f704-97b9-b645-9c57-33f8ded9261aMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumBackup VMs with Azure Backup serviceLearn
201a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6dMicrosoft.Web/serverFarmsGovernanceMediumApp Service plans without hosting AppsLearn
211adba190-5c4c-e646-8527-dd1b2a6d8b15Microsoft.Network/publicIPAddressesHighAvailabilityMediumUse NAT gateway for outbound connectivity to avoid SNAT ExhaustionLearn
221c2d3e4f-5a6b-7c8d-9e0f-1a2b3c4d5e6fMicrosoft.Resources/resourceGroupsGovernanceMediumResource Groups without resourcesLearn
231cca00d2-d9ab-8e42-a788-5d40f49405cbMicrosoft.KeyVault/vaultsDisasterRecoveryHighKey vaults should have soft delete enabledLearn
241e28bbc1-1eb7-486f-8d7f-93943f40219cMicrosoft.Network/networkWatchersMonitoringAndAlertingMediumConfigure Network Watcher Connection monitorLearn
251e2f3a4b-5c6d-7e8f-9a0b-1c2d3e4f5a6bMicrosoft.Network/trafficManagerProfilesGovernanceMediumTraffic Manager without endpointsLearn
262102a57a-a056-4d5e-afe5-9df9f92177caMicrosoft.AppConfiguration/configurationStoresHighAvailabilityHighUpgrade to App Configuration Standard tierLearn
2721fb841b-ba70-1f4e-a460-1f72fb41aa51Microsoft.VirtualMachineImages/imageTemplatesDisasterRecoveryLowReplicate your Image Templates to a secondary regionLearn
2823b2dfc7-7e5d-9443-9f62-980ca621b561Microsoft.Network/routeTablesMonitoringAndAlertingMediumMonitor changes in Route Tables with Azure MonitorLearn
29269a9f1a-6675-460a-831e-b05a887a8c4bMicrosoft.ContainerService/managedClustersDisasterRecoveryLowBack up Azure Kubernetes ServiceLearn
30273f6b30-68e0-4241-85ea-acf15ffb60bfMicrosoft.Compute/virtualMachinesHighAvailabilityHighRun production workloads on two or more VMs using VMSS FlexLearn
31281a2713-c0e0-3c48-b596-19f590c46671Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumEnable Active-Active VPN Gateways for redundancyLearn
322912472d-0198-4bdc-aa90-37f145790edcMicrosoft.RecoveryServices/vaultsMonitoringAndAlertingMediumMigrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services VaultsLearn
332ab85a67-26be-4ed2-a0bb-101b2513ec63Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
342ad78dec-5a4d-4a30-8fd1-8584335ad781Microsoft.Storage/storageAccountsScalabilityLowConsider upgrading legacy storage accounts to v2 storage accountsLearn
352b3c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7eMicrosoft.Compute/availabilitySetsGovernanceMediumAvailability Sets not associated to any VM or VMSSLearn
362bd0be95-a825-6f47-a8c6-3db1fb5eb387Microsoft.Compute/virtualMachinesHighAvailabilityHighDeploy VMs across Availability ZonesLearn
372d3e4f5a-6b7c-8d9e-0f1a-2b3c4d5e6f7aMicrosoft.Web/connectionsGovernanceMediumAPI Connections not related to any Logic AppLearn
382f3a4b5c-6d7e-8f9a-0b1c-2d3e4f5a6b7cMicrosoft.Network/applicationGatewaysGovernanceMediumApplication Gateways without backend targetsLearn
39302fda08-ee65-4fbe-a916-6dc0b33169c4Microsoft.Compute/virtualMachinesHighAvailabilityHighReserve Compute Capacity for critical workloadsLearn
4030ec8a5e-46de-4323-87e9-a7c56b72813bMicrosoft.Network/virtualHubsMonitoringAndAlertingMediumMonitor health for v-HubsLearn
4131f4ac4b-29cb-4588-8de2-d8fe6f13ceb3Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
423201dba8-d1da-4826-98a4-104066545170Microsoft.Compute/virtualMachinesScalabilityHighDon’t use A or B-Series VMs for production needing constant full CPU performanceLearn
433263a64a-c256-de48-9818-afd3cbc55c2aMicrosoft.Compute/disksOtherBestPracticesMediumShared disks should only be enabled in clustered serversLearn
443538aa48-c40b-455b-a93b-269fe6e65be2Microsoft.Network/privateDnsZonesDisasterRecoveryMediumEnsure Time-To-Live (TTL) is set appropriately to ensure RTOs can be metLearn
4536ea6c09-ef6e-d743-9cfb-bd0c928a430bMicrosoft.ContainerRegistry/registriesDisasterRecoveryHighCreate container registries with geo-replication enabledLearn
4638c3bca1-97a1-eb42-8cd3-838b243f35baMicrosoft.Network/loadBalancersHighAvailabilityHighUse Standard Load Balancer SKULearn
473a4b5c6d-7e8f-9a0b-1c2d-3e4f5a6b7c8dMicrosoft.Network/virtualNetworksGovernanceMediumVirtual Networks without subnetsLearn
483c4d5e6f-7a8b-9c0d-1e2f-3a4b5c6d7e8fMicrosoft.Compute/disksGovernanceMediumManaged Disks with ‘Unattached’ stateLearn
493c8fa7c6-6b78-a24a-a63f-348a7c71acb9Microsoft.Network/azureFirewallsMonitoringAndAlertingHighMonitor Azure Firewall metricsLearn
503e115044-a3aa-433e-be01-ce17d67e50daMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled ExpressRoute gateway maintenanceLearn
513e4f5a6b-7c8d-9e0f-1a2b-3c4d5e6f7a8bMicrosoft.Web/certificatesGovernanceMediumExpired certificatesLearn
523f85a51c-e286-9f44-b4dc-51d00768696cMicrosoft.Compute/virtualMachineScaleSetsScalabilityLowEnable Predictive autoscale and configure at least for Forecast OnlyLearn
5341a22a5e-5e08-9647-92d0-2ffe9ef1bdadMicrosoft.Compute/virtualMachinesOtherBestPracticesMediumIP Forwarding should only be enabled for Network Virtual AppliancesLearn
544232eb32-3241-4049-9e14-9b8005817b56Microsoft.AVS/privateCloudsMonitoringAndAlertingHighConfigure Azure Monitor Alert warning thresholds for vSAN datastore utilizationLearn
5543663217-a1d3-844b-80ea-571a2ce37c6cMicrosoft.DocumentDB/databaseAccountsHighAvailabilityHighConfigure at least two regions for high availabilityLearn
5648ea6480-6263-40ba-8937-326d790e63f6Microsoft.MachineLearningServices/workspacesOtherBestPracticesHighMake Azure Machine Learning quota requests through the Azure Machine Learning StudioLearn
574b33324a-70cd-4bac-bdae-da4c382c436bOracle.Database/cloudVmClustersOtherBestPracticesHighEnsure ODAA clusters are in Available state under normal operationsLearn
584b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9eMicrosoft.Network/virtualNetworks/subnetsGovernanceMediumSubnets without Connected Devices or DelegationLearn
594bae5a28-5cf4-40d9-bcf1-623d28f6d917Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighDeploy VPN gateways with zone-redundant Public IPsLearn
604d5e6f7a-8b9c-0d1e-2f3a-4b5c6d7e8f9aMicrosoft.Sql/servers/elasticpoolsGovernanceMediumSQL elastic pool without databasesLearn
614e133bd0-8762-bc40-a95b-b29142427d73Microsoft.Network/networkWatchersMonitoringAndAlertingLowDeploy Network Watcher in all regions where you have networking servicesLearn
624ee5d535-c47b-470a-9557-4a3dd297d62fMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor CPU Utilization to ensure sufficient resources for workloadsLearn
634f63619f-5001-439c-bacb-8de891287727Microsoft.ContainerService/managedClustersHighAvailabilityHighDeploy AKS cluster across availability zonesLearn
6452ab9e5c-eec0-3148-8bd7-b6dd9e1be870Microsoft.Compute/virtualMachinesHighAvailabilityMediumUse maintenance configurations for the Dedicated and/or Isolated VM SKUsLearn
65560a76a7-8f64-4ce3-ad27-d174468861a1Microsoft.Network/expressRouteGatewaysHighAvailabilityMediumAvoid using ExpressRoute circuits for VNet to VNet communicationLearn
665a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8Microsoft.Cache/RedisHighAvailabilityHighEnable zone redundancy for Azure Cache for RedisLearn
675b1933a6-90e4-f642-a01f-e58594e5aab2Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighChoose a Zone-redundant VPN gatewayLearn
685b422a7f-8caa-3d48-becb-511599e5bba9Microsoft.Network/trafficManagerProfilesHighAvailabilityMediumTraffic manager profiles should have more than one endpointLearn
695c6d7e8f-9a0b-1c2d-3e4f-5a6b7c8d9e0fMicrosoft.Network/natGatewaysGovernanceMediumNAT Gateways not attached to any subnetLearn
705c96afc3-7d2e-46ff-a4c7-9c32850c441bMicrosoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
715cea1501-6fe4-4ec4-ac8f-f72320eb18d3Microsoft.Network/publicIPAddressesHighAvailabilityMediumUpgrade Basic SKU public IP addresses to Standard SKULearn
725d40d3d4-179d-4cf5-ac24-901210f512e7Microsoft.StreamAnalytics/streamingjobsHighAvailabilityHighMigrate Stream Analytics jobs to StandardV2 SKULearn
735e6f7a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0bMicrosoft.Network/publicIPAddressesGovernanceMediumPublic IPs not attached to any resourceLearn
745ee083cd-6ac3-4a83-8913-9549dd36cf56Microsoft.ContainerService/managedClustersHighAvailabilityHighIsolate system and application podsLearn
7560077378-7cb1-4b35-89bb-393884d9921dMicrosoft.Network/ExpressRoutePortsHighAvailabilityHighThe Admin State of both Links of an ExpressRoute Direct should be in Enabled stateLearn
76621dbc78-3745-4d32-8eac-9e65b27b7512Microsoft.Network/loadBalancersHighAvailabilityHighEnsure Standard Load Balancer is zone-redundantLearn
776293a3cc-6b4a-4c0f-9ea7-b8ae8d7dd3d5Microsoft.DBforPostgreSQL/flexibleServersScalabilityHighConfigure storage auto-growLearn
7863491f70-22e4-3b4a-8b0c-845450e46facMicrosoft.ContainerRegistry/registriesHighAvailabilityMediumEnable zone redundancyLearn
79675d249a-9486-45e3-8e89-863f5802782dMicrosoft.MachineLearningServices/workspacesDisasterRecoveryHighDeploy Azure Machine learning workspace in secondary regionLearn
806a8b3db9-5773-413a-a127-4f7032f34bbdMicrosoft.SignalRService/SignalRHighAvailabilityHighEnable zone redundancy for SignalRLearn
816cd57b65-ef84-4088-9ada-c0d8de74c2f7Microsoft.Dashboard/grafanaHighAvailabilityMediumEnable zone redundancy in Managed GrafanaLearn
826d7e8f9a-0b1c-2d3e-4f5a-6b7c8d9e0f1aMicrosoft.Network/ipGroupsGovernanceMediumIP Groups not attached to any Azure FirewallLearn
836d82d042-6d61-ad49-86f0-6a5455398081Microsoft.Network/loadBalancersHighAvailabilityHighEnsure the Backend Pool contains at least two instancesLearn
846e2af91f-477d-46a5-b8ce-6cd1b8176550Microsoft.MachineLearningServices/workspacesServiceUpgradeAndRetirementMediumChoose SKUs with longer terms and avoid those nearing retirementLearn
856e4f0fd1-1853-4b94-9736-6d6d239d2694Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighSelecting regions for BCDR, ensure that both regions offer adequate compute quotasLearn
866f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1cMicrosoft.Network/networkInterfacesGovernanceMediumNetwork Interfaces not attached to any resourceLearn
8770fcfe6d-00e9-5544-a63a-fff42b9f2edbMicrosoft.KeyVault/vaultsDisasterRecoveryMediumKey vaults should have purge protection enabledLearn
8873d1bb04-7d3e-0d47-bc0d-63afe773b5feMicrosoft.Compute/virtualMachinesOtherBestPracticesLowWhen AccelNet is enabled, you must manually update the GuestOS NIC driverLearn
89740f2c1c-8857-4648-80eb-47d2c56d5a50Microsoft.ApiManagement/serviceHighAvailabilityHighEnable Availability Zones on Premium API Management instancesLearn
907893f0b3-8622-1d47-beed-4b50a19f7895Microsoft.Network/applicationGatewaysScalabilityHighMigrate to Application Gateway v2Learn
917a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2dMicrosoft.Network/networkSecurityGroupsGovernanceMediumNetwork Security Groups not attached to any network interface or subnetLearn
927e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2bMicrosoft.Network/privateDnsZonesGovernanceMediumPrivate DNS zones without Virtual Network LinksLearn
937f7ae535-a5ba-4665-b7e0-c451dbdda01fMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure system nodepool countLearn
948176a79d-8645-4e52-96be-a10fc0204fe5Microsoft.DBforMySQL/flexibleServersScalabilityHighConfigure storage auto-growLearn
95820f4743-1f94-e946-ae0b-45efafd87962Microsoft.Compute/virtualMachineScaleSetsHighAvailabilityHighEnable Automatic Repair Policy on Azure Virtual Machine Scale SetsLearn
96823b0cff-05c0-2e4e-a1e7-9965e1cfa16fMicrosoft.Network/applicationGatewaysScalabilityMediumEnsure Autoscale feature has been enabledLearn
978364fd0a-7c0e-e240-9d95-4bf965aec243Microsoft.Network/applicationGatewaysOtherBestPracticesHighA minimum subnet size of /24 is recommended for Application Gateway v2 subnets.Learn
9884636c6c-b317-4722-b603-7b1ffc16384bMicrosoft.EventHub/namespacesHighAvailabilityHighEnsure zone redundancy is enabled in supported regionsLearn
99847a8d88-21c4-bc48-a94e-562206edd767Microsoft.Network/applicationGatewaysMonitoringAndAlertingHighUse Health Probes to detect backend availabilityLearn
100855ca19a-6518-4f2e-9e5a-01796fbca9f8Microsoft.Web/serverFarmsScalabilityHighSet minimum instance count to 2 for app serviceLearn
10188856605-53d8-4bbd-a75b-4a7b14939d32Microsoft.DBforMySQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
10288cb90c2-3b99-814b-9820-821a63f600ddMicrosoft.Web/serverFarmsHighAvailabilityHighMigrate App Service to availability Zone SupportLearn
1038b9c0d1e-2f3a-4b5c-6d7e-8f9a0b1c2d3eMicrosoft.Network/routeTablesGovernanceMediumRoute Tables not attached to any subnetLearn
1048bb4a57b-55e4-d24e-9c19-2679d8bc779fMicrosoft.Network/networkSecurityGroupsMonitoringAndAlertingLowMonitor changes in Network Security Groups with Azure MonitorLearn
1058d319a05-677b-944f-b9b4-ca0fb42e883cMicrosoft.Network/loadBalancersHighAvailabilityMediumUse NAT Gateway instead of Outbound Rules for Production WorkloadsLearn
1068f9a0b1c-2d3e-4f5a-6b7c-8d9e0f1a2b3cMicrosoft.Network/privateEndpointsGovernanceMediumPrivate Endpoints not connected to any resourceLearn
107902c82ff-4910-4b61-942d-0d6ef7f39b67Microsoft.ContainerService/managedClustersScalabilityHighEnable the cluster auto-scaler on an existing clusterLearn
108921631f6-ed59-49a5-94c1-f0f3ececa580Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEnable availability zonesLearn
1099437634c-d69e-2747-b13e-631c13182150Microsoft.Network/trafficManagerProfilesBusinessContinuityHighAvoid combining Traffic Manager and Front DoorLearn
11094794d2a-eff0-2345-9b67-6f9349d0a627Microsoft.Compute/virtualMachineScaleSetsMonitoringAndAlertingMediumEnable Azure Virtual Machine Scale Set Application Health MonitoringLearn
1119729c89d-8118-41b4-a39b-e12468fa872bMicrosoft.Subscription/SubscriptionsMonitoringAndAlertingHighConfigure Service Health AlertsLearn
112979ff8be-5f3a-4d8e-9aa3-407ecdd6d6f7Microsoft.DesktopVirtualization/hostPoolsOtherBestPracticesMediumConfigure host pool scheduled agent updatesLearn
11398f15850-f31e-4fb2-8874-74f5aabbcf91Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighEnsure checkpoints are used for AI training modelsLearn
1149a0b1c2d-3e4f-5a6b-7c8d-9e0f1a2b3c4dMicrosoft.Network/virtualNetworkGatewaysGovernanceMediumVirtual Network Gateways without Point-to-site configuration or ConnectionsLearn
1159c0d1e2f-3a4b-5c6d-7e8f-9a0b1c2d3e4fMicrosoft.Network/loadBalancersGovernanceMediumLoad Balancers with empty backend address poolsLearn
1169cabded7-a1fc-6e4a-944b-d7dd98ea31a2Microsoft.DocumentDB/databaseAccountsDisasterRecoveryHighEnable service-managed failover for multi-region accounts with single write regionLearn
1179ce78192-74a0-104c-b5bb-9a443f941649Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEvaluate multi-region write capabilityLearn
1189e39919b-78af-4a0b-b70f-c548dae97c25Microsoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Soft Delete for Recovery Services Vaults in Azure BackupLearn
1199ec5b4c8-3dd8-473a-86ee-3273290331b9Microsoft.AVS/privateCloudsHighAvailabilityLowEnable Stretched Clusters for Multi-AZ Availability of the vSAN DatastoreLearn
120a1d91661-32d4-430b-b3b6-5adeb0975df7Microsoft.Web/sitesOtherBestPracticesLowDeploy to a staging slotLearn
121a3058909-fcf8-4450-88b5-499f57449178Microsoft.AAD/domainServicesHighAvailabilityHighUse replica sets for resiliency or geolocation in Microsoft Entra Domain ServicesLearn
122a7bfcc18-b0d8-4d37-81f3-8131ed8bead5Microsoft.Compute/virtualMachineScaleSetsScalabilityMediumUse Ephemeral OS Disks for AKS VMSS Node PoolsLearn
123a86ed26a-59d9-47bd-b440-6bc71b843978Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighPlan for a multi-regional deployment of Azure Machine Learning and associated resourcesLearn
124a8d25876-7951-b646-b4e8-880c9031596bMicrosoft.Compute/virtualMachinesHighAvailabilityHighMigrate VMs using availability sets to VMSS FlexLearn
125aa-003Microsoft.Automation/automationAccountsSLAHighAutomation Account SLALearn
126adf-001microsoft.datafactory/factoriesMonitoringAndAlertingLowAzure Data Factory should have diagnostic settings enabledLearn
127adf-003Microsoft.DataFactory/factoriesSLAHighAzure Data Factory SLALearn
128afd-001microsoft.cdn/profilesMonitoringAndAlertingLowAzure FrontDoor should have diagnostic settings enabledLearn
129afd-003Microsoft.Cdn/profilesSLAHighAzure FrontDoor SLALearn
130afw-001microsoft.network/azurefirewallsMonitoringAndAlertingLowAzure Firewall should have diagnostic settings enabledLearn
131afw-003Microsoft.Network/azureFirewallsSLAHighAzure Firewall SLALearn
132agw-005microsoft.network/applicationgatewaysMonitoringAndAlertingLowApplication Gateway: Monitor and Log the configurations and trafficLearn
133agw-103Microsoft.Network/applicationGatewaysSLAHighApplication Gateway SLALearn
134aif-001microsoft.cognitiveservices/accountsMonitoringAndAlertingLowService should have diagnostic settings enabledLearn
135aif-003Microsoft.CognitiveServices/accountsSLAHighCognitive Services SLALearn
136aif-004Microsoft.CognitiveServices/accountsSecurityHighService should have private endpoints enabledLearn
137aif-008Microsoft.CognitiveServices/accountsSecurityMediumService should have local authentication disabledLearn
138aks-001microsoft.containerservice/managedclustersMonitoringAndAlertingLowAKS Cluster should have diagnostic settings enabledLearn
139aks-003Microsoft.ContainerService/managedClustersSLAHighAKS SLALearn
140aks-004Microsoft.ContainerService/managedClustersSecurityHighAKS Cluster should be privateLearn
141aks-007Microsoft.ContainerService/managedClustersSecurityMediumAKS should integrate authentication with AAD (Managed)Learn
142aks-010Microsoft.ContainerService/managedClustersSecurityMediumAKS should have httpApplicationRouting disabledLearn
143aks-012Microsoft.ContainerService/managedClustersSecurityHighAKS should have outbound type set to user defined routingLearn
144aks-016Microsoft.ContainerService/managedClustersScalabilityLowAKS Node Pools should have MaxSurge setLearn
145amg-002Microsoft.Dashboard/grafanaSLAHighAzure Managed Grafana SLALearn
146amg-004Microsoft.Dashboard/grafanaSecurityHighAzure Managed Grafana should disable public network accessLearn
147amg-005Microsoft.Dashboard/grafanaHighAvailabilityHighAzure Managed Grafana should have availability zones enabledLearn
148apim-001microsoft.apimanagement/serviceMonitoringAndAlertingLowAPIM should have diagnostic settings enabledLearn
149apim-003Microsoft.ApiManagement/serviceSLAHighAPI Management SLALearn
150apim-004Microsoft.ApiManagement/serviceSecurityHighAPIM should have private endpoints enabledLearn
151apim-008Microsoft.ApiManagement/serviceSecurityMediumAPIM should use Managed IdentitiesLearn
152apim-009Microsoft.ApiManagement/serviceSecurityHighAPIM should only accept a minimum of TLS 1.2Learn
153apim-010Microsoft.ApiManagement/serviceSecurityHighAPIM should should not accept weak or deprecated ciphers.Learn
154apim-011Microsoft.ApiManagement/serviceSecurityHighAPIM: Renew expiring certificatesLearn
155app-001microsoft.web/sitesMonitoringAndAlertingLowApp should have diagnostic settings enabledLearn
156app-003Microsoft.Web/sitesSLAHighApp Service SLALearn
157app-007Microsoft.Web/sitesSecurityHighApp Service should use HTTPS onlyLearn
158app-009Microsoft.Web/sitesSecurityMediumApp Service should use VNET integrationLearn
159app-010Microsoft.Web/sitesSecurityMediumApp Service should have VNET Route all enabled for VNET integrationLearn
160app-015Microsoft.Web/sitesHighAvailabilityMediumApp Service should avoid using Client AffinityLearn
161appcs-001microsoft.appconfiguration/configurationstoresMonitoringAndAlertingLowAppConfiguration should have diagnostic settings enabledLearn
162appcs-003Microsoft.AppConfiguration/configurationStoresSLAHighApp Configuration SLALearn
163appcs-004Microsoft.AppConfiguration/configurationStoresSecurityHighAppConfiguration should have private endpoints enabledLearn
164appcs-008Microsoft.AppConfiguration/configurationStoresSecurityMediumAppConfiguration should have local authentication disabledLearn
165appi-003Microsoft.Insights/componentsSLAHighApplication Insights SLALearn
166as-001microsoft.analysisservices/serversMonitoringAndAlertingLowAzure Analysis Service should have diagnostic settings enabledLearn
167as-002Microsoft.AnalysisServices/serversSLAHighAzure Analysis Services SLALearn
168asa-003Microsoft.StreamAnalytics/streamingJobsSLAHighAzure Stream Analytics SLALearn
169asp-001microsoft.web/serverfarmsMonitoringAndAlertingLowPlan should have diagnostic settings enabledLearn
170asp-003Microsoft.Web/serverfarmsSLAHighApp Service Plan SLALearn
171avs-003Microsoft.AVS/privateCloudsSLAHighAzure VMware Solution SLALearn
172b002c030-72e6-4a37-8217-1cb276c43169Microsoft.ContainerService/managedClustersOtherBestPracticesHighUpgrade Persistent Volumes using in-tree drivers to Azure CSI driversLearn
173b1e1378d-4572-4414-bebd-b8872a6d4d1cMicrosoft.Devices/IotHubsScalabilityHighUse Device Provisioning ServiceLearn
174b2113023-a553-2e41-9789-597e2fb54c31Microsoft.Web/serverFarmsHighAvailabilityHighUse Standard or Premium tierLearn
175b2bad57d-7e03-4c0f-9024-597c9eb295bbMicrosoft.DBforPostgreSQL/flexibleServersScalabilityHighEnable custom maintenance scheduleLearn
176b376281d-bfec-4695-8f90-9a44544fdfa4Microsoft.Search/searchServicesHighAvailabilityHighEnable AZ support in AI Search by configuring multiple replicas to your search serviceLearn
177b49a8653-cc43-48c9-8513-a2d2e3f14dd1Microsoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
178b5a63aa0-c58e-244f-b8a6-cbba0560a6dbMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDisable Force strictly even balance across zones to avoid scale in and out fail attemptsLearn
179b72214bb-e879-5f4b-b9cd-642db84f36f4Microsoft.Compute/virtualMachinesMonitoringAndAlertingLowEnable VM InsightsLearn
180b89c9acc-0aba-fb44-9ff2-3dbfcf97dce7Microsoft.Network/privateEndpointsHighAvailabilityMediumResolve issues with Private Endpoints in non Succeeded connection stateLearn
181ba-003Microsoft.Batch/batchAccountsSLAHighBatch Account SLALearn
182baf3bfc0-32a2-4c0c-926d-c9bf0b49808eMicrosoft.ApiManagement/serviceHighAvailabilityHighMigrate API Management services to Premium SKU to support Availability ZonesLearn
183bastion-003Microsoft.Network/bastionHostsSLAHighAzure Bastion SLALearn
184bb4c8db4-f821-475b-b1ea-16e95358665eMicrosoft.AppConfiguration/configurationStoresOtherBestPracticesLowEnable Purge protection for Azure App ConfigurationLearn
185bb6deb9d-24fa-4ee8-bc23-ac3ebc7fdf8eMicrosoft.AAD/domainServicesHighAvailabilityHighUse at least the Enterprise SKULearn
186bbe668b7-eb5c-c746-8b82-70afdedf0caeMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityHighUse Zone-redundant ExpressRoute gateway SKUsLearn
187c0085c32-84c0-c247-bfa9-e70977cbf108Microsoft.Sql/servers/databasesHighAvailabilityHighEnable zone redundancy for Azure SQL Database to achieve high availability and resiliencyLearn
188c041d596-6c97-4c5f-b4b3-9cd37628f2e2Microsoft.Subscription/SubscriptionsOtherBestPracticesHighDo not create more than 4000 Citrix VDA servers per subscriptionLearn
189c14de326-2729-4be7-a91f-4ea185d24b10Microsoft.Sql/managedInstancesScalabilityMediumUse Redirect connection type to accelerate application accessLearn
190c22db132-399b-4e7c-995d-577a60881be8Microsoft.ContainerService/managedClustersScalabilityMediumConfigure Azure CNI networking for dynamic allocation of IPs or use CNI overlayLearn
191c31f76a0-48cd-9f44-aa43-99ee904db9bcMicrosoft.Network/trafficManagerProfilesDisasterRecoveryHighEnsure endpoint configured to (All World) for geographic profilesLearn
192c63b81fb-7afc-894c-a840-91bb8a8dcfafMicrosoft.Network/publicIPAddressesHighAvailabilityHighUse Standard SKU and Zone-Redundant IPs when applicableLearn
193c6c4b962-5af4-447a-9d74-7b9c53a5dff5Microsoft.Web/sitesHighAvailabilityLowEnable auto heal for Functions AppLearn
194c72b7fee-1fa0-5b4b-98e5-54bcae95bb74Microsoft.Network/azureFirewallsHighAvailabilityHighDeploy Azure Firewall across multiple availability zonesLearn
195c99d730b-8754-447f-bd5d-3e8850a12235Oracle.Database/cloudExadataInfrastructuresOtherBestPracticesHighEnsure ODAA infrastructure is in Available state under normal operationsLearn
196c9c00f2a-3888-714b-a72b-b4c9e8fcffb2Microsoft.Network/applicationGatewaysHighAvailabilityHighDeploy Application Gateway in a zone-redundant configurationLearn
197ca-003Microsoft.App/containerAppsSLAHighContainer Apps SLALearn
198ca-008Microsoft.App/containerAppsSecurityLowContainerApp should not allow insecure ingress trafficLearn
199ca-009Microsoft.App/containerAppsSecurityLowContainerApp should use Managed IdentitiesLearn
200ca-010Microsoft.App/containerAppsHighAvailabilityLowContainerApp should use Azure Files to persist container dataLearn
201ca-011Microsoft.App/containerAppsHighAvailabilityLowContainerApp should avoid using session affinityLearn
202ca87914f-aac4-4783-ab67-82a6f936f194Microsoft.DBforPostgreSQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
203cae-001microsoft.app/managedenvironmentsMonitoringAndAlertingLowContainer Apps Environment should have diagnostic settings enabledLearn
204cae-003Microsoft.App/managedenvironmentsSLAHighContainer Apps Environment SLALearn
205cae-004Microsoft.App/managedenvironmentsSecurityHighContainer Apps Environment should have private endpoints enabledLearn
206cf2569bb-1cf2-46ce-8885-d742dc6f4a4cMicrosoft.MachineLearningServices/workspacesServiceUpgradeAndRetirementHighAvoid NC and NC_Promo series Azure VMs for machine learning quotas; migrate to newer versionsLearn
207cfe22a65-b1db-fd41-9e8e-d573922709aeMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumReplicate VMs using Azure Site RecoveryLearn
208ci-002Microsoft.ContainerInstance/containerGroupsHighAvailabilityHighContainerInstance should have availability zones enabledLearn
209ci-003Microsoft.ContainerInstance/containerGroupsSLAHighContainer Instance SLALearn
210ci-004Microsoft.ContainerInstance/containerGroupsSecurityHighContainerInstance should use private IP addressesLearn
211cosmos-001microsoft.documentdb/databaseaccountsMonitoringAndAlertingLowCosmosDB should have diagnostic settings enabledLearn
212cosmos-003Microsoft.DocumentDB/databaseAccountsSLAHighCosmos DB SLALearn
213cosmos-004Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have private endpoints enabledLearn
214cosmos-008Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have local authentication disabledLearn
215cosmos-009Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keysLearn
216cr-001microsoft.containerregistry/registriesMonitoringAndAlertingLowContainerRegistry should have diagnostic settings enabledLearn
217cr-003Microsoft.ContainerRegistry/registriesSLAHighContainer Registry SLALearn
218cr-004Microsoft.ContainerRegistry/registriesSecurityHighContainerRegistry should have private endpoints enabledLearn
219cr-008Microsoft.ContainerRegistry/registriesSecurityMediumContainerRegistry should have the Administrator account disabledLearn
220cr-010Microsoft.ContainerRegistry/registriesGovernanceMediumContainerRegistry should use retention policiesLearn
221d37db635-157f-584d-9bce-4f6fc8c65ce5Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighConnect ExpressRoute gateway with circuits from diverse peering locationsLearn
222d40c769d-2f08-4980-8d8f-a386946276e6Microsoft.Network/expressRouteCircuitsScalabilityMediumImplement rate-limiting across ExpressRoute Direct Circuits to optimize network flowLearn
223dac421ec-2832-4c37-839e-b6dc5a38f2faMicrosoft.Insights/componentsServiceUpgradeAndRetirementMediumConvert Classic DeploymentsLearn
224dbw-001microsoft.databricks/workspacesMonitoringAndAlertingLowAzure Databricks should have diagnostic settings enabledLearn
225dbw-003Microsoft.Databricks/workspacesSLAHighAzure Databricks SLALearn
226dbw-004Microsoft.Databricks/workspacesSecurityHighAzure Databricks should have private endpoints enabledLearn
227dbw-007Microsoft.Databricks/workspacesSecurityMediumAzure Databricks should have the Public IP disabledLearn
228dcaf8128-94bd-4d53-9235-3a0371df6b74Microsoft.ContainerService/managedClustersMonitoringAndAlertingHighEnable AKS MonitoringLearn
229ddos-003Microsoft.Network/ddosProtectionPlansSLAHighAzure DDoS Protection SLALearn
230dec-001microsoft.kusto/clustersMonitoringAndAlertingLowAzure Data Explorer should have diagnostic settings enabledLearn
231dec-002Microsoft.Kusto/clustersSLAHighAzure Data Explorer SLALearn
232dec-003Microsoft.Kusto/clustersHighAvailabilityHighAzure Data Explorer Production Cluster should not use Dev SKULearn
233dec-004Microsoft.Kusto/clustersSecurityHighAzure Data Explorer should have private endpoints enabledLearn
234dec-008Microsoft.Kusto/clustersSecurityHighAzure Data Explorer should use Disk EncryptionLearn
235dec-009Microsoft.Kusto/clustersSecurityLowAzure Data Explorer should use Managed IdentitiesLearn
236df0ff862-814d-45a3-95e4-4fad5a244ba6Microsoft.Compute/virtualMachinesScalabilityHighMission Critical Workloads should consider using Premium or Ultra DisksLearn
237dfedbeb1-1519-fc47-86a5-52f96cf07105Microsoft.Compute/virtualMachinesScalabilityMediumEnable Accelerated Networking (AccelNet)Learn
238dnsres-003Microsoft.Network/dnsResolversSLAHighAzure DNS Private Resolver SLALearn
239dnsz-003Microsoft.Network/dnsZonesSLAHighAzure DNS SLALearn
240domain-003Microsoft.AAD/domainServicesSLAHighMicrosoft Entra Domain Services SLALearn
241e35cf148-8eee-49d1-a1c9-956160f99e0bMicrosoft.ApiManagement/serviceHighAvailabilityHighAzure API Management platform version should be stv2Learn
242e48a7227-5ec7-463a-b955-ee7cb598ded4Microsoft.StreamAnalytics/streamingjobsScalabilityMediumRun jobs in your own dedicated Stream Analytics cluster for increased reliability and securityLearn
243e544520b-8505-7841-9e77-1f1974ee86ecMicrosoft.DocumentDB/databaseAccountsDisasterRecoveryHighConfigure continuous backup modeLearn
244e6c7e1cc-2f47-264d-aa50-1da421314472Microsoft.Storage/storageAccountsHighAvailabilityHighEnsure that storage accounts are zone or region redundantLearn
245e7495e1c-0c75-0946-b266-b429b5c7f3bfMicrosoft.Compute/virtualMachineScaleSetsScalabilityMediumDeploy VMSS with Flex orchestration mode instead of UniformLearn
246e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1eMicrosoft.Devices/IotHubsMonitoringAndAlertingLowDisabled Fallback RouteLearn
247e7f0fd54-fba0-054e-9ab8-e676f2851f88Microsoft.ContainerRegistry/registriesDisasterRecoveryLowEnable soft delete policyLearn
248eb005943-40a8-194b-9db2-474d430046b7Microsoft.ContainerRegistry/registriesHighAvailabilityHighUse Premium tier for critical production workloadsLearn
249ee66ff65-9aa3-2345-93c1-25827cf79f44Microsoft.Compute/virtualMachineScaleSetsScalabilityHighConfigure VMSS Autoscale to custom and configure the scaling metricsLearn
250eeba3a49-fef0-481f-a471-7ff01139b474Microsoft.Devices/IotHubsHighAvailabilityHighDo not use free tierLearn
251erc-003Microsoft.Network/expressRouteCircuitsSLAHighAzure ExpressRoute Circuit SLALearn
252erg-003Microsoft.Network/expressRouteGatewaysSLAHighAzure ExpressRoute Gateway SLALearn
253evgd-001microsoft.eventgrid/domainsMonitoringAndAlertingLowEvent Grid Domain should have diagnostic settings enabledLearn
254evgd-003Microsoft.EventGrid/domainsSLAHighEvent Grid Domain SLALearn
255evgd-004Microsoft.EventGrid/domainsSecurityHighEvent Grid Domain should have private endpoints enabledLearn
256evgd-008Microsoft.EventGrid/domainsSecurityMediumEvent Grid Domain should have local authentication disabledLearn
257evgt-003Microsoft.EventGrid/topicsSLAHighEvent Grid Topic SLALearn
258evh-001microsoft.eventhub/namespacesMonitoringAndAlertingLowEvent Hub Namespace should have diagnostic settings enabledLearn
259evh-003Microsoft.EventHub/namespacesSLAHighEvent Hub Namespace SLALearn
260evh-004Microsoft.EventHub/namespacesSecurityHighEvent Hub Namespace should have private endpoints enabledLearn
261evh-008Microsoft.EventHub/namespacesSecurityMediumEvent Hub should have local authentication disabledLearn
262f05a3e6d-49db-2740-88e2-2b13706c1f67Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager Monitor Status Should be OnlineLearn
263f075a1bd-de9e-4819-9a1d-1ac41037a74fMicrosoft.ServiceBus/namespacesServiceUpgradeAndRetirementHighConfigure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higherLearn
264f0d4f766-ac19-48c4-b228-4601cc038baaMicrosoft.Network/vpnGatewaysMonitoringAndAlertingMediumMonitor gateway for Site-to-site v-Hub’s VPN gatewayLearn
265f29e56a1-6a80-4295-a663-1cce0ea2b10aMicrosoft.Network/virtualHubsServiceUpgradeAndRetirementHighMigrate from Basic to Standard Virtual WANLearn
266f4201965-a88d-449d-b3b4-021394719eb2Microsoft.App/managedenvironmentsHighAvailabilityHighDeploy zone redundant Container app environmentsLearn
267f6a14b32-a727-4ace-b5fa-7b1c6bdff402Microsoft.Network/connectionsScalabilityMediumFor better data path performance enable FastPath on ExpressRoute ConnectionsLearn
268f8c2e6d9-4b3a-45d6-b9e2-8e7f3a1c2d04Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled VPN gateway maintenanceLearn
269f8f834a9-c761-4e84-b2cb-ac55494d0c37Microsoft.Sql/managedInstancesHighAvailabilityHighEnable zone redundancy for Azure SQL Managed Instance to improve high availability and resiliencyLearn
270fa0cf4f5-0b21-47b7-89a9-ee936f193ce1Microsoft.Compute/disksHighAvailabilityMediumUse Azure Disks with Zone Redundant Storage for higher resiliency and availabilityLearn
271fabric-003Microsoft.Fabric/capacitiesSLAHighFabric Capacity SLALearn
272fabric-004Microsoft.Fabric/capacitiesOtherBestPracticesMediumFabric Capacity should be in Active stateLearn
273fabric-005Microsoft.Fabric/capacitiesSecurityMediumFabric Capacity should have administrators configuredLearn
274fabric-006Microsoft.Fabric/capacitiesGovernanceMediumFabric Capacity should use Fabric (F) SKU tier for production workloadsLearn
275fbfef3df-04a5-41b2-a8fd-b8541eb04956Microsoft.EventHub/namespacesScalabilityHighEnable auto-inflate on Event Hub Standard tierLearn
276fd049c28-ae6d-48f0-a641-cc3ba1a3fe1dMicrosoft.Web/sitesOtherBestPracticesHighEnable Health check for App ServicesLearn
277fd43ea32-2ccf-49a8-ada4-9a78794e3ff1Microsoft.Network/p2sVpnGatewaysMonitoringAndAlertingHighMonitor health for v-Hub’s Point-to-Site VPN gatewaysLearn
278func-007Microsoft.Web/sitesSecurityHighFunction should use HTTPS onlyLearn
279func-009Microsoft.Web/sitesSecurityMediumFunction should use VNET integrationLearn
280func-010Microsoft.Web/sitesSecurityMediumFunction should have VNET Route all enabled for VNET integrationLearn
281func-013Microsoft.Web/sitesHighAvailabilityMediumFunction should avoid using Client AffinityLearn
282hub-003Microsoft.MachineLearningServices/workspacesSLAHighMachine Learning Services SLALearn
283hub-004Microsoft.MachineLearningServices/workspacesSecurityHighService should disable public network accessLearn
284hub-005Microsoft.MachineLearningServices/workspacesSecurityHighService should have private enpoints enabledLearn
285hub-006microsoft.machinelearningservices/workspacesMonitoringAndAlertingLowService should have diagnostic settings enabledLearn
286iot-003Microsoft.Devices/IotHubsSLAHighIoT Hub SLALearn
287kv-001microsoft.keyvault/vaultsMonitoringAndAlertingLowKey Vault should have diagnostic settings enabledLearn
288kv-003Microsoft.KeyVault/vaultsSLAHighKey Vault SLALearn
289lb-001microsoft.network/loadbalancersMonitoringAndAlertingLowLoad Balancer should have diagnostic settings enabledLearn
290lb-003Microsoft.Network/loadBalancersSLAHighLoad Balancer SLALearn
291log-003Microsoft.OperationalInsights/workspacesSLAHighLog Analytics Workspace SLALearn
292logic-001microsoft.logic/workflowsMonitoringAndAlertingLowLogic App should have diagnostic settings enabledLearn
293logic-003Microsoft.Logic/workflowsSLAHighLogic App SLALearn
294logic-004Microsoft.Logic/workflowsSecurityHighLogic App should limit access to Http TriggersLearn
295logics-007Microsoft.Web/sitesSecurityHighLogic App should use HTTPS onlyLearn
296logics-009Microsoft.Web/sitesSecurityMediumLogic App should use VNET integrationLearn
297logics-010Microsoft.Web/sitesSecurityMediumLogic App should have VNET Route all enabled for VNET integrationLearn
298logics-013Microsoft.Web/sitesHighAvailabilityMediumLogic App should avoid using Client AffinityLearn
299mysql-001microsoft.dbformysql/serversMonitoringAndAlertingLowAzure Database for MySQL - Single Server should have diagnostic settings enabledLearn
300mysql-003Microsoft.DBforMySQL/serversSLAHighAzure Database for MySQL - Single Server SLALearn
301mysql-004Microsoft.DBforMySQL/serversSecurityHighAzure Database for MySQL - Single Server should have private endpoints enabledLearn
302mysql-007Microsoft.DBforMySQL/serversHighAvailabilityHighAzure Database for MySQL - Single Server is on the retirement pathLearn
303mysqlf-001microsoft.dbformysql/flexibleserversMonitoringAndAlertingLowAzure Database for MySQL - Flexible Server should have diagnostic settings enabledLearn
304mysqlf-003Microsoft.DBforMySQL/flexibleServersSLAHighAzure Database for MySQL - Flexible Server SLALearn
305mysqlf-004Microsoft.DBforMySQL/flexibleServersSecurityHighAzure Database for MySQL - Flexible Server should have private access enabledLearn
306netapp-003Microsoft.NetApp/netAppAccountsSLAHighAzure NetApp Files SLALearn
307ng-001microsoft.network/natgatewaysMonitoringAndAlertingLowNAT Gateway should have diagnostic settings enabledLearn
308ng-003Microsoft.Network/natGatewaysSLAHighNAT Gateway SLALearn
309nsg-001microsoft.network/networksecuritygroupsMonitoringAndAlertingLowNSG should have diagnostic settings enabledLearn
310ntc-003Microsoft.NetworkFunction/azureTrafficCollectorsSLAHighAzure ExpressRoute Traffic Collector SLALearn
311nw-003Microsoft.Network/networkWatchersSLAHighNetwork Watcher SLALearn
312pep-003Microsoft.Network/privateEndpointsSLAHighPrivate Endpoint SLALearn
313psql-001microsoft.dbforpostgresql/serversMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
314psql-003Microsoft.DBforPostgreSQL/serversSLAHighPostgreSQL SLALearn
315psql-004Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should have private endpoints enabledLearn
316psql-008Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should enforce SSLLearn
317psql-009Microsoft.DBforPostgreSQL/serversSecurityLowPostgreSQL should enforce TLS >= 1.2Learn
318psqlf-001microsoft.dbforpostgresql/flexibleserversMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
319psqlf-003Microsoft.DBforPostgreSQL/flexibleServersSLAHighPostgreSQL Flexible Server SLALearn
320psqlf-004Microsoft.DBforPostgreSQL/flexibleServersSecurityHighPostgreSQL should have private access enabledLearn
321redis-001microsoft.cache/redisMonitoringAndAlertingLowRedis should have diagnostic settings enabledLearn
322redis-003Microsoft.Cache/RedisSLAHighRedis Cache SLALearn
323redis-008Microsoft.Cache/RedisSecurityHighRedis should not enable non SSL portsLearn
324redis-009Microsoft.Cache/RedisSecurityLowRedis should enforce TLS >= 1.2Learn
325resources-001Microsoft.ResourcesGovernanceLowResource should have tagsLearn
326resources-002Microsoft.ResourcesGovernanceLowResource should comply with naming conventionsLearn
327rsv-003Microsoft.RecoveryServices/vaultsSLAHighRecovery Services Vault SLALearn
328sb-001microsoft.servicebus/namespacesMonitoringAndAlertingLowService Bus should have diagnostic settings enabledLearn
329sb-003Microsoft.ServiceBus/namespacesSLAHighService Bus SLALearn
330sb-004Microsoft.ServiceBus/namespacesSecurityHighService Bus should have private endpoints enabledLearn
331sb-008Microsoft.ServiceBus/namespacesSecurityMediumService Bus should have local authentication disabledLearn
332sigr-001microsoft.signalrservice/signalrMonitoringAndAlertingLowSignalR should have diagnostic settings enabledLearn
333sigr-003Microsoft.SignalRService/SignalRSLAHighSignalR SLALearn
334sigr-004Microsoft.SignalRService/SignalRSecurityHighSignalR should have private endpoints enabledLearn
335sql-004Microsoft.Sql/serversSecurityHighSQL should have private endpoints enabledLearn
336sql-008Microsoft.Sql/serversSecurityLowSQL should enforce TLS >= 1.2Learn
337sqldb-001microsoft.sql/servers/databasesMonitoringAndAlertingLowSQL Database should have diagnostic settings enabledLearn
338sqldb-003Microsoft.Sql/servers/databasesSLAHighSQL Database SLALearn
339sqlmi-003Microsoft.Sql/managedInstancesSLAHighAzure SQL Managed Instance SLALearn
340srch-002Microsoft.Search/searchServicesSLAHighAzure AI Search SLALearn
341srch-004Microsoft.Search/searchServicesSecurityHighAzure AI Search should disable public network accessLearn
342srch-005Microsoft.Search/searchServicesSecurityHighAzure AI Search should have private enpoints enabledLearn
343srch-006microsoft.search/searchservicesMonitoringAndAlertingLowAzure AI Search should have diagnostic settings enabledLearn
344st-001microsoft.storage/storageaccountsMonitoringAndAlertingLowStorage should have diagnostic settings enabledLearn
345st-003Microsoft.Storage/storageAccountsSLAHighStorage Account SLALearn
346st-007Microsoft.Storage/storageAccountsSecurityHighStorage Account should use HTTPS onlyLearn
347st-009Microsoft.Storage/storageAccountsSecurityLowStorage Account should enforce TLS >= 1.2Learn
348st-010Microsoft.Storage/storageAccountsDisasterRecoveryLowStorage Account should have immutable storage versioning enabledLearn
349syndp-002Microsoft.Synapse/workspaces/sqlPoolsSLAHighAzure Synapse Dedicated SQL Pool SLALearn
350synsp-002Microsoft.Synapse/workspaces/bigDataPoolsSLAHighAzure Synapse Spark Pool SLALearn
351synw-001microsoft.synapse/workspacesMonitoringAndAlertingLowAzure Synapse Workspace should have diagnostic settings enabledLearn
352synw-002Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should have private endpoints enabledLearn
353synw-003Microsoft.Synapse/workspacesSLAHighAzure Synapse Workspace SLALearn
354synw-006Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should establish network segmentation boundariesLearn
355synw-007Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should disable public network accessLearn
356traf-001microsoft.network/trafficmanagerprofilesMonitoringAndAlertingLowTraffic Manager should have diagnostic settings enabledLearn
357traf-003Microsoft.Network/trafficManagerProfilesSLAHighTraffic Manager SLALearn
358traf-009Microsoft.Network/trafficManagerProfilesSecurityHighTraffic Manager: HTTP endpoints should be monitored using HTTPSLearn
359vgw-001microsoft.network/virtualnetworkgatewaysMonitoringAndAlertingLowVirtual Network Gateway should have diagnostic settings enabledLearn
360vgw-004Microsoft.Network/virtualNetworkGatewaysSLAHighVirtual Network Gateway SLALearn
361vgw-005Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighVirtual Network Gateway should have availability zones enabledLearn
362vm-003Microsoft.Compute/virtualMachinesSLAHighVirtual Machine SLALearn
363vmss-003Microsoft.Compute/virtualMachineScaleSetsSLAHighVirtual Machine Scale Set SLALearn
364vnet-001microsoft.network/virtualnetworksMonitoringAndAlertingLowVirtual Network should have diagnostic settings enabledLearn
365vnet-009Microsoft.Network/virtualNetworksHighAvailabilityHighVirtual Network should have at least two DNS servers assignedLearn
366vwa-001microsoft.network/virtualwansMonitoringAndAlertingLowVirtual WAN should have diagnostic settings enabledLearn
367vwa-003Microsoft.Network/virtualWansSLAHighVirtual WAN SLALearn
368wps-001microsoft.signalrservice/webpubsubMonitoringAndAlertingLowWeb Pub Sub should have diagnostic settings enabledLearn
369wps-002Microsoft.SignalRService/webPubSubHighAvailabilityHighWeb Pub Sub should have availability zones enabledLearn
370wps-003Microsoft.SignalRService/webPubSubSLAHighWeb PubSub SLALearn
371wps-004Microsoft.SignalRService/webPubSubSecurityHighWeb Pub Sub should have private endpoints enabledLearn

Last modified February 26, 2026: build(deps-dev): bump hugo-extended from 0.156.0 to 0.157.0 in /docs (d44e663)