Recommendations
Recommendations
Azure Quick Review checks the following recommendations for Azure resources. The recommendations are categorized based on their impact and category:
| # | Category | Impact | Recommendation | More Info |
|---|---|---|---|---|
| 1 | Monitoring and Alerting | Low | Azure Databricks should have diagnostic settings enabled | Learn |
| 2 | High Availability | High | Azure Databricks should have a SLA | Learn |
| 3 | Security | High | Azure Databricks should have private endpoints enabled | Learn |
| 4 | High Availability | High | Azure Databricks SKU | Learn |
| 5 | Governance | Low | Azure Databricks Name should comply with naming conventions | Learn |
| 6 | Security | Medium | Azure Databricks should have the Public IP disabled | Learn |
| 7 | Monitoring and Alerting | Low | Azure Data Factory should have diagnostic settings enabled | Learn |
| 8 | Security | High | Azure Data Factory should have private endpoints enabled | Learn |
| 9 | High Availability | High | Azure Data Factory SLA | Learn |
| 10 | Governance | Low | Azure Data Factory Name should comply with naming conventions | Learn |
| 11 | Governance | Low | Azure Data Factory should have tags | Learn |
| 12 | Monitoring and Alerting | Low | Azure FrontDoor should have diagnostic settings enabled | Learn |
| 13 | High Availability | High | Azure FrontDoor SLA | Learn |
| 14 | High Availability | High | Azure FrontDoor SKU | Learn |
| 15 | Governance | Low | Azure FrontDoor Name should comply with naming conventions | Learn |
| 16 | Governance | Low | Azure FrontDoor should have tags | Learn |
| 17 | Monitoring and Alerting | Low | Azure Firewall should have diagnostic settings enabled | Learn |
| 18 | High Availability | High | Azure Firewall should have availability zones enabled | Learn |
| 19 | High Availability | High | Azure Firewall SLA | Learn |
| 20 | High Availability | High | Azure Firewall SKU | Learn |
| 21 | Governance | Low | Azure Firewall Name should comply with naming conventions | Learn |
| 22 | Governance | Low | Azure Firewall should have tags | Learn |
| 23 | Scalability | High | Application Gateway: Ensure autoscaling is used with a minimum of 2 instances | Learn |
| 24 | Security | High | Application Gateway: Secure all incoming connections with SSL | Learn |
| 25 | Security | High | Application Gateway: Enable WAF policies | Learn |
| 26 | High Availability | High | Application Gateway: Use Application GW V2 instead of V1 | Learn |
| 27 | Monitoring and Alerting | Low | Application Gateway: Monitor and Log the configurations and traffic | Learn |
| 28 | High Availability | Medium | Application Gateway should have availability zones enabled | Learn |
| 29 | High Availability | Medium | Application Gateway: Plan for backend maintenance by using connection draining | Learn |
| 30 | High Availability | High | Application Gateway SLA | Learn |
| 31 | High Availability | High | Application Gateway SKU | Learn |
| 32 | Governance | Low | Application Gateway Name should comply with naming conventions | Learn |
| 33 | Governance | Low | Application Gateway should have tags | Learn |
| 34 | Monitoring and Alerting | Low | AKS Cluster should have diagnostic settings enabled | Learn |
| 35 | High Availability | High | AKS Cluster should have availability zones enabled | Learn |
| 36 | High Availability | High | AKS Cluster should have an SLA | Learn |
| 37 | Security | High | AKS Cluster should be private | Learn |
| 38 | High Availability | High | AKS Production Cluster should use Standard SKU | Learn |
| 39 | Governance | Low | AKS Name should comply with naming conventions | Learn |
| 40 | Security | Medium | AKS should integrate authentication with AAD (Managed) | Learn |
| 41 | Security | Medium | AKS should be RBAC enabled. | Learn |
| 42 | Security | Medium | AKS should have local accounts disabled | Learn |
| 43 | Security | Medium | AKS should have httpApplicationRouting disabled | Learn |
| 44 | Monitoring and Alerting | High | AKS should have Container Insights enabled | Learn |
| 45 | Security | High | AKS should have outbound type set to user defined routing | Learn |
| 46 | Scalability | Medium | AKS should avoid using kubenet network plugin | Learn |
| 47 | Scalability | Medium | AKS should have autoscaler enabled | Learn |
| 48 | Governance | Low | AKS should have tags | Learn |
| 49 | Scalability | Low | AKS Node Pools should have MaxSurge set | Learn |
| 50 | Governance | Low | Azure Managed Grafana name should comply with naming conventions | Learn |
| 51 | High Availability | High | Azure Managed Grafana SLA | Learn |
| 52 | Governance | Low | Azure Managed Grafana should have tags | Learn |
| 53 | Security | High | Azure Managed Grafana should disable public network access | Learn |
| 54 | High Availability | High | Azure Managed Grafana should have availability zones enabled | Learn |
| 55 | Monitoring and Alerting | Low | APIM should have diagnostic settings enabled | Learn |
| 56 | High Availability | High | APIM should have availability zones enabled | Learn |
| 57 | High Availability | High | APIM should have a SLA | Learn |
| 58 | Security | High | APIM should have private endpoints enabled | Learn |
| 59 | High Availability | High | Azure APIM SKU | Learn |
| 60 | Governance | Low | APIM should comply with naming conventions | Learn |
| 61 | Governance | Low | APIM should have tags | Learn |
| 62 | Security | Medium | APIM should use Managed Identities | Learn |
| 63 | Security | High | APIM should only accept a minimum of TLS 1.2 | Learn |
| 64 | Security | High | APIM should should not accept weak or deprecated ciphers. | Learn |
| 65 | Security | High | APIM: Renew expiring certificates | Learn |
| 66 | High Availability | High | APIM: Migrate instance hosted on the stv1 platform to stv2 | Learn |
| 67 | Monitoring and Alerting | Low | AppConfiguration should have diagnostic settings enabled | Learn |
| 68 | High Availability | High | AppConfiguration should have a SLA | Learn |
| 69 | Security | High | AppConfiguration should have private endpoints enabled | Learn |
| 70 | High Availability | High | AppConfiguration SKU | Learn |
| 71 | Governance | Low | AppConfiguration Name should comply with naming conventions | Learn |
| 72 | Governance | Low | AppConfiguration should have tags | Learn |
| 73 | Security | Medium | AppConfiguration should have local authentication disabled | Learn |
| 74 | Disaster Recovery | Medium | AppConfiguration should have purge protection enabled | Learn |
| 75 | High Availability | High | Azure Application Insights SLA | Learn |
| 76 | Governance | Low | Azure Application Insights Name should comply with naming conventions | Learn |
| 77 | Governance | Low | Azure Application Insights should have tags | Learn |
| 78 | Scalability | Low | Azure Application Insights should store data in a Log Analytics Workspace | Learn |
| 79 | Monitoring and Alerting | Low | Azure Analysis Service should have diagnostic settings enabled | Learn |
| 80 | High Availability | High | Azure Analysis Service should have a SLA | Learn |
| 81 | High Availability | High | Azure Analysis Service SKU | Learn |
| 82 | Governance | Low | Azure Analysis Service Name should comply with naming conventions | Learn |
| 83 | Governance | Low | Azure Analysis Service should have tags | Learn |
| 84 | Monitoring and Alerting | Low | Container Apps Environment should have diagnostic settings enabled | Learn |
| 85 | High Availability | High | Container Apps Environment should have availability zones enabled | Learn |
| 86 | High Availability | High | Container Apps Environment should have a SLA | Learn |
| 87 | Security | High | Container Apps Environment should have private endpoints enabled | Learn |
| 88 | Governance | Low | Container Apps Environment Name should comply with naming conventions | Learn |
| 89 | Governance | Low | Container Apps Environment should have tags | Learn |
| 90 | High Availability | High | ContainerApp should have a SLA | Learn |
| 91 | Governance | Low | ContainerApp Name should comply with naming conventions | Learn |
| 92 | Governance | Low | ContainerApp should have tags | Learn |
| 93 | Security | Low | ContainerApp should not allow insecure ingress traffic | Learn |
| 94 | Security | Low | ContainerApp should use Managed Identities | Learn |
| 95 | High Availability | Low | ContainerApp should use Azure Files to persist container data | Learn |
| 96 | High Availability | Low | ContainerApp should avoid using session affinity | Learn |
| 97 | High Availability | High | ContainerInstance should have availability zones enabled | Learn |
| 98 | High Availability | High | ContainerInstance should have a SLA | Learn |
| 99 | Security | High | ContainerInstance should use private IP addresses | Learn |
| 100 | High Availability | High | ContainerInstance SKU | Learn |
| 101 | Governance | Low | ContainerInstance Name should comply with naming conventions | Learn |
| 102 | Governance | Low | ContainerInstance should have tags | Learn |
| 103 | Monitoring and Alerting | Low | Cognitive Service Account should have diagnostic settings enabled | Learn |
| 104 | High Availability | High | Cognitive Service Account should have a SLA | Learn |
| 105 | Security | High | Cognitive Service Account should have private endpoints enabled | Learn |
| 106 | High Availability | High | Cognitive Service Account SKU | Learn |
| 107 | Governance | Low | Cognitive Service Account Name should comply with naming conventions | Learn |
| 108 | Governance | Low | Cognitive Service Account should have tags | Learn |
| 109 | Security | Medium | Cognitive Service Account should have local authentication disabled | Learn |
| 110 | Monitoring and Alerting | Low | CosmosDB should have diagnostic settings enabled | Learn |
| 111 | High Availability | High | CosmosDB should have availability zones enabled | Learn |
| 112 | High Availability | High | CosmosDB should have a SLA | Learn |
| 113 | Security | High | CosmosDB should have private endpoints enabled | Learn |
| 114 | High Availability | High | CosmosDB SKU | Learn |
| 115 | Governance | Low | CosmosDB Name should comply with naming conventions | Learn |
| 116 | Governance | Low | CosmosDB should have tags | Learn |
| 117 | Security | High | CosmosDB should have local authentication disabled | Learn |
| 118 | Security | High | CosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keys | Learn |
| 119 | Monitoring and Alerting | Low | ContainerRegistry should have diagnostic settings enabled | Learn |
| 120 | High Availability | High | ContainerRegistry should have availability zones enabled | Learn |
| 121 | High Availability | High | ContainerRegistry should have a SLA | Learn |
| 122 | Security | High | ContainerRegistry should have private endpoints enabled | Learn |
| 123 | High Availability | High | ContainerRegistry SKU | Learn |
| 124 | Governance | Low | ContainerRegistry Name should comply with naming conventions | Learn |
| 125 | Security | Medium | ContainerRegistry should have anonymous pull access disabled | Learn |
| 126 | Security | Medium | ContainerRegistry should have the Administrator account disabled | Learn |
| 127 | Governance | Low | ContainerRegistry should have tags | Learn |
| 128 | Governance | Medium | ContainerRegistry should use retention policies | Learn |
| 129 | Monitoring and Alerting | Low | Azure Data Explorer should have diagnostic settings enabled | Learn |
| 130 | High Availability | High | Azure Data Explorer SLA | Learn |
| 131 | High Availability | High | Azure Data Explorer Production Cluster should not use Dev SKU | Learn |
| 132 | Governance | Low | Azure Data Explorer Name should comply with naming conventions | Learn |
| 133 | Governance | Low | Azure Data Explorer should have tags | Learn |
| 134 | Security | High | Azure Data Explorer should use Disk Encryption | Learn |
| 135 | Security | Low | Azure Data Explorer should use Managed Identities | Learn |
| 136 | Monitoring and Alerting | Low | Event Grid Domain should have diagnostic settings enabled | Learn |
| 137 | High Availability | High | Event Grid Domain should have a SLA | Learn |
| 138 | Security | High | Event Grid Domain should have private endpoints enabled | Learn |
| 139 | High Availability | High | Event Grid Domain SKU | Learn |
| 140 | Governance | Low | Event Grid Domain Name should comply with naming conventions | Learn |
| 141 | Governance | Low | Event Grid Domain should have tags | Learn |
| 142 | Security | Medium | Event Grid Domain should have local authentication disabled | Learn |
| 143 | Monitoring and Alerting | Low | Event Hub Namespace should have diagnostic settings enabled | Learn |
| 144 | High Availability | High | Event Hub Namespace should have availability zones enabled | Learn |
| 145 | High Availability | High | Event Hub Namespace should have a SLA | Learn |
| 146 | Security | High | Event Hub Namespace should have private endpoints enabled | Learn |
| 147 | High Availability | High | Event Hub Namespace SKU | Learn |
| 148 | Governance | Low | Event Hub Namespace Name should comply with naming conventions | Learn |
| 149 | Governance | Low | Event Hub should have tags | Learn |
| 150 | Security | Medium | Event Hub should have local authentication disabled | Learn |
| 151 | Monitoring and Alerting | Low | Key Vault should have diagnostic settings enabled | Learn |
| 152 | High Availability | High | Key Vault should have a SLA | Learn |
| 153 | Security | High | Key Vault should have private endpoints enabled | Learn |
| 154 | High Availability | High | Key Vault SKU | Learn |
| 155 | Governance | Low | Key Vault Name should comply with naming conventions | Learn |
| 156 | Governance | Low | Key Vault should have tags | Learn |
| 157 | Disaster Recovery | Medium | Key Vault should have soft delete enabled | Learn |
| 158 | Disaster Recovery | Medium | Key Vault should have purge protection enabled | Learn |
| 159 | Monitoring and Alerting | Low | Load Balancer should have diagnostic settings enabled | Learn |
| 160 | High Availability | High | Load Balancer should have availability zones enabled | Learn |
| 161 | High Availability | High | Load Balancer should have a SLA | Learn |
| 162 | High Availability | High | Load Balancer SKU | Learn |
| 163 | Governance | Low | Load Balancer Name should comply with naming conventions | Learn |
| 164 | Governance | Low | Load Balancer should have tags | Learn |
| 165 | Monitoring and Alerting | Low | Logic App should have diagnostic settings enabled | Learn |
| 166 | High Availability | High | Logic App should have a SLA | Learn |
| 167 | Security | High | Logic App should limit access to Http Triggers | Learn |
| 168 | Governance | Low | Logic App Name should comply with naming conventions | Learn |
| 169 | Governance | Low | Logic App should have tags | Learn |
| 170 | Monitoring and Alerting | Low | MariaDB should have diagnostic settings enabled | Learn |
| 171 | Security | High | MariaDB should have private endpoints enabled | Learn |
| 172 | Governance | Low | MariaDB server Name should comply with naming conventions | Learn |
| 173 | High Availability | High | MariaDB server should have a SLA | Learn |
| 174 | Governance | Low | MariaDB should have tags | Learn |
| 175 | Security | Low | MariaDB should enforce TLS >= 1.2 | Learn |
| 176 | Monitoring and Alerting | Low | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Learn |
| 177 | High Availability | High | Azure Database for MySQL - Flexible Server should have availability zones enabled | Learn |
| 178 | High Availability | High | Azure Database for MySQL - Flexible Server should have a SLA | Learn |
| 179 | Security | High | Azure Database for MySQL - Flexible Server should have private access enabled | Learn |
| 180 | High Availability | High | Azure Database for MySQL - Flexible Server SKU | Learn |
| 181 | Governance | Low | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Learn |
| 182 | Governance | Low | Azure Database for MySQL - Flexible Server should have tags | Learn |
| 183 | Monitoring and Alerting | Low | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Learn |
| 184 | High Availability | High | Azure Database for MySQL - Flexible Server should have a SLA | Learn |
| 185 | Security | High | Azure Database for MySQL - Flexible Server should have private endpoints enabled | Learn |
| 186 | High Availability | High | Azure Database for MySQL - Flexible Server SKU | Learn |
| 187 | Governance | Low | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Learn |
| 188 | High Availability | High | Azure Database for MySQL - Single Server is on the retirement path | Learn |
| 189 | Governance | Low | Azure Database for MySQL - Single Server should have tags | Learn |
| 190 | Monitoring and Alerting | Low | App Service should have diagnostic settings enabled | Learn |
| 191 | Security | High | App Service should have private endpoints enabled | Learn |
| 192 | Governance | Low | App Service Name should comply with naming conventions | Learn |
| 193 | Security | High | App Service should use HTTPS only | Learn |
| 194 | Governance | Low | App Service should have tags | Learn |
| 195 | Security | Medium | App Service should use VNET integration | Learn |
| 196 | Security | Medium | App Service should have VNET Route all enabled for VNET integration | Learn |
| 197 | Security | High | App Service should use TLS 1.2 | Learn |
| 198 | Security | High | App Service remote debugging should be disabled | Learn |
| 199 | Security | High | App Service should not allow insecure FTP | Learn |
| 200 | Scalability | High | App Service should have Always On enabled | Learn |
| 201 | High Availability | Medium | App Service should avoid using Client Affinity | Learn |
| 202 | Security | Medium | App Service should use Managed Identities | Learn |
| 203 | Monitoring and Alerting | Low | Plan should have diagnostic settings enabled | Learn |
| 204 | High Availability | High | Plan should have availability zones enabled | Learn |
| 205 | High Availability | High | Plan should have a SLA | Learn |
| 206 | High Availability | High | Plan SKU | Learn |
| 207 | Governance | Low | Plan Name should comply with naming conventions | Learn |
| 208 | Governance | Low | Plan should have tags | Learn |
| 209 | Monitoring and Alerting | Low | Function should have diagnostic settings enabled | Learn |
| 210 | Security | High | Function should have private endpoints enabled | Learn |
| 211 | Governance | Low | Function Name should comply with naming conventions | Learn |
| 212 | Security | High | Function should use HTTPS only | Learn |
| 213 | Governance | Low | Function should have tags | Learn |
| 214 | Security | Medium | Function should use VNET integration | Learn |
| 215 | Security | Medium | Function should have VNET Route all enabled for VNET integration | Learn |
| 216 | Security | Medium | Function should use TLS 1.2 | Learn |
| 217 | Security | Medium | Function remote debugging should be disabled | Learn |
| 218 | High Availability | Medium | Function should avoid using Client Affinity | Learn |
| 219 | Security | Medium | Function should use Managed Identities | Learn |
| 220 | Monitoring and Alerting | Low | Logic App should have diagnostic settings enabled | Learn |
| 221 | Security | High | Logic App should have private endpoints enabled | Learn |
| 222 | Governance | Low | Logic App Name should comply with naming conventions | Learn |
| 223 | Security | High | Logic App should use HTTPS only | Learn |
| 224 | Governance | Low | Logic App should have tags | Learn |
| 225 | Security | Medium | Logic App should use VNET integration | Learn |
| 226 | Security | Medium | Logic App should have VNET Route all enabled for VNET integration | Learn |
| 227 | Security | Medium | Logic App should use TLS 1.2 | Learn |
| 228 | Security | Medium | Logic App remote debugging should be disabled | Learn |
| 229 | High Availability | Medium | Logic App should avoid using Client Affinity | Learn |
| 230 | Security | Medium | Logic App should use Managed Identities | Learn |
| 231 | Monitoring and Alerting | Low | PostgreSQL should have diagnostic settings enabled | Learn |
| 232 | High Availability | High | PostgreSQL should have availability zones enabled | Learn |
| 233 | High Availability | High | PostgreSQL should have a SLA | Learn |
| 234 | Security | High | PostgreSQL should have private access enabled | Learn |
| 235 | High Availability | High | PostgreSQL SKU | Learn |
| 236 | Governance | Low | PostgreSQL Name should comply with naming conventions | Learn |
| 237 | Governance | Low | PostgreSQL should have tags | Learn |
| 238 | Monitoring and Alerting | Low | PostgreSQL should have diagnostic settings enabled | Learn |
| 239 | High Availability | High | PostgreSQL should have a SLA | Learn |
| 240 | Security | High | PostgreSQL should have private endpoints enabled | Learn |
| 241 | High Availability | High | PostgreSQL SKU | Learn |
| 242 | Governance | Low | PostgreSQL Name should comply with naming conventions | Learn |
| 243 | Governance | Low | PostgreSQL should have tags | Learn |
| 244 | Security | High | PostgreSQL should enforce SSL | Learn |
| 245 | Security | Low | PostgreSQL should enforce TLS >= 1.2 | Learn |
| 246 | Monitoring and Alerting | Low | Redis should have diagnostic settings enabled | Learn |
| 247 | High Availability | High | Redis should have availability zones enabled | Learn |
| 248 | High Availability | High | Redis should have a SLA | Learn |
| 249 | Security | High | Redis should have private endpoints enabled | Learn |
| 250 | High Availability | High | Redis SKU | Learn |
| 251 | Governance | Low | Redis Name should comply with naming conventions | Learn |
| 252 | Governance | Low | Redis should have tags | Learn |
| 253 | Security | High | Redis should not enable non SSL ports | Learn |
| 254 | Security | Low | Redis should enforce TLS >= 1.2 | Learn |
| 255 | Monitoring and Alerting | Low | Service Bus should have diagnostic settings enabled | Learn |
| 256 | High Availability | High | Service Bus should have availability zones enabled | Learn |
| 257 | High Availability | High | Service Bus should have a SLA | Learn |
| 258 | Security | High | Service Bus should have private endpoints enabled | Learn |
| 259 | High Availability | High | Service Bus SKU | Learn |
| 260 | Governance | Low | Service Bus Name should comply with naming conventions | Learn |
| 261 | Governance | Low | Service Bus should have tags | Learn |
| 262 | Security | Medium | Service Bus should have local authentication disabled | Learn |
| 263 | Monitoring and Alerting | Low | SignalR should have diagnostic settings enabled | Learn |
| 264 | High Availability | High | SignalR should have availability zones enabled | Learn |
| 265 | High Availability | High | SignalR should have a SLA | Learn |
| 266 | Security | High | SignalR should have private endpoints enabled | Learn |
| 267 | High Availability | High | SignalR SKU | Learn |
| 268 | Governance | Low | SignalR Name should comply with naming conventions | Learn |
| 269 | Governance | Low | SignalR should have tags | Learn |
| 270 | Security | High | SQL should have private endpoints enabled | Learn |
| 271 | Governance | Low | SQL Name should comply with naming conventions | Learn |
| 272 | Governance | Low | SQL should have tags | Learn |
| 273 | Security | Low | SQL should enforce TLS >= 1.2 | Learn |
| 274 | Monitoring and Alerting | Low | SQL Database should have diagnostic settings enabled | Learn |
| 275 | High Availability | High | SQL Database should have availability zones enabled | Learn |
| 276 | High Availability | High | SQL Database should have a SLA | Learn |
| 277 | High Availability | High | SQL Database SKU | Learn |
| 278 | Governance | Low | SQL Database Name should comply with naming conventions | Learn |
| 279 | Governance | Low | SQL Database should have tags | Learn |
| 280 | High Availability | High | SQL Elastic Pool SKU | Learn |
| 281 | Governance | Low | SQL Elastic Pool Name should comply with naming conventions | Learn |
| 282 | Governance | Low | SQL Elastic Pool should have tags | Learn |
| 283 | Governance | Low | Azure Synapse Dedicated SQL Pool Name should comply with naming conventions | Learn |
| 284 | High Availability | High | Azure Synapse Dedicated SQL Pool SLA | Learn |
| 285 | Governance | Low | Azure Synapse Dedicated SQL Pool should have tags | Learn |
| 286 | Governance | Low | Azure Synapse Spark Pool Name should comply with naming conventions | Learn |
| 287 | High Availability | High | Azure Synapse Spark Pool SLA | Learn |
| 288 | Governance | Low | Azure Synapse Spark Pool should have tags | Learn |
| 289 | Monitoring and Alerting | Low | Azure Synapse Workspace should have diagnostic settings enabled | Learn |
| 290 | Security | High | Azure Synapse Workspace should have private endpoints enabled | Learn |
| 291 | High Availability | High | Azure Synapse Workspace SLA | Learn |
| 292 | Governance | Low | Azure Synapse Workspace Name should comply with naming conventions | Learn |
| 293 | Governance | Low | Azure Synapse Workspace should have tags | Learn |
| 294 | Security | High | Azure Synapse Workspace should establish network segmentation boundaries | Learn |
| 295 | Security | High | Azure Synapse Workspace should disable public network access | Learn |
| 296 | Monitoring and Alerting | Low | Traffic Manager should have diagnostic settings enabled | Learn |
| 297 | High Availability | High | Traffic Manager should have availability zones enabled | Learn |
| 298 | High Availability | High | Traffic Manager should have a SLA | Learn |
| 299 | Governance | Low | Traffic Manager Name should comply with naming conventions | Learn |
| 300 | Governance | Low | Traffic Manager should have tags | Learn |
| 301 | High Availability | High | Traffic Manager should use at least 2 endpoints | Learn |
| 302 | Security | High | Traffic Manager: HTTP endpoints should be monitored using HTTPS | Learn |
| 303 | Monitoring and Alerting | Low | Storage should have diagnostic settings enabled | Learn |
| 304 | High Availability | High | Storage should have availability zones enabled | Learn |
| 305 | High Availability | High | Storage should have a SLA | Learn |
| 306 | Security | High | Storage should have private endpoints enabled | Learn |
| 307 | High Availability | High | Storage SKU | Learn |
| 308 | Governance | Low | Storage Name should comply with naming conventions | Learn |
| 309 | Security | High | Storage Account should use HTTPS only | Learn |
| 310 | Governance | Low | Storage Account should have tags | Learn |
| 311 | Security | Low | Storage Account should enforce TLS >= 1.2 | Learn |
| 312 | Disaster Recovery | Low | Storage Account should have inmutable storage versioning enabled | Learn |
| 313 | Disaster Recovery | Medium | Storage Account should have soft delete enabled | Learn |
| 314 | High Availability | High | Virtual Machine should have availability zones enabled | Learn |
| 315 | High Availability | High | Virtual Machine should have a SLA | Learn |
| 316 | Governance | Low | Virtual Machine Name should comply with naming conventions | Learn |
| 317 | Governance | Low | Virtual Machine should have tags | Learn |
| 318 | High Availability | High | Virtual Machine should use managed disks | Learn |
| 319 | Scalability | Low | Virtual Machine should host application or database data on a data disk | Learn |
| 320 | High Availability | High | Virtual Machine should have availability zones enabled | Learn |
| 321 | High Availability | High | Virtual Machine should have a SLA | Learn |
| 322 | Governance | Low | Virtual Machine Scale Set Name should comply with naming conventions | Learn |
| 323 | Governance | Low | Virtual Machine Scale Set should have tags | Learn |
| 324 | Monitoring and Alerting | Low | Virtual Network should have diagnostic settings enabled | Learn |
| 325 | High Availability | High | Virtual Network should have availability zones enabled | Learn |
| 326 | Governance | Low | Virtual Network Name should comply with naming conventions | Learn |
| 327 | Governance | Low | Virtual Network should have tags | Learn |
| 328 | Security | High | Virtual Network: All Subnets should have a Network Security Group associated | Learn |
| 329 | High Availability | High | Virtual Network should have at least two DNS servers assigned | Learn |
| 330 | Monitoring and Alerting | Low | Virtual Network Gateway should have diagnostic settings enabled | Learn |
| 331 | Governance | Low | Virtual Network Gateway Name should comply with naming conventions | Learn |
| 332 | Governance | Low | Virtual Network Gateway should have tags | Learn |
| 333 | High Availability | High | Virtual Network Gateway should have a SLA | Learn |
| 334 | High Availability | High | Storage should have availability zones enabled | Learn |
| 335 | Monitoring and Alerting | Low | Web Pub Sub should have diagnostic settings enabled | Learn |
| 336 | High Availability | High | Web Pub Sub should have availability zones enabled | Learn |
| 337 | High Availability | High | Web Pub Sub should have a SLA | Learn |
| 338 | Security | High | Web Pub Sub should have private endpoints enabled | Learn |
| 339 | High Availability | High | Web Pub Sub SKU | Learn |
| 340 | Governance | Low | Web Pub Sub Name should comply with naming conventions | Learn |
| 341 | Governance | Low | Web Pub Sub should have tags | Learn |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.
Last modified May 16, 2024: feature: add Azure Virtual Network Gateway scanner (#237) (9076e3d)