This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Recommendations

Recommendations

    Azure Quick Review checks the following recommendations for Azure resources. The recommendations are categorized based on their impact and category:

    ## Recommendations List

    Total Supported Azure Resource Types: 88

    IdResource TypeCategoryImpactRecommendationLearn
    1adf-001Microsoft.DataFactory/factoriesMonitoringAndAlertingLowAzure Data Factory should have diagnostic settings enabledLearn
    2adf-002Microsoft.DataFactory/factoriesSecurityHighAzure Data Factory should have private endpoints enabledLearn
    3adf-003Microsoft.DataFactory/factoriesHighAvailabilityHighAzure Data Factory SLALearn
    4adf-004Microsoft.DataFactory/factoriesGovernanceLowAzure Data Factory Name should comply with naming conventionsLearn
    5adf-005Microsoft.DataFactory/factoriesGovernanceLowAzure Data Factory should have tagsLearn
    6afd-001Microsoft.Cdn/profilesMonitoringAndAlertingLowAzure FrontDoor should have diagnostic settings enabledLearn
    7afd-003Microsoft.Cdn/profilesHighAvailabilityHighAzure FrontDoor SLALearn
    8afd-006Microsoft.Cdn/profilesGovernanceLowAzure FrontDoor Name should comply with naming conventionsLearn
    9afd-007Microsoft.Cdn/profilesGovernanceLowAzure FrontDoor should have tagsLearn
    10afw-001Microsoft.Network/azureFirewallsMonitoringAndAlertingLowAzure Firewall should have diagnostic settings enabledLearn
    11afw-003Microsoft.Network/azureFirewallsHighAvailabilityHighAzure Firewall SLALearn
    12afw-006Microsoft.Network/azureFirewallsGovernanceLowAzure Firewall Name should comply with naming conventionsLearn
    13afw-007Microsoft.Network/azureFirewallsGovernanceLowAzure Firewall should have tagsLearn
    14agw-005Microsoft.Network/applicationGatewaysMonitoringAndAlertingLowApplication Gateway: Monitor and Log the configurations and trafficLearn
    15agw-103Microsoft.Network/applicationGatewaysHighAvailabilityHighApplication Gateway SLALearn
    16agw-105Microsoft.Network/applicationGatewaysGovernanceLowApplication Gateway Name should comply with naming conventionsLearn
    17agw-106Microsoft.Network/applicationGatewaysGovernanceLowApplication Gateway should have tagsLearn
    18aif-001Microsoft.CognitiveServices/accountsMonitoringAndAlertingLowService should have diagnostic settings enabledLearn
    19aif-003Microsoft.CognitiveServices/accountsHighAvailabilityHighService should have a SLALearn
    20aif-004Microsoft.CognitiveServices/accountsSecurityHighService should have private endpoints enabledLearn
    21aif-006Microsoft.CognitiveServices/accountsGovernanceLowService Name should comply with naming conventionsLearn
    22aif-007Microsoft.CognitiveServices/accountsGovernanceLowService should have tagsLearn
    23aif-008Microsoft.CognitiveServices/accountsSecurityMediumService should have local authentication disabledLearn
    24aks-001Microsoft.ContainerService/managedClustersMonitoringAndAlertingLowAKS Cluster should have diagnostic settings enabledLearn
    25aks-003Microsoft.ContainerService/managedClustersHighAvailabilityHighAKS Cluster should have an SLALearn
    26aks-004Microsoft.ContainerService/managedClustersSecurityHighAKS Cluster should be privateLearn
    27aks-006Microsoft.ContainerService/managedClustersGovernanceLowAKS Name should comply with naming conventionsLearn
    28aks-007Microsoft.ContainerService/managedClustersSecurityMediumAKS should integrate authentication with AAD (Managed)Learn
    29aks-010Microsoft.ContainerService/managedClustersSecurityMediumAKS should have httpApplicationRouting disabledLearn
    30aks-012Microsoft.ContainerService/managedClustersSecurityHighAKS should have outbound type set to user defined routingLearn
    31aks-015Microsoft.ContainerService/managedClustersGovernanceLowAKS should have tagsLearn
    32aks-016Microsoft.ContainerService/managedClustersScalabilityLowAKS Node Pools should have MaxSurge setLearn
    33amg-001Microsoft.Dashboard/managedGrafanaGovernanceLowAzure Managed Grafana name should comply with naming conventionsLearn
    34amg-002Microsoft.Dashboard/managedGrafanaHighAvailabilityHighAzure Managed Grafana SLALearn
    35amg-003Microsoft.Dashboard/managedGrafanaGovernanceLowAzure Managed Grafana should have tagsLearn
    36amg-004Microsoft.Dashboard/managedGrafanaSecurityHighAzure Managed Grafana should disable public network accessLearn
    37amg-005Microsoft.Dashboard/managedGrafanaHighAvailabilityHighAzure Managed Grafana should have availability zones enabledLearn
    38apim-001Microsoft.ApiManagement/serviceMonitoringAndAlertingLowAPIM should have diagnostic settings enabledLearn
    39apim-003Microsoft.ApiManagement/serviceHighAvailabilityHighAPIM should have a SLALearn
    40apim-004Microsoft.ApiManagement/serviceSecurityHighAPIM should have private endpoints enabledLearn
    41apim-006Microsoft.ApiManagement/serviceGovernanceLowAPIM should comply with naming conventionsLearn
    42apim-007Microsoft.ApiManagement/serviceGovernanceLowAPIM should have tagsLearn
    43apim-008Microsoft.ApiManagement/serviceSecurityMediumAPIM should use Managed IdentitiesLearn
    44apim-009Microsoft.ApiManagement/serviceSecurityHighAPIM should only accept a minimum of TLS 1.2Learn
    45apim-010Microsoft.ApiManagement/serviceSecurityHighAPIM should should not accept weak or deprecated ciphers.Learn
    46apim-011Microsoft.ApiManagement/serviceSecurityHighAPIM: Renew expiring certificatesLearn
    47app-001Microsoft.Web/sitesMonitoringAndAlertingLowApp Service should have diagnostic settings enabledLearn
    48app-004Microsoft.Web/sitesSecurityHighApp Service should have private endpoints enabledLearn
    49app-006Microsoft.Web/sitesGovernanceLowApp Service Name should comply with naming conventionsLearn
    50app-007Microsoft.Web/sitesSecurityHighApp Service should use HTTPS onlyLearn
    51app-008Microsoft.Web/sitesGovernanceLowApp Service should have tagsLearn
    52app-009Microsoft.Web/sitesSecurityMediumApp Service should use VNET integrationLearn
    53app-010Microsoft.Web/sitesSecurityMediumApp Service should have VNET Route all enabled for VNET integrationLearn
    54app-011Microsoft.Web/sitesSecurityHighApp Service should use TLS 1.2Learn
    55app-012Microsoft.Web/sitesSecurityHighApp Service remote debugging should be disabledLearn
    56app-013Microsoft.Web/sitesSecurityHighApp Service should not allow insecure FTPLearn
    57app-014Microsoft.Web/sitesScalabilityHighApp Service should have Always On enabledLearn
    58app-015Microsoft.Web/sitesHighAvailabilityMediumApp Service should avoid using Client AffinityLearn
    59app-016Microsoft.Web/sitesSecurityMediumApp Service should use Managed IdentitiesLearn
    60appcs-001Microsoft.AppConfiguration/configurationStoresMonitoringAndAlertingLowAppConfiguration should have diagnostic settings enabledLearn
    61appcs-003Microsoft.AppConfiguration/configurationStoresHighAvailabilityHighAppConfiguration should have a SLALearn
    62appcs-004Microsoft.AppConfiguration/configurationStoresSecurityHighAppConfiguration should have private endpoints enabledLearn
    63appcs-006Microsoft.AppConfiguration/configurationStoresGovernanceLowAppConfiguration Name should comply with naming conventionsLearn
    64appcs-007Microsoft.AppConfiguration/configurationStoresGovernanceLowAppConfiguration should have tagsLearn
    65appcs-008Microsoft.AppConfiguration/configurationStoresSecurityMediumAppConfiguration should have local authentication disabledLearn
    66appi-001Microsoft.Insights/componentsHighAvailabilityHighAzure Application Insights SLALearn
    67appi-002Microsoft.Insights/componentsGovernanceLowAzure Application Insights Name should comply with naming conventionsLearn
    68appi-003Microsoft.Insights/componentsGovernanceLowAzure Application Insights should have tagsLearn
    69as-001Microsoft.AnalysisServices/serversMonitoringAndAlertingLowAzure Analysis Service should have diagnostic settings enabledLearn
    70as-002Microsoft.AnalysisServices/serversHighAvailabilityHighAzure Analysis Service should have a SLALearn
    71as-004Microsoft.AnalysisServices/serversGovernanceLowAzure Analysis Service Name should comply with naming conventionsLearn
    72as-005Microsoft.AnalysisServices/serversGovernanceLowAzure Analysis Service should have tagsLearn
    73asp-001Microsoft.Web/serverfarmsMonitoringAndAlertingLowPlan should have diagnostic settings enabledLearn
    74asp-003Microsoft.Web/serverfarmsHighAvailabilityHighPlan should have a SLALearn
    75asp-006Microsoft.Web/serverfarmsGovernanceLowPlan Name should comply with naming conventionsLearn
    76asp-007Microsoft.Web/serverfarmsGovernanceLowPlan should have tagsLearn
    77ca-003Microsoft.App/containerAppsHighAvailabilityHighContainerApp should have a SLALearn
    78ca-006Microsoft.App/containerAppsGovernanceLowContainerApp Name should comply with naming conventionsLearn
    79ca-007Microsoft.App/containerAppsGovernanceLowContainerApp should have tagsLearn
    80ca-008Microsoft.App/containerAppsSecurityLowContainerApp should not allow insecure ingress trafficLearn
    81ca-009Microsoft.App/containerAppsSecurityLowContainerApp should use Managed IdentitiesLearn
    82ca-010Microsoft.App/containerAppsHighAvailabilityLowContainerApp should use Azure Files to persist container dataLearn
    83ca-011Microsoft.App/containerAppsHighAvailabilityLowContainerApp should avoid using session affinityLearn
    84cae-001Microsoft.App/managedenvironmentsMonitoringAndAlertingLowContainer Apps Environment should have diagnostic settings enabledLearn
    85cae-003Microsoft.App/managedenvironmentsHighAvailabilityHighContainer Apps Environment should have a SLALearn
    86cae-004Microsoft.App/managedenvironmentsSecurityHighContainer Apps Environment should have private endpoints enabledLearn
    87cae-006Microsoft.App/managedenvironmentsGovernanceLowContainer Apps Environment Name should comply with naming conventionsLearn
    88cae-007Microsoft.App/managedenvironmentsGovernanceLowContainer Apps Environment should have tagsLearn
    89ci-002Microsoft.ContainerInstance/containerGroupsHighAvailabilityHighContainerInstance should have availability zones enabledLearn
    90ci-003Microsoft.ContainerInstance/containerGroupsHighAvailabilityHighContainerInstance should have a SLALearn
    91ci-004Microsoft.ContainerInstance/containerGroupsSecurityHighContainerInstance should use private IP addressesLearn
    92ci-006Microsoft.ContainerInstance/containerGroupsGovernanceLowContainerInstance Name should comply with naming conventionsLearn
    93ci-007Microsoft.ContainerInstance/containerGroupsGovernanceLowContainerInstance should have tagsLearn
    94cosmos-001Microsoft.DocumentDB/databaseAccountsMonitoringAndAlertingLowCosmosDB should have diagnostic settings enabledLearn
    95cosmos-003Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighCosmosDB should have a SLALearn
    96cosmos-004Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have private endpoints enabledLearn
    97cosmos-006Microsoft.DocumentDB/databaseAccountsGovernanceLowCosmosDB Name should comply with naming conventionsLearn
    98cosmos-007Microsoft.DocumentDB/databaseAccountsGovernanceLowCosmosDB should have tagsLearn
    99cosmos-008Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have local authentication disabledLearn
    100cosmos-009Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keysLearn
    101cr-001Microsoft.ContainerRegistry/registriesMonitoringAndAlertingLowContainerRegistry should have diagnostic settings enabledLearn
    102cr-003Microsoft.ContainerRegistry/registriesHighAvailabilityHighContainerRegistry should have a SLALearn
    103cr-004Microsoft.ContainerRegistry/registriesSecurityHighContainerRegistry should have private endpoints enabledLearn
    104cr-006Microsoft.ContainerRegistry/registriesGovernanceLowContainerRegistry Name should comply with naming conventionsLearn
    105cr-008Microsoft.ContainerRegistry/registriesSecurityMediumContainerRegistry should have the Administrator account disabledLearn
    106cr-009Microsoft.ContainerRegistry/registriesGovernanceLowContainerRegistry should have tagsLearn
    107cr-010Microsoft.ContainerRegistry/registriesGovernanceMediumContainerRegistry should use retention policiesLearn
    108dbw-001Microsoft.Databricks/workspacesMonitoringAndAlertingLowAzure Databricks should have diagnostic settings enabledLearn
    109dbw-003Microsoft.Databricks/workspacesHighAvailabilityHighAzure Databricks should have a SLALearn
    110dbw-004Microsoft.Databricks/workspacesSecurityHighAzure Databricks should have private endpoints enabledLearn
    111dbw-006Microsoft.Databricks/workspacesGovernanceLowAzure Databricks Name should comply with naming conventionsLearn
    112dbw-007Microsoft.Databricks/workspacesSecurityMediumAzure Databricks should have the Public IP disabledLearn
    113dec-001Microsoft.Kusto/clustersMonitoringAndAlertingLowAzure Data Explorer should have diagnostic settings enabledLearn
    114dec-002Microsoft.Kusto/clustersHighAvailabilityHighAzure Data Explorer SLALearn
    115dec-003Microsoft.Kusto/clustersHighAvailabilityHighAzure Data Explorer Production Cluster should not use Dev SKULearn
    116dec-004Microsoft.Kusto/clustersSecurityHighAzure Data Explorer should have private endpoints enabledLearn
    117dec-005Microsoft.Kusto/clustersGovernanceLowAzure Data Explorer should have tagsLearn
    118dec-006Microsoft.Kusto/clustersGovernanceLowAzure Data Explorer Name should comply with naming conventionsLearn
    119dec-008Microsoft.Kusto/clustersSecurityHighAzure Data Explorer should use Disk EncryptionLearn
    120dec-009Microsoft.Kusto/clustersSecurityLowAzure Data Explorer should use Managed IdentitiesLearn
    121evgd-001Microsoft.EventGrid/domainsMonitoringAndAlertingLowEvent Grid Domain should have diagnostic settings enabledLearn
    122evgd-003Microsoft.EventGrid/domainsHighAvailabilityHighEvent Grid Domain should have a SLALearn
    123evgd-004Microsoft.EventGrid/domainsSecurityHighEvent Grid Domain should have private endpoints enabledLearn
    124evgd-006Microsoft.EventGrid/domainsGovernanceLowEvent Grid Domain Name should comply with naming conventionsLearn
    125evgd-007Microsoft.EventGrid/domainsGovernanceLowEvent Grid Domain should have tagsLearn
    126evgd-008Microsoft.EventGrid/domainsSecurityMediumEvent Grid Domain should have local authentication disabledLearn
    127evh-001Microsoft.EventHub/namespacesMonitoringAndAlertingLowEvent Hub Namespace should have diagnostic settings enabledLearn
    128evh-003Microsoft.EventHub/namespacesHighAvailabilityHighEvent Hub Namespace should have a SLALearn
    129evh-004Microsoft.EventHub/namespacesSecurityHighEvent Hub Namespace should have private endpoints enabledLearn
    130evh-006Microsoft.EventHub/namespacesGovernanceLowEvent Hub Namespace Name should comply with naming conventionsLearn
    131evh-007Microsoft.EventHub/namespacesGovernanceLowEvent Hub should have tagsLearn
    132evh-008Microsoft.EventHub/namespacesSecurityMediumEvent Hub should have local authentication disabledLearn
    133func-001Microsoft.Web/sitesMonitoringAndAlertingLowFunction should have diagnostic settings enabledLearn
    134func-004Microsoft.Web/sitesSecurityHighFunction should have private endpoints enabledLearn
    135func-006Microsoft.Web/sitesGovernanceLowFunction Name should comply with naming conventionsLearn
    136func-007Microsoft.Web/sitesSecurityHighFunction should use HTTPS onlyLearn
    137func-008Microsoft.Web/sitesGovernanceLowFunction should have tagsLearn
    138func-009Microsoft.Web/sitesSecurityMediumFunction should use VNET integrationLearn
    139func-010Microsoft.Web/sitesSecurityMediumFunction should have VNET Route all enabled for VNET integrationLearn
    140func-011Microsoft.Web/sitesSecurityMediumFunction should use TLS 1.2Learn
    141func-012Microsoft.Web/sitesSecurityMediumFunction remote debugging should be disabledLearn
    142func-013Microsoft.Web/sitesHighAvailabilityMediumFunction should avoid using Client AffinityLearn
    143func-014Microsoft.Web/sitesSecurityMediumFunction should use Managed IdentitiesLearn
    144hub-001Microsoft.MachineLearningServices/workspacesGovernanceLowService name should comply with naming conventionsLearn
    145hub-002Microsoft.MachineLearningServices/workspacesHighAvailabilityHighService SLALearn
    146hub-003Microsoft.MachineLearningServices/workspacesGovernanceLowService should have tagsLearn
    147hub-004Microsoft.MachineLearningServices/workspacesSecurityHighService should disable public network accessLearn
    148hub-005Microsoft.MachineLearningServices/workspacesSecurityHighService should have private enpoints enabledLearn
    149hub-006Microsoft.MachineLearningServices/workspacesMonitoringAndAlertingLowService should have diagnostic settings enabledLearn
    150it-006Microsoft.VirtualMachineImages/imageTemplatesGovernanceLowImage Template Name should comply with naming conventionsLearn
    151it-007Microsoft.VirtualMachineImages/imageTemplatesGovernanceLowImage Template should have tagsLearn
    152kv-001Microsoft.KeyVault/vaultsMonitoringAndAlertingLowKey Vault should have diagnostic settings enabledLearn
    153kv-003Microsoft.KeyVault/vaultsHighAvailabilityHighKey Vault should have a SLALearn
    154kv-006Microsoft.KeyVault/vaultsGovernanceLowKey Vault Name should comply with naming conventionsLearn
    155kv-007Microsoft.KeyVault/vaultsGovernanceLowKey Vault should have tagsLearn
    156lb-001Microsoft.Network/loadBalancersMonitoringAndAlertingLowLoad Balancer should have diagnostic settings enabledLearn
    157lb-003Microsoft.Network/loadBalancersHighAvailabilityHighLoad Balancer should have a SLALearn
    158lb-006Microsoft.Network/loadBalancersGovernanceLowLoad Balancer Name should comply with naming conventionsLearn
    159lb-007Microsoft.Network/loadBalancersGovernanceLowLoad Balancer should have tagsLearn
    160log-003Microsoft.OperationalInsights/workspacesHighAvailabilityHighLog Analytics Workspace SLALearn
    161log-006Microsoft.OperationalInsights/workspacesGovernanceLowLog Analytics Workspace Name should comply with naming conventionsLearn
    162log-007Microsoft.OperationalInsights/workspacesGovernanceLowLog Analytics Workspace should have tagsLearn
    163logic-001Microsoft.Logic/workflowsMonitoringAndAlertingLowLogic App should have diagnostic settings enabledLearn
    164logic-003Microsoft.Logic/workflowsHighAvailabilityHighLogic App should have a SLALearn
    165logic-004Microsoft.Logic/workflowsSecurityHighLogic App should limit access to Http TriggersLearn
    166logic-006Microsoft.Logic/workflowsGovernanceLowLogic App Name should comply with naming conventionsLearn
    167logic-007Microsoft.Logic/workflowsGovernanceLowLogic App should have tagsLearn
    168logics-001Microsoft.Web/sitesMonitoringAndAlertingLowLogic App should have diagnostic settings enabledLearn
    169logics-004Microsoft.Web/sitesSecurityHighLogic App should have private endpoints enabledLearn
    170logics-006Microsoft.Web/sitesGovernanceLowLogic App Name should comply with naming conventionsLearn
    171logics-007Microsoft.Web/sitesSecurityHighLogic App should use HTTPS onlyLearn
    172logics-008Microsoft.Web/sitesGovernanceLowLogic App should have tagsLearn
    173logics-009Microsoft.Web/sitesSecurityMediumLogic App should use VNET integrationLearn
    174logics-010Microsoft.Web/sitesSecurityMediumLogic App should have VNET Route all enabled for VNET integrationLearn
    175logics-011Microsoft.Web/sitesSecurityMediumLogic App should use TLS 1.2Learn
    176logics-012Microsoft.Web/sitesSecurityMediumLogic App remote debugging should be disabledLearn
    177logics-013Microsoft.Web/sitesHighAvailabilityMediumLogic App should avoid using Client AffinityLearn
    178logics-014Microsoft.Web/sitesSecurityMediumLogic App should use Managed IdentitiesLearn
    179maria-001Microsoft.DBforMariaDB/serversMonitoringAndAlertingLowMariaDB should have diagnostic settings enabledLearn
    180maria-002Microsoft.DBforMariaDB/serversSecurityHighMariaDB should have private endpoints enabledLearn
    181maria-003Microsoft.DBforMariaDB/serversGovernanceLowMariaDB server Name should comply with naming conventionsLearn
    182maria-004Microsoft.DBforMariaDB/serversHighAvailabilityHighMariaDB server should have a SLALearn
    183maria-005Microsoft.DBforMariaDB/serversGovernanceLowMariaDB should have tagsLearn
    184maria-006Microsoft.DBforMariaDB/serversSecurityLowMariaDB should enforce TLS >= 1.2Learn
    185mysql-001Microsoft.DBforMySQL/serversMonitoringAndAlertingLowAzure Database for MySQL - Single Server should have diagnostic settings enabledLearn
    186mysql-003Microsoft.DBforMySQL/serversHighAvailabilityHighAzure Database for MySQL - Single Server should have a SLALearn
    187mysql-004Microsoft.DBforMySQL/serversSecurityHighAzure Database for MySQL - Single Server should have private endpoints enabledLearn
    188mysql-006Microsoft.DBforMySQL/serversGovernanceLowAzure Database for MySQL - Single Server Name should comply with naming conventionsLearn
    189mysql-007Microsoft.DBforMySQL/serversHighAvailabilityHighAzure Database for MySQL - Single Server is on the retirement pathLearn
    190mysql-008Microsoft.DBforMySQL/serversGovernanceLowAzure Database for MySQL - Single Server should have tagsLearn
    191mysqlf-001Microsoft.DBforMySQL/flexibleServersMonitoringAndAlertingLowAzure Database for MySQL - Flexible Server should have diagnostic settings enabledLearn
    192mysqlf-003Microsoft.DBforMySQL/flexibleServersHighAvailabilityHighAzure Database for MySQL - Flexible Server should have a SLALearn
    193mysqlf-004Microsoft.DBforMySQL/flexibleServersSecurityHighAzure Database for MySQL - Flexible Server should have private access enabledLearn
    194mysqlf-006Microsoft.DBforMySQL/flexibleServersGovernanceLowAzure Database for MySQL - Flexible Server Name should comply with naming conventionsLearn
    195mysqlf-007Microsoft.DBforMySQL/flexibleServersGovernanceLowAzure Database for MySQL - Flexible Server should have tagsLearn
    196ng-001Microsoft.Network/natGatewaysMonitoringAndAlertingLowNAT Gateway should have diagnostic settings enabledLearn
    197ng-003Microsoft.Network/natGatewaysHighAvailabilityHighNAT Gateway SLALearn
    198ng-006Microsoft.Network/natGatewaysGovernanceLowNAT Gateway Name should comply with naming conventionsLearn
    199ng-007Microsoft.Network/natGatewaysGovernanceLowNAT Gateway should have tagsLearn
    200nsg-001Microsoft.Network/networkSecurityGroupsMonitoringAndAlertingLowNSG should have diagnostic settings enabledLearn
    201nsg-003Microsoft.Network/networkSecurityGroupsHighAvailabilityHighNSG SLALearn
    202nsg-006Microsoft.Network/networkSecurityGroupsGovernanceLowNSG Name should comply with naming conventionsLearn
    203nsg-007Microsoft.Network/networkSecurityGroupsGovernanceLowNSG should have tagsLearn
    204nw-003Microsoft.Network/networkWatchersHighAvailabilityHighNetwork Watcher SLALearn
    205nw-006Microsoft.Network/networkWatchersGovernanceLowNetwork Watcher Name should comply with naming conventionsLearn
    206nw-007Microsoft.Network/networkWatchersGovernanceLowNetwork Watcher should have tagsLearn
    207pep-003Microsoft.Network/privateEndpointsHighAvailabilityHighPrivate Endpoint SLALearn
    208pep-006Microsoft.Network/privateEndpointsGovernanceLowPrivate Endpoint Name should comply with naming conventionsLearn
    209pep-007Microsoft.Network/privateEndpointsGovernanceLowPrivate Endpoint should have tagsLearn
    210pip-003Microsoft.Network/publicIPAddressesHighAvailabilityHighPublic IP SLALearn
    211pip-006Microsoft.Network/publicIPAddressesGovernanceLowPublic IP Name should comply with naming conventionsLearn
    212pip-007Microsoft.Network/publicIPAddressesGovernanceLowPublic IP should have tagsLearn
    213psql-001Microsoft.DBforPostgreSQL/serversMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
    214psql-003Microsoft.DBforPostgreSQL/serversHighAvailabilityHighPostgreSQL should have a SLALearn
    215psql-004Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should have private endpoints enabledLearn
    216psql-006Microsoft.DBforPostgreSQL/serversGovernanceLowPostgreSQL Name should comply with naming conventionsLearn
    217psql-007Microsoft.DBforPostgreSQL/serversGovernanceLowPostgreSQL should have tagsLearn
    218psql-008Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should enforce SSLLearn
    219psql-009Microsoft.DBforPostgreSQL/serversSecurityLowPostgreSQL should enforce TLS >= 1.2Learn
    220psqlf-001Microsoft.DBforPostgreSQL/flexibleServersMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
    221psqlf-003Microsoft.DBforPostgreSQL/flexibleServersHighAvailabilityHighPostgreSQL should have a SLALearn
    222psqlf-004Microsoft.DBforPostgreSQL/flexibleServersSecurityHighPostgreSQL should have private access enabledLearn
    223psqlf-006Microsoft.DBforPostgreSQL/flexibleServersGovernanceLowPostgreSQL Name should comply with naming conventionsLearn
    224psqlf-007Microsoft.DBforPostgreSQL/flexibleServersGovernanceLowPostgreSQL should have tagsLearn
    225redis-001Microsoft.Cache/RedisMonitoringAndAlertingLowRedis should have diagnostic settings enabledLearn
    226redis-003Microsoft.Cache/RedisHighAvailabilityHighRedis should have a SLALearn
    227redis-006Microsoft.Cache/RedisGovernanceLowRedis Name should comply with naming conventionsLearn
    228redis-007Microsoft.Cache/RedisGovernanceLowRedis should have tagsLearn
    229redis-008Microsoft.Cache/RedisSecurityHighRedis should not enable non SSL portsLearn
    230redis-009Microsoft.Cache/RedisSecurityLowRedis should enforce TLS >= 1.2Learn
    231sb-001Microsoft.ServiceBus/namespacesMonitoringAndAlertingLowService Bus should have diagnostic settings enabledLearn
    232sb-003Microsoft.ServiceBus/namespacesHighAvailabilityHighService Bus should have a SLALearn
    233sb-004Microsoft.ServiceBus/namespacesSecurityHighService Bus should have private endpoints enabledLearn
    234sb-006Microsoft.ServiceBus/namespacesGovernanceLowService Bus Name should comply with naming conventionsLearn
    235sb-007Microsoft.ServiceBus/namespacesGovernanceLowService Bus should have tagsLearn
    236sb-008Microsoft.ServiceBus/namespacesSecurityMediumService Bus should have local authentication disabledLearn
    237sigr-001Microsoft.SignalRService/SignalRMonitoringAndAlertingLowSignalR should have diagnostic settings enabledLearn
    238sigr-003Microsoft.SignalRService/SignalRHighAvailabilityHighSignalR should have a SLALearn
    239sigr-004Microsoft.SignalRService/SignalRSecurityHighSignalR should have private endpoints enabledLearn
    240sigr-006Microsoft.SignalRService/SignalRGovernanceLowSignalR Name should comply with naming conventionsLearn
    241sigr-007Microsoft.SignalRService/SignalRGovernanceLowSignalR should have tagsLearn
    242sql-004Microsoft.Sql/serversSecurityHighSQL should have private endpoints enabledLearn
    243sql-006Microsoft.Sql/serversGovernanceLowSQL Name should comply with naming conventionsLearn
    244sql-007Microsoft.Sql/serversGovernanceLowSQL should have tagsLearn
    245sql-008Microsoft.Sql/serversSecurityLowSQL should enforce TLS >= 1.2Learn
    246sqldb-001Microsoft.Sql/servers/databasesMonitoringAndAlertingLowSQL Database should have diagnostic settings enabledLearn
    247sqldb-003Microsoft.Sql/servers/databasesHighAvailabilityHighSQL Database should have a SLALearn
    248sqldb-006Microsoft.Sql/servers/databasesGovernanceLowSQL Database Name should comply with naming conventionsLearn
    249sqldb-007Microsoft.Sql/servers/databasesGovernanceLowSQL Database should have tagsLearn
    250sqlep-002Microsoft.Sql/servers/elasticPoolsGovernanceLowSQL Elastic Pool Name should comply with naming conventionsLearn
    251sqlep-003Microsoft.Sql/servers/elasticPoolsGovernanceLowSQL Elastic Pool should have tagsLearn
    252srch-001Microsoft.Search/searchServicesGovernanceLowAzure AI Search name should comply with naming conventionsLearn
    253srch-002Microsoft.Search/searchServicesHighAvailabilityHighAzure AI Search SLALearn
    254srch-003Microsoft.Search/searchServicesGovernanceLowAzure AI Search should have tagsLearn
    255srch-004Microsoft.Search/searchServicesSecurityHighAzure AI Search should disable public network accessLearn
    256srch-005Microsoft.Search/searchServicesSecurityHighAzure AI Search should have private enpoints enabledLearn
    257srch-006Microsoft.Search/searchServicesMonitoringAndAlertingLowAzure AI Search should have diagnostic settings enabledLearn
    258st-001Microsoft.Storage/storageAccountsMonitoringAndAlertingLowStorage should have diagnostic settings enabledLearn
    259st-003Microsoft.Storage/storageAccountsHighAvailabilityHighStorage should have a SLALearn
    260st-006Microsoft.Storage/storageAccountsGovernanceLowStorage Name should comply with naming conventionsLearn
    261st-007Microsoft.Storage/storageAccountsSecurityHighStorage Account should use HTTPS onlyLearn
    262st-008Microsoft.Storage/storageAccountsGovernanceLowStorage Account should have tagsLearn
    263st-009Microsoft.Storage/storageAccountsSecurityLowStorage Account should enforce TLS >= 1.2Learn
    264st-010Microsoft.Storage/storageAccountsDisasterRecoveryLowStorage Account should have inmutable storage versioning enabledLearn
    265st-011Microsoft.Storage/storageAccountsDisasterRecoveryMediumStorage Account should have soft delete enabledLearn
    266syndp-001Microsoft.Synapse/workspaces/sqlPoolsGovernanceLowAzure Synapse Dedicated SQL Pool Name should comply with naming conventionsLearn
    267syndp-002Microsoft.Synapse/workspaces/sqlPoolsHighAvailabilityHighAzure Synapse Dedicated SQL Pool SLALearn
    268syndp-003Microsoft.Synapse/workspaces/sqlPoolsGovernanceLowAzure Synapse Dedicated SQL Pool should have tagsLearn
    269synsp-001Microsoft.Synapse workspaces/bigDataPoolsGovernanceLowAzure Synapse Spark Pool Name should comply with naming conventionsLearn
    270synsp-002Microsoft.Synapse workspaces/bigDataPoolsHighAvailabilityHighAzure Synapse Spark Pool SLALearn
    271synsp-003Microsoft.Synapse workspaces/bigDataPoolsGovernanceLowAzure Synapse Spark Pool should have tagsLearn
    272synw-001Microsoft.Synapse/workspacesMonitoringAndAlertingLowAzure Synapse Workspace should have diagnostic settings enabledLearn
    273synw-002Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should have private endpoints enabledLearn
    274synw-003Microsoft.Synapse/workspacesHighAvailabilityHighAzure Synapse Workspace SLALearn
    275synw-004Microsoft.Synapse/workspacesGovernanceLowAzure Synapse Workspace Name should comply with naming conventionsLearn
    276synw-005Microsoft.Synapse/workspacesGovernanceLowAzure Synapse Workspace should have tagsLearn
    277synw-006Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should establish network segmentation boundariesLearn
    278synw-007Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should disable public network accessLearn
    279traf-001Microsoft.Network/trafficManagerProfilesMonitoringAndAlertingLowTraffic Manager should have diagnostic settings enabledLearn
    280traf-002Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager should have availability zones enabledLearn
    281traf-003Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager should have a SLALearn
    282traf-006Microsoft.Network/trafficManagerProfilesGovernanceLowTraffic Manager Name should comply with naming conventionsLearn
    283traf-007Microsoft.Network/trafficManagerProfilesGovernanceLowTraffic Manager should have tagsLearn
    284traf-009Microsoft.Network/trafficManagerProfilesSecurityHighTraffic Manager: HTTP endpoints should be monitored using HTTPSLearn
    285udr-003Microsoft.Network/routeTablesHighAvailabilityHighRout Table SLALearn
    286udr-006Microsoft.Network/routeTablesGovernanceLowRout Table Name should comply with naming conventionsLearn
    287udr-007Microsoft.Network/routeTablesGovernanceLowRout Table should have tagsLearn
    288vgw-001Microsoft.Network/virtualNetworkGatewaysMonitoringAndAlertingLowVirtual Network Gateway should have diagnostic settings enabledLearn
    289vgw-002Microsoft.Network/virtualNetworkGatewaysGovernanceLowVirtual Network Gateway Name should comply with naming conventionsLearn
    290vgw-003Microsoft.Network/virtualNetworkGatewaysGovernanceLowVirtual Network Gateway should have tagsLearn
    291vgw-004Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighVirtual Network Gateway should have a SLALearn
    292vgw-005Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighStorage should have availability zones enabledLearn
    293vm-003Microsoft.Compute/virtualMachinesHighAvailabilityHighVirtual Machine should have a SLALearn
    294vm-006Microsoft.Compute/virtualMachinesGovernanceLowVirtual Machine Name should comply with naming conventionsLearn
    295vm-007Microsoft.Compute/virtualMachinesGovernanceLowVirtual Machine should have tagsLearn
    296vmss-003Microsoft.Compute/virtualMachineScaleSetsHighAvailabilityHighVirtual Machine should have a SLALearn
    297vmss-004Microsoft.Compute/virtualMachineScaleSetsGovernanceLowVirtual Machine Scale Set Name should comply with naming conventionsLearn
    298vmss-005Microsoft.Compute/virtualMachineScaleSetsGovernanceLowVirtual Machine Scale Set should have tagsLearn
    299vnet-001Microsoft.Network/virtualNetworksMonitoringAndAlertingLowVirtual Network should have diagnostic settings enabledLearn
    300vnet-006Microsoft.Network/virtualNetworksGovernanceLowVirtual Network Name should comply with naming conventionsLearn
    301vnet-007Microsoft.Network/virtualNetworksGovernanceLowVirtual Network should have tagsLearn
    302vnet-009Microsoft.Network/virtualNetworksHighAvailabilityHighVirtual Network should have at least two DNS servers assignedLearn
    303vwa-001Microsoft.Network/virtualWansMonitoringAndAlertingMediumVirtual WAN should have diagnostic settings enabledLearn
    304vwa-002Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN should have availability zones enabledLearn
    305vwa-003Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN should have a SLALearn
    306vwa-005Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN TypeLearn
    307vwa-006Microsoft.Network/virtualWansGovernanceLowVirtual WAN Name should comply with naming conventionsLearn
    308vwa-007Microsoft.Network/virtualWansGovernanceLowVirtual WAN should have tagsLearn
    309wps-001Microsoft.SignalRService/webPubSubMonitoringAndAlertingLowWeb Pub Sub should have diagnostic settings enabledLearn
    310wps-002Microsoft.SignalRService/webPubSubHighAvailabilityHighWeb Pub Sub should have availability zones enabledLearn
    311wps-003Microsoft.SignalRService/webPubSubHighAvailabilityHighWeb Pub Sub should have a SLALearn
    312wps-004Microsoft.SignalRService/webPubSubSecurityHighWeb Pub Sub should have private endpoints enabledLearn
    313wps-006Microsoft.SignalRService/webPubSubGovernanceLowWeb Pub Sub Name should comply with naming conventionsLearn
    314wps-007Microsoft.SignalRService/webPubSubGovernanceLowWeb Pub Sub should have tagsLearn
    315005ccbbd-aeab-46ef-80bd-9bd4479412ecMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure user nodepool countLearn
    31600c3d2b0-ea6e-4c4b-89be-b78a35caeb51Microsoft.KeyVault/vaultsSecurityMediumPrivate endpoint should be configured for Key VaultLearn
    317029208c8-5186-4a76-8ee8-6e3445fef4ddMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor Memory Utilization to ensure sufficient resources for workloadsLearn
    31803f4a7d8-c5b4-7842-8e6e-14997a34842bMicrosoft.ContainerRegistry/registriesOtherBestPracticesMediumDisable anonymous pull accessLearn
    3190611251f-e70f-4243-8ddd-cfe894bec2e7Microsoft.ContainerService/managedClustersHighAvailabilityHighUpdate AKS tier to Standard or PremiumLearn
    32006b77be9-56a3-4d41-b362-8b295c5a283dMicrosoft.Network/virtualNetworksMonitoringAndAlertingMediumEnable Virtual Network Flow LogsLearn
    32107243659-4643-d44c-a1c6-07ac21635072Microsoft.Web/serverFarmsScalabilityMediumAvoid scaling up or downLearn
    3220b80b67c-afbe-4988-ad58-a85a146b681eMicrosoft.Web/sitesOtherBestPracticesMediumStore configuration as app settings for Web SitesLearn
    3230bee356b-7348-4799-8cab-0c71ffe13018Microsoft.Network/ExpressRoutePortsScalabilityMediumEnsure ExpressRoute Direct is not over-subscribedLearn
    3240d1e2f3a-4b5c-6d7e-8f9a-0b1c2d3e4f5aMicrosoft.Network/frontDoorWebApplicationFirewallPoliciesGovernanceMediumFront Door WAF Policy without associationsLearn
    32510f02bc6-e2e7-004d-a2c2-f9bf9f16b915Microsoft.Network/applicationGatewaysHighAvailabilityMediumPlan for backend maintenance by using connection drainingLearn
    326122d11d7-b91f-8747-a562-f56b79bcfbdcMicrosoft.Compute/virtualMachinesHighAvailabilityHighUse Managed Disks for VM disksLearn
    32713794a63-8d95-47ce-acbd-5925ede5b208Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighEnsure to create Machine Learning Compute resources in secondary regionLearn
    3281422c567-782c-7148-ac7c-5fc14cf45adcMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDeploy VMSS across availability zones with VMSS FlexLearn
    3291549b91f-2ea0-4d4f-ba2a-4596becbe3deMicrosoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Cross Region Restore for your GRS Recovery Services VaultLearn
    33017e877f7-3a89-4205-8a24-0670de54ddcdMicrosoft.Compute/virtualMachinesDisasterRecoveryHighValidate VM functionality with a Site Recovery test failover to check performance at targetLearn
    3311981f704-97b9-b645-9c57-33f8ded9261aMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumBackup VMs with Azure Backup serviceLearn
    3321a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6dMicrosoft.Web/serverFarmsGovernanceMediumApp Service plans without hosting AppsLearn
    3331ad9d7b7-9692-1441-a8f4-93792efbe97aMicrosoft.Network/trafficManagerProfilesDisasterRecoveryMediumConfigure at least one endpoint within a another regionLearn
    3341adba190-5c4c-e646-8527-dd1b2a6d8b15Microsoft.Network/publicIPAddressesHighAvailabilityMediumUse NAT gateway for outbound connectivity to avoid SNAT ExhaustionLearn
    3351b2dbf4a-8a0b-5e4b-8f4e-3f758188910dMicrosoft.Network/azureFirewallsSecurityHighConfigure DDoS Protection on the Azure Firewall VNetLearn
    3361bd2b7e8-400f-e64a-99a2-c572f7b08a62Microsoft.Cdn/profilesSecurityMediumEnable the WAFLearn
    3371c2d3e4f-5a6b-7c8d-9e0f-1a2b3c4d5e6fMicrosoft.Resources/resourceGroupsGovernanceMediumResource Groups without resourcesLearn
    3381c5e1e58-4e56-491c-8529-10f37af9d4edMicrosoft.Compute/galleriesHighAvailabilityLowConsider creating TrustedLaunchSupported images where possibleLearn
    3391cca00d2-d9ab-8e42-a788-5d40f49405cbMicrosoft.KeyVault/vaultsDisasterRecoveryHighKey vaults should have soft delete enabledLearn
    3401e2f3a4b-5c6d-7e8f-9a0b-1c2d3e4f5a6bMicrosoft.Network/trafficManagerProfilesGovernanceMediumTraffic Manager without endpointsLearn
    3412102a57a-a056-4d5e-afe5-9df9f92177caMicrosoft.AppConfiguration/configurationStoresHighAvailabilityHighUpgrade to App Configuration Standard tierLearn
    34221fb841b-ba70-1f4e-a460-1f72fb41aa51Microsoft.VirtualMachineImages/imageTemplatesDisasterRecoveryLowReplicate your Image Templates to a secondary regionLearn
    343233a7008-71e9-e745-923e-1a1c7a0b92f3Microsoft.Network/applicationGatewaysSecurityHighSecure all incoming connections with SSLLearn
    34423b2dfc7-7e5d-9443-9f62-980ca621b561Microsoft.Network/routeTablesMonitoringAndAlertingMediumMonitor changes in Route Tables with Azure MonitorLearn
    34524ab9f11-a3e4-3043-a985-22cf94c4933aMicrosoft.Cdn/profilesSecurityHighUse HTTP to HTTPS redirectionLearn
    34624ae3773-cc2c-3649-88de-c9788e25b463Microsoft.Network/virtualNetworksSecurityMediumWhen available, use Private Endpoints instead of Service Endpoints for PaaS ServicesLearn
    347269a9f1a-6675-460a-831e-b05a887a8c4bMicrosoft.ContainerService/managedClustersDisasterRecoveryLowBack up Azure Kubernetes ServiceLearn
    34826ebaf1f-c70d-4ebd-8641-4b60a0ce0094Microsoft.ContainerService/managedClustersOtherBestPracticesLowEnable and remediate Azure Policies configured for AKSLearn
    349273f6b30-68e0-4241-85ea-acf15ffb60bfMicrosoft.Compute/virtualMachinesHighAvailabilityHighRun production workloads on two or more VMs using VMSS FlexLearn
    350281a2713-c0e0-3c48-b596-19f590c46671Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumEnable Active-Active VPN Gateways for redundancyLearn
    3512912472d-0198-4bdc-aa90-37f145790edcMicrosoft.RecoveryServices/vaultsMonitoringAndAlertingMediumMigrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services VaultsLearn
    3522ab85a67-26be-4ed2-a0bb-101b2513ec63Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
    3532ad78dec-5a4d-4a30-8fd1-8584335ad781Microsoft.Storage/storageAccountsScalabilityLowConsider upgrading legacy storage accounts to v2 storage accountsLearn
    3542b3c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7eMicrosoft.Compute/availabilitySetsGovernanceMediumAvailability Sets not associated to any VM or VMSSLearn
    3552bd0be95-a825-6f47-a8c6-3db1fb5eb387Microsoft.Compute/virtualMachinesHighAvailabilityHighDeploy VMs across Availability ZonesLearn
    3562d3e4f5a-6b7c-8d9e-0f1a-2b3c4d5e6f7aMicrosoft.Web/connectionsGovernanceMediumAPI Connections not related to any Logic AppLearn
    3572f3a4b5c-6d7e-8f9a-0b1c-2d3e4f5a6b7cMicrosoft.Network/applicationGatewaysGovernanceMediumApplication Gateways without backend targetsLearn
    358302fda08-ee65-4fbe-a916-6dc0b33169c4Microsoft.Compute/virtualMachinesHighAvailabilityHighReserve Compute Capacity for critical workloadsLearn
    35931f4ac4b-29cb-4588-8de2-d8fe6f13ceb3Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
    3603201dba8-d1da-4826-98a4-104066545170Microsoft.Compute/virtualMachinesScalabilityHighDon’t use A or B-Series VMs for production needing constant full CPU performanceLearn
    3613263a64a-c256-de48-9818-afd3cbc55c2aMicrosoft.Compute/disksOtherBestPracticesMediumShared disks should only be enabled in clustered serversLearn
    36236ea6c09-ef6e-d743-9cfb-bd0c928a430bMicrosoft.ContainerRegistry/registriesDisasterRecoveryHighCreate container registries with geo-replication enabledLearn
    36338c3bca1-97a1-eb42-8cd3-838b243f35baMicrosoft.Network/loadBalancersHighAvailabilityHighUse Standard Load Balancer SKULearn
    3643a4b5c6d-7e8f-9a0b-1c2d-3e4f5a6b7c8dMicrosoft.Network/virtualNetworksGovernanceMediumVirtual Networks without subnetsLearn
    3653c4d5e6f-7a8b-9c0d-1e2f-3a4b5c6d7e8fMicrosoft.Compute/disksGovernanceMediumManaged Disks with ‘Unattached’ stateLearn
    3663c8fa7c6-6b78-a24a-a63f-348a7c71acb9Microsoft.Network/azureFirewallsMonitoringAndAlertingHighMonitor Azure Firewall metricsLearn
    3673e115044-a3aa-433e-be01-ce17d67e50daMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled ExpressRoute gateway maintenanceLearn
    3683e4f5a6b-7c8d-9e0f-1a2b-3c4d5e6f7a8bMicrosoft.Web/certificatesGovernanceMediumExpired certificatesLearn
    3693ef86f16-f65b-c645-9901-7830d6dc3a1bMicrosoft.ContainerRegistry/registriesScalabilityMediumManage registry sizeLearn
    3703f85a51c-e286-9f44-b4dc-51d00768696cMicrosoft.Compute/virtualMachineScaleSetsScalabilityLowEnable Predictive autoscale and configure at least for Forecast OnlyLearn
    37141a22a5e-5e08-9647-92d0-2ffe9ef1bdadMicrosoft.Compute/virtualMachinesOtherBestPracticesMediumIP Forwarding should only be enabled for Network Virtual AppliancesLearn
    3724232eb32-3241-4049-9e14-9b8005817b56Microsoft.AVS/privateCloudsMonitoringAndAlertingHighConfigure Azure Monitor Alert warning thresholds for vSAN datastore utilizationLearn
    37343663217-a1d3-844b-80ea-571a2ce37c6cMicrosoft.DocumentDB/databaseAccountsHighAvailabilityHighConfigure at least two regions for high availabilityLearn
    37448ea6480-6263-40ba-8937-326d790e63f6Microsoft.MachineLearningServices/workspacesOtherBestPracticesHighMake Azure Machine Learning quota requests through the Azure Machine Learning StudioLearn
    3754b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9eMicrosoft.Network/virtualNetworks/subnetsGovernanceMediumSubnets without Connected Devices or DelegationLearn
    3764bae5a28-5cf4-40d9-bcf1-623d28f6d917Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighDeploy VPN gateways with zone-redundant Public IPsLearn
    3774d5e6f7a-8b9c-0d1e-2f3a-4b5c6d7e8f9aMicrosoft.Sql/servers/elasticpoolsGovernanceMediumSQL elastic pool without databasesLearn
    3784ea2878f-0d69-8d4a-b715-afc10d1e538eMicrosoft.Compute/virtualMachinesScalabilityLowHost database data on a data diskLearn
    3794ee5d535-c47b-470a-9557-4a3dd297d62fMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor CPU Utilization to ensure sufficient resources for workloadsLearn
    3804f63619f-5001-439c-bacb-8de891287727Microsoft.ContainerService/managedClustersHighAvailabilityHighDeploy AKS cluster across availability zonesLearn
    38152ab9e5c-eec0-3148-8bd7-b6dd9e1be870Microsoft.Compute/virtualMachinesHighAvailabilityMediumUse maintenance configurations for the Dedicated and/or Isolated VM SKUsLearn
    3825a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8Microsoft.Cache/RedisHighAvailabilityHighEnable zone redundancy for Azure Cache for RedisLearn
    3835b1933a6-90e4-f642-a01f-e58594e5aab2Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighChoose a Zone-redundant VPN gatewayLearn
    3845b422a7f-8caa-3d48-becb-511599e5bba9Microsoft.Network/trafficManagerProfilesHighAvailabilityMediumTraffic manager profiles should have more than one endpointLearn
    3855c6d7e8f-9a0b-1c2d-3e4f-5a6b7c8d9e0fMicrosoft.Network/natGatewaysGovernanceMediumNAT Gateways not attached to any subnetLearn
    3865c96afc3-7d2e-46ff-a4c7-9c32850c441bMicrosoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
    3875cea1501-6fe4-4ec4-ac8f-f72320eb18d3Microsoft.Network/publicIPAddressesHighAvailabilityMediumUpgrade Basic SKU public IP addresses to Standard SKULearn
    3885e6f7a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0bMicrosoft.Network/publicIPAddressesGovernanceMediumPublic IPs not attached to any resourceLearn
    3895ee083cd-6ac3-4a83-8913-9549dd36cf56Microsoft.ContainerService/managedClustersHighAvailabilityHighIsolate system and application podsLearn
    3905f3cbd68-692a-4121-988c-9770914859a9Microsoft.ContainerService/managedClustersOtherBestPracticesLowEnable GitOps when using DevOps frameworksLearn
    39160077378-7cb1-4b35-89bb-393884d9921dMicrosoft.Network/ExpressRoutePortsHighAvailabilityHighThe Admin State of both Links of an ExpressRoute Direct should be in Enabled stateLearn
    392621dbc78-3745-4d32-8eac-9e65b27b7512Microsoft.Network/loadBalancersHighAvailabilityHighEnsure Standard Load Balancer is zone-redundantLearn
    3936293a3cc-6b4a-4c0f-9ea7-b8ae8d7dd3d5Microsoft.DBforPostgreSQL/flexibleServersScalabilityHighConfigure storage auto-growLearn
    39463491f70-22e4-3b4a-8b0c-845450e46facMicrosoft.ContainerRegistry/registriesHighAvailabilityMediumEnable zone redundancyLearn
    395675d249a-9486-45e3-8e89-863f5802782dMicrosoft.MachineLearningServices/workspacesDisasterRecoveryHighDeploy Azure Machine learning workspace in secondary regionLearn
    39669ea1185-19b7-de40-9da1-9e8493547a5cMicrosoft.Network/virtualNetworksSecurityHighShield public endpoints in Azure VNets with Azure DDoS Standard Protection PlansLearn
    3976a8b3db9-5773-413a-a127-4f7032f34bbdMicrosoft.SignalRService/SignalRHighAvailabilityHighEnable zone redundancy for SignalRLearn
    3986cd57b65-ef84-4088-9ada-c0d8de74c2f7Microsoft.Dashboard/grafanaHighAvailabilityMediumEnable zone redundancy in Managed GrafanaLearn
    3996d7e8f9a-0b1c-2d3e-4f5a-6b7c8d9e0f1aMicrosoft.Network/ipGroupsGovernanceMediumIP Groups not attached to any Azure FirewallLearn
    4006d82d042-6d61-ad49-86f0-6a5455398081Microsoft.Network/loadBalancersHighAvailabilityHighEnsure the Backend Pool contains at least two instancesLearn
    4016e2af91f-477d-46a5-b8ce-6cd1b8176550Microsoft.MachineLearningServices/workspacesServiceUpgradeAndRetirementMediumChoose SKUs with longer terms and avoid those nearing retirementLearn
    4026e4f0fd1-1853-4b94-9736-6d6d239d2694Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighSelecting regions for BCDR, ensure that both regions offer adequate compute quotasLearn
    4036f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1cMicrosoft.Network/networkInterfacesGovernanceMediumNetwork Interfaces not attached to any resourceLearn
    40470b1d2be-e6c4-b54e-9959-b1b690f9e485Microsoft.Compute/virtualMachinesSecurityLowNetwork access to the VM disk should be set to Disable public access and enable private accessLearn
    40570fcfe6d-00e9-5544-a63a-fff42b9f2edbMicrosoft.KeyVault/vaultsDisasterRecoveryMediumKey vaults should have purge protection enabledLearn
    40673d1bb04-7d3e-0d47-bc0d-63afe773b5feMicrosoft.Compute/virtualMachinesOtherBestPracticesLowWhen AccelNet is enabled, you must manually update the GuestOS NIC driverLearn
    407740f2c1c-8857-4648-80eb-47d2c56d5a50Microsoft.ApiManagement/serviceHighAvailabilityHighEnable Availability Zones on Premium API Management instancesLearn
    40874c2491d-048b-0041-a140-935960220e20Microsoft.Sql/serversDisasterRecoveryHighUse Active Geo Replication to Create a Readable Secondary in Another RegionLearn
    40974fcb9f2-9a25-49a6-8c42-d32851c4afb7Microsoft.AVS/privateCloudsMonitoringAndAlertingHighConfigure Azure Service Health notifications and alerts for Azure VMware SolutionLearn
    4107893f0b3-8622-1d47-beed-4b50a19f7895Microsoft.Network/applicationGatewaysScalabilityHighMigrate to Application Gateway v2Learn
    4117a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2dMicrosoft.Network/networkSecurityGroupsGovernanceMediumNetwork Security Groups not attached to any network interface or subnetLearn
    4127e7daec9-6a81-3546-a4cc-9aef72fec1f7Microsoft.Sql/servers/databasesMonitoringAndAlertingHighMonitor your Azure SQL Database in Near Real-Time to Detect Reliability IncidentsLearn
    4137e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2bMicrosoft.Network/privateDnsZonesGovernanceMediumPrivate DNS zones without Virtual Network LinksLearn
    4147f7ae535-a5ba-4665-b7e0-c451dbdda01fMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure system nodepool countLearn
    4158176a79d-8645-4e52-96be-a10fc0204fe5Microsoft.DBforMySQL/flexibleServersScalabilityHighConfigure storage auto-growLearn
    416820f4743-1f94-e946-ae0b-45efafd87962Microsoft.Compute/virtualMachineScaleSetsHighAvailabilityHighEnable Automatic Repair Policy on Azure Virtual Machine Scale SetsLearn
    417823b0cff-05c0-2e4e-a1e7-9965e1cfa16fMicrosoft.Network/applicationGatewaysScalabilityMediumEnsure Autoscale feature has been enabledLearn
    4188291c1fa-650c-b44b-b008-4deb7465919dMicrosoft.Network/networkSecurityGroupsSecurityMediumThe NSG only has Default Security Rules, make sure to configure the necessary rulesLearn
    41982a9a0f2-24ee-496f-9ad2-25f81710942dMicrosoft.DBforMySQL/flexibleServersScalabilityHighEnable custom maintenance scheduleLearn
    4208364fd0a-7c0e-e240-9d95-4bf965aec243Microsoft.Network/applicationGatewaysOtherBestPracticesHighEnsure Application Gateway Subnet is using a /24 subnet maskLearn
    42184636c6c-b317-4722-b603-7b1ffc16384bMicrosoft.EventHub/namespacesHighAvailabilityHighEnsure zone redundancy is enabled in supported regionsLearn
    422847a8d88-21c4-bc48-a94e-562206edd767Microsoft.Network/applicationGatewaysMonitoringAndAlertingHighUse Health Probes to detect backend availabilityLearn
    423855ca19a-6518-4f2e-9e5a-01796fbca9f8Microsoft.Web/serverFarmsScalabilityHighSet minimum instance count to 2 for app serviceLearn
    42488856605-53d8-4bbd-a75b-4a7b14939d32Microsoft.DBforMySQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
    42588cb90c2-3b99-814b-9820-821a63f600ddMicrosoft.Web/serverFarmsHighAvailabilityHighMigrate App Service to availability Zone SupportLearn
    4268b9c0d1e-2f3a-4b5c-6d7e-8f9a0b1c2d3eMicrosoft.Network/routeTablesGovernanceMediumRoute Tables not attached to any subnetLearn
    4278bb4a57b-55e4-d24e-9c19-2679d8bc779fMicrosoft.Network/networkSecurityGroupsMonitoringAndAlertingLowMonitor changes in Network Security Groups with Azure MonitorLearn
    4288d319a05-677b-944f-b9b4-ca0fb42e883cMicrosoft.Network/loadBalancersHighAvailabilityMediumUse NAT Gateway instead of Outbound Rules for Production WorkloadsLearn
    4298d9223c4-730d-ca47-af88-a9a024c37270Microsoft.Network/applicationGatewaysSecurityLowEnable Web Application Firewall policiesLearn
    4308e389532-5db5-7e4c-9d4d-443b3e55ae82Microsoft.ContainerRegistry/registriesGovernanceLowMove Container Registry to a dedicated resource groupLearn
    4318f9a0b1c-2d3e-4f5a-6b7c-8d9e0f1a2b3cMicrosoft.Network/privateEndpointsGovernanceMediumPrivate Endpoints not connected to any resourceLearn
    432902c82ff-4910-4b61-942d-0d6ef7f39b67Microsoft.ContainerService/managedClustersScalabilityHighEnable the cluster auto-scaler on an existing clusterLearn
    433921631f6-ed59-49a5-94c1-f0f3ececa580Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEnable availability zonesLearn
    4349437634c-d69e-2747-b13e-631c13182150Microsoft.Network/trafficManagerProfilesBusinessContinuityHighAvoid combining Traffic Manager and Front DoorLearn
    435943c168a-2ec2-a94c-8015-85732a1b4859Microsoft.Sql/serversDisasterRecoveryHighAuto Failover Groups can encompass one or multiple databases, usually used by the same app.Learn
    43694794d2a-eff0-2345-9b67-6f9349d0a627Microsoft.Compute/virtualMachineScaleSetsMonitoringAndAlertingMediumEnable Azure Virtual Machine Scale Set Application Health MonitoringLearn
    437979ff8be-5f3a-4d8e-9aa3-407ecdd6d6f7Microsoft.DesktopVirtualization/hostPoolsOtherBestPracticesMediumConfigure host pool scheduled agent updatesLearn
    43898f15850-f31e-4fb2-8874-74f5aabbcf91Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighEnsure checkpoints are used for AI training modelsLearn
    4399a0b1c2d-3e4f-5a6b-7c8d-9e0f1a2b3c4dMicrosoft.Network/virtualNetworkGatewaysGovernanceMediumVirtual Network Gateways without Point-to-site configuration or ConnectionsLearn
    4409c0d1e2f-3a4b-5c6d-7e8f-9a0b1c2d3e4fMicrosoft.Network/loadBalancersGovernanceMediumLoad Balancers with empty backend address poolsLearn
    4419cabded7-a1fc-6e4a-944b-d7dd98ea31a2Microsoft.DocumentDB/databaseAccountsDisasterRecoveryHighEnable service-managed failover for multi-region accounts with single write regionLearn
    4429ce78192-74a0-104c-b5bb-9a443f941649Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEvaluate multi-region write capabilityLearn
    4439e39919b-78af-4a0b-b70f-c548dae97c25Microsoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Soft Delete for Recovery Services Vaults in Azure BackupLearn
    4449ec5b4c8-3dd8-473a-86ee-3273290331b9Microsoft.AVS/privateCloudsHighAvailabilityLowEnable Stretched Clusters for Multi-AZ Availability of the vSAN DatastoreLearn
    445a1d91661-32d4-430b-b3b6-5adeb0975df7Microsoft.Web/sitesOtherBestPracticesLowDeploy to a staging slotLearn
    446a7bfcc18-b0d8-4d37-81f3-8131ed8bead5Microsoft.Compute/virtualMachineScaleSetsScalabilityMediumUse Ephemeral OS Disks for AKS VMSS Node PoolsLearn
    447a86ed26a-59d9-47bd-b440-6bc71b843978Microsoft.MachineLearningServices/workspacesDisasterRecoveryHighPlan for a multi-regional deployment of Azure Machine Learning and associated resourcesLearn
    448a8d25876-7951-b646-b4e8-880c9031596bMicrosoft.Compute/virtualMachinesHighAvailabilityHighMigrate VMs using availability sets to VMSS FlexLearn
    449aab6b4a4-9981-43a4-8728-35c7ecbb746dMicrosoft.Web/sitesGovernanceMediumConfigure network access restrictionsLearn
    450b1e1378d-4572-4414-bebd-b8872a6d4d1cMicrosoft.Devices/IotHubsScalabilityHighUse Device Provisioning ServiceLearn
    451b2113023-a553-2e41-9789-597e2fb54c31Microsoft.Web/serverFarmsHighAvailabilityHighUse Standard or Premium tierLearn
    452b2bad57d-7e03-4c0f-9024-597c9eb295bbMicrosoft.DBforPostgreSQL/flexibleServersScalabilityHighEnable custom maintenance scheduleLearn
    453b376281d-bfec-4695-8f90-9a44544fdfa4Microsoft.Search/searchServicesHighAvailabilityHighEnable AZ support in AI Search by configuring multiple replicas to your search serviceLearn
    454b49a8653-cc43-48c9-8513-a2d2e3f14dd1Microsoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
    455b5a63aa0-c58e-244f-b8a6-cbba0560a6dbMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDisable Force strictly even balance across zones to avoid scale in and out fail attemptsLearn
    456b72214bb-e879-5f4b-b9cd-642db84f36f4Microsoft.Compute/virtualMachinesMonitoringAndAlertingLowEnable VM InsightsLearn
    457b89c9acc-0aba-fb44-9ff2-3dbfcf97dce7Microsoft.Network/privateEndpointsHighAvailabilityMediumResolve issues with Private Endpoints in non Succeeded connection stateLearn
    458baf3bfc0-32a2-4c0c-926d-c9bf0b49808eMicrosoft.ApiManagement/serviceHighAvailabilityHighMigrate API Management services to Premium SKU to support Availability ZonesLearn
    459bb4c8db4-f821-475b-b1ea-16e95358665eMicrosoft.AppConfiguration/configurationStoresOtherBestPracticesLowEnable Purge protection for Azure App ConfigurationLearn
    460bbe668b7-eb5c-c746-8b82-70afdedf0caeMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityHighUse Zone-redundant ExpressRoute gateway SKUsLearn
    461c0085c32-84c0-c247-bfa9-e70977cbf108Microsoft.Sql/servers/databasesHighAvailabilityHighEnable zone redundancy for Azure SQL Database to achieve high availability and resiliencyLearn
    462c22db132-399b-4e7c-995d-577a60881be8Microsoft.ContainerService/managedClustersScalabilityMediumConfigure Azure CNI networking for dynamic allocation of IPs or use CNI overlayLearn
    463c31f76a0-48cd-9f44-aa43-99ee904db9bcMicrosoft.Network/trafficManagerProfilesDisasterRecoveryHighEnsure endpoint configured to (All World) for geographic profilesLearn
    464c474fc96-4e6a-4fb0-95d0-a26b3f35933cMicrosoft.Cache/redisSecurityMediumConfigure Private EndpointsLearn
    465c63b81fb-7afc-894c-a840-91bb8a8dcfafMicrosoft.Network/publicIPAddressesHighAvailabilityHighUse Standard SKU and Zone-Redundant IPs when applicableLearn
    466c6c4b962-5af4-447a-9d74-7b9c53a5dff5Microsoft.Web/sitesHighAvailabilityLowEnable auto heal for Functions AppLearn
    467c72b7fee-1fa0-5b4b-98e5-54bcae95bb74Microsoft.Network/azureFirewallsHighAvailabilityHighDeploy Azure Firewall across multiple availability zonesLearn
    468c9c00f2a-3888-714b-a72b-b4c9e8fcffb2Microsoft.Network/applicationGatewaysHighAvailabilityHighDeploy Application Gateway in a zone-redundant configurationLearn
    469ca324d71-54b0-4a3e-b9e4-10e767daa9fcMicrosoft.ContainerService/managedClustersOtherBestPracticesHighDisable local accountsLearn
    470ca87914f-aac4-4783-ab67-82a6f936f194Microsoft.DBforPostgreSQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
    471cf2569bb-1cf2-46ce-8885-d742dc6f4a4cMicrosoft.MachineLearningServices/workspacesServiceUpgradeAndRetirementHighAvoid NC and NC_Promo series Azure VMs for machine learning quotas; migrate to newer versionsLearn
    472cfe22a65-b1db-fd41-9e8e-d573922709aeMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumReplicate VMs using Azure Site RecoveryLearn
    473d37db635-157f-584d-9bce-4f6fc8c65ce5Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighConnect ExpressRoute gateway with circuits from diverse peering locationsLearn
    474d40c769d-2f08-4980-8d8f-a386946276e6Microsoft.Network/expressRouteCircuitsScalabilityMediumImplement rate-limiting across ExpressRoute Direct Circuits to optimize network flowLearn
    475d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1Microsoft.Cdn/profilesSecurityHighUse end-to-end TLSLearn
    476dac421ec-2832-4c37-839e-b6dc5a38f2faMicrosoft.Insights/componentsServiceUpgradeAndRetirementMediumConvert Classic DeploymentsLearn
    477dc55be60-6f8c-461e-a9d5-a3c7686ed94eMicrosoft.Storage/storageAccountsSecurityMediumEnable Azure Private Link service for storage accountsLearn
    478dcaf8128-94bd-4d53-9235-3a0371df6b74Microsoft.ContainerService/managedClustersMonitoringAndAlertingHighEnable AKS MonitoringLearn
    479df0ff862-814d-45a3-95e4-4fad5a244ba6Microsoft.Compute/virtualMachinesScalabilityHighMission Critical Workloads should consider using Premium or Ultra DisksLearn
    480dfedbeb1-1519-fc47-86a5-52f96cf07105Microsoft.Compute/virtualMachinesScalabilityMediumEnable Accelerated Networking (AccelNet)Learn
    481e35cf148-8eee-49d1-a1c9-956160f99e0bMicrosoft.ApiManagement/serviceHighAvailabilityHighAzure API Management platform version should be stv2Learn
    482e4ffd7b0-ba24-c84e-9352-ba4819f908c0Microsoft.Compute/virtualMachineScaleSetsOtherBestPracticesLowSet Patch orchestration options to Azure-orchestratedLearn
    483e544520b-8505-7841-9e77-1f1974ee86ecMicrosoft.DocumentDB/databaseAccountsDisasterRecoveryHighConfigure continuous backup modeLearn
    484e620fa98-7a40-41a0-bfc9-b4407297fb58Microsoft.ContainerService/managedClustersHighAvailabilityHighNodepool subnet size needs to accommodate maximum auto-scale settingsLearn
    485e6c7e1cc-2f47-264d-aa50-1da421314472Microsoft.Storage/storageAccountsHighAvailabilityHighEnsure that storage accounts are zone or region redundantLearn
    486e7495e1c-0c75-0946-b266-b429b5c7f3bfMicrosoft.Compute/virtualMachineScaleSetsScalabilityMediumDeploy VMSS with Flex orchestration mode instead of UniformLearn
    487e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1eMicrosoft.Devices/IotHubsMonitoringAndAlertingLowDisabled Fallback RouteLearn
    488e7f0fd54-fba0-054e-9ab8-e676f2851f88Microsoft.ContainerRegistry/registriesDisasterRecoveryLowEnable soft delete policyLearn
    489eb005943-40a8-194b-9db2-474d430046b7Microsoft.ContainerRegistry/registriesHighAvailabilityHighUse Premium tier for critical production workloadsLearn
    490ee66ff65-9aa3-2345-93c1-25827cf79f44Microsoft.Compute/virtualMachineScaleSetsScalabilityHighConfigure VMSS Autoscale to custom and configure the scaling metricsLearn
    491eeba3a49-fef0-481f-a471-7ff01139b474Microsoft.Devices/IotHubsHighAvailabilityHighDo not use free tierLearn
    492f05a3e6d-49db-2740-88e2-2b13706c1f67Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager Monitor Status Should be OnlineLearn
    493f075a1bd-de9e-4819-9a1d-1ac41037a74fMicrosoft.ServiceBus/namespacesServiceUpgradeAndRetirementHighConfigure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higherLearn
    494f0bf9ae6-25a5-974d-87d5-025abec73539Microsoft.Network/virtualNetworksSecurityLowAll Subnets should have a Network Security Group associatedLearn
    495f4201965-a88d-449d-b3b4-021394719eb2Microsoft.App/managedenvironmentsHighAvailabilityHighDeploy zone redundant Container app environmentsLearn
    496f46b0d1d-56ef-4795-b98a-f6ee00cb341aMicrosoft.ContainerService/managedClustersHighAvailabilityHighUse Azure Linux for Linux nodepoolsLearn
    497f6a14b32-a727-4ace-b5fa-7b1c6bdff402Microsoft.Network/connectionsScalabilityMediumFor better data path performance enable FastPath on ExpressRoute ConnectionsLearn
    498f8c2e6d9-4b3a-45d6-b9e2-8e7f3a1c2d04Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled VPN gateway maintenanceLearn
    499fa0cf4f5-0b21-47b7-89a9-ee936f193ce1Microsoft.Compute/disksHighAvailabilityMediumUse Azure Disks with Zone Redundant Storage for higher resiliency and availabilityLearn
    500fbfef3df-04a5-41b2-a8fd-b8541eb04956Microsoft.EventHub/namespacesScalabilityHighEnable auto-inflate on Event Hub Standard tierLearn
    501fd049c28-ae6d-48f0-a641-cc3ba1a3fe1dMicrosoft.Web/sitesOtherBestPracticesHighEnable Health check for App ServicesLearn