This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Recommendations

Recommendations

    Azure Quick Review checks the following recommendations for Azure resources. The recommendations are categorized based on their impact and category:

    ## Recommendations List

    Total recommendations: 82

    IdResource TypeCategoryImpactRecommendationLearn
    1adf-001Microsoft.DataFactory/factoriesMonitoringAndAlertingLowAzure Data Factory should have diagnostic settings enabledLearn
    2adf-002Microsoft.DataFactory/factoriesSecurityHighAzure Data Factory should have private endpoints enabledLearn
    3adf-003Microsoft.DataFactory/factoriesHighAvailabilityHighAzure Data Factory SLALearn
    4adf-004Microsoft.DataFactory/factoriesGovernanceLowAzure Data Factory Name should comply with naming conventionsLearn
    5adf-005Microsoft.DataFactory/factoriesGovernanceLowAzure Data Factory should have tagsLearn
    6afd-001Microsoft.Cdn/profilesMonitoringAndAlertingLowAzure FrontDoor should have diagnostic settings enabledLearn
    7afd-003Microsoft.Cdn/profilesHighAvailabilityHighAzure FrontDoor SLALearn
    8afd-006Microsoft.Cdn/profilesGovernanceLowAzure FrontDoor Name should comply with naming conventionsLearn
    9afd-007Microsoft.Cdn/profilesGovernanceLowAzure FrontDoor should have tagsLearn
    1024ab9f11-a3e4-3043-a985-22cf94c4933aMicrosoft.Cdn/profilesSecurityHighUse HTTP to HTTPS redirectionLearn
    111bd2b7e8-400f-e64a-99a2-c572f7b08a62Microsoft.Cdn/profilesSecurityMediumEnable the WAFLearn
    12d9bd6780-0d6f-cd4c-bc66-8ddcab12f3d1Microsoft.Cdn/profilesSecurityHighUse end-to-end TLSLearn
    1338f3d542-6de6-a44b-86c6-97e3be690281Microsoft.Cdn/profilesHighAvailabilityLowDisable health probes when there is only one origin in an origin groupLearn
    14afw-001Microsoft.Network/azureFirewallsMonitoringAndAlertingLowAzure Firewall should have diagnostic settings enabledLearn
    15afw-003Microsoft.Network/azureFirewallsHighAvailabilityHighAzure Firewall SLALearn
    16afw-006Microsoft.Network/azureFirewallsGovernanceLowAzure Firewall Name should comply with naming conventionsLearn
    17afw-007Microsoft.Network/azureFirewallsGovernanceLowAzure Firewall should have tagsLearn
    18c72b7fee-1fa0-5b4b-98e5-54bcae95bb74Microsoft.Network/azureFirewallsHighAvailabilityHighDeploy Azure Firewall across multiple availability zonesLearn
    193c8fa7c6-6b78-a24a-a63f-348a7c71acb9Microsoft.Network/azureFirewallsMonitoringAndAlertingHighMonitor Azure Firewall metricsLearn
    201b2dbf4a-8a0b-5e4b-8f4e-3f758188910dMicrosoft.Network/azureFirewallsSecurityHighConfigure DDoS Protection on the Azure Firewall VNetLearn
    216d7e8f9a-0b1c-2d3e-4f5a-6b7c8d9e0f1aMicrosoft.Network/ipGroupsGovernanceMediumIP Groups not attached to any Azure FirewallLearn
    22agw-005Microsoft.Network/applicationGatewaysMonitoringAndAlertingLowApplication Gateway: Monitor and Log the configurations and trafficLearn
    23agw-103Microsoft.Network/applicationGatewaysHighAvailabilityHighApplication Gateway SLALearn
    24agw-105Microsoft.Network/applicationGatewaysGovernanceLowApplication Gateway Name should comply with naming conventionsLearn
    25agw-106Microsoft.Network/applicationGatewaysGovernanceLowApplication Gateway should have tagsLearn
    2610f02bc6-e2e7-004d-a2c2-f9bf9f16b915Microsoft.Network/applicationGatewaysHighAvailabilityMediumPlan for backend maintenance by using connection drainingLearn
    27233a7008-71e9-e745-923e-1a1c7a0b92f3Microsoft.Network/applicationGatewaysSecurityHighSecure all incoming connections with SSLLearn
    28847a8d88-21c4-bc48-a94e-562206edd767Microsoft.Network/applicationGatewaysMonitoringAndAlertingHighUse Health Probes to detect backend availabilityLearn
    29c9c00f2a-3888-714b-a72b-b4c9e8fcffb2Microsoft.Network/applicationGatewaysHighAvailabilityHighDeploy Application Gateway in a zone-redundant configurationLearn
    308364fd0a-7c0e-e240-9d95-4bf965aec243Microsoft.Network/applicationGatewaysOtherBestPracticesHighEnsure Application Gateway Subnet is using a /24 subnet maskLearn
    31823b0cff-05c0-2e4e-a1e7-9965e1cfa16fMicrosoft.Network/applicationGatewaysScalabilityMediumEnsure Autoscale feature has been enabledLearn
    328d9223c4-730d-ca47-af88-a9a024c37270Microsoft.Network/applicationGatewaysSecurityLowEnable Web Application Firewall policiesLearn
    337893f0b3-8622-1d47-beed-4b50a19f7895Microsoft.Network/applicationGatewaysScalabilityHighMigrate to Application Gateway v2Learn
    342f3a4b5c-6d7e-8f9a-0b1c-2d3e4f5a6b7cMicrosoft.Network/applicationGatewaysGovernanceMediumApplication Gateways without backend targetsLearn
    35aks-001Microsoft.ContainerService/managedClustersMonitoringAndAlertingLowAKS Cluster should have diagnostic settings enabledLearn
    36aks-003Microsoft.ContainerService/managedClustersHighAvailabilityHighAKS Cluster should have an SLALearn
    37aks-004Microsoft.ContainerService/managedClustersSecurityHighAKS Cluster should be privateLearn
    38aks-006Microsoft.ContainerService/managedClustersGovernanceLowAKS Name should comply with naming conventionsLearn
    39aks-007Microsoft.ContainerService/managedClustersSecurityMediumAKS should integrate authentication with AAD (Managed)Learn
    40aks-008Microsoft.ContainerService/managedClustersSecurityMediumAKS should be RBAC enabled.Learn
    41aks-010Microsoft.ContainerService/managedClustersSecurityMediumAKS should have httpApplicationRouting disabledLearn
    42aks-012Microsoft.ContainerService/managedClustersSecurityHighAKS should have outbound type set to user defined routingLearn
    43aks-015Microsoft.ContainerService/managedClustersGovernanceLowAKS should have tagsLearn
    44aks-016Microsoft.ContainerService/managedClustersScalabilityLowAKS Node Pools should have MaxSurge setLearn
    45a7bfcc18-b0d8-4d37-81f3-8131ed8bead5Microsoft.ContainerService/managedClustersScalabilityMediumUse Ephemeral OS disks on AKS clustersLearn
    46005ccbbd-aeab-46ef-80bd-9bd4479412ecMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure user nodepool countLearn
    470611251f-e70f-4243-8ddd-cfe894bec2e7Microsoft.ContainerService/managedClustersHighAvailabilityHighUpdate AKS tier to Standard or PremiumLearn
    48ca324d71-54b0-4a3e-b9e4-10e767daa9fcMicrosoft.ContainerService/managedClustersSecurityHighDisable local accountsLearn
    49c22db132-399b-4e7c-995d-577a60881be8Microsoft.ContainerService/managedClustersScalabilityMediumConfigure Azure CNI networking for dynamic allocation of IPs or use CNI overlayLearn
    50902c82ff-4910-4b61-942d-0d6ef7f39b67Microsoft.ContainerService/managedClustersScalabilityHighEnable the cluster auto-scaler on an existing clusterLearn
    51dcaf8128-94bd-4d53-9235-3a0371df6b74Microsoft.ContainerService/managedClustersMonitoringAndAlertingHighEnable AKS MonitoringLearn
    52e620fa98-7a40-41a0-bfc9-b4407297fb58Microsoft.ContainerService/managedClustersHighAvailabilityHighNodepool subnet size needs to accommodate maximum auto-scale settingsLearn
    53f46b0d1d-56ef-4795-b98a-f6ee00cb341aMicrosoft.ContainerService/managedClustersHighAvailabilityHighUse Azure Linux for Linux nodepoolsLearn
    5426ebaf1f-c70d-4ebd-8641-4b60a0ce0094Microsoft.ContainerService/managedClustersGovernanceLowEnable and remediate Azure Policies configured for AKSLearn
    557f7ae535-a5ba-4665-b7e0-c451dbdda01fMicrosoft.ContainerService/managedClustersHighAvailabilityHighConfigure system nodepool countLearn
    564f63619f-5001-439c-bacb-8de891287727Microsoft.ContainerService/managedClustersHighAvailabilityHighDeploy AKS cluster across availability zonesLearn
    575ee083cd-6ac3-4a83-8913-9549dd36cf56Microsoft.ContainerService/managedClustersHighAvailabilityHighIsolate system and application podsLearn
    58269a9f1a-6675-460a-831e-b05a887a8c4bMicrosoft.ContainerService/managedClustersDisasterRecoveryLowBack up Azure Kubernetes ServiceLearn
    595f3cbd68-692a-4121-988c-9770914859a9Microsoft.ContainerService/managedClustersOtherBestPracticesLowEnable GitOps when using DevOps frameworksLearn
    60amg-001Microsoft.Dashboard/managedGrafanaGovernanceLowAzure Managed Grafana name should comply with naming conventionsLearn
    61amg-002Microsoft.Dashboard/managedGrafanaHighAvailabilityHighAzure Managed Grafana SLALearn
    62amg-003Microsoft.Dashboard/managedGrafanaGovernanceLowAzure Managed Grafana should have tagsLearn
    63amg-004Microsoft.Dashboard/managedGrafanaSecurityHighAzure Managed Grafana should disable public network accessLearn
    64amg-005Microsoft.Dashboard/managedGrafanaHighAvailabilityHighAzure Managed Grafana should have availability zones enabledLearn
    656cd57b65-ef84-4088-9ada-c0d8de74c2f7Microsoft.Dashboard/grafanaHighAvailabilityMediumEnable zone redundancy in Managed GrafanaLearn
    66apim-001Microsoft.ApiManagement/serviceMonitoringAndAlertingLowAPIM should have diagnostic settings enabledLearn
    67apim-003Microsoft.ApiManagement/serviceHighAvailabilityHighAPIM should have a SLALearn
    68apim-004Microsoft.ApiManagement/serviceSecurityHighAPIM should have private endpoints enabledLearn
    69apim-006Microsoft.ApiManagement/serviceGovernanceLowAPIM should comply with naming conventionsLearn
    70apim-007Microsoft.ApiManagement/serviceGovernanceLowAPIM should have tagsLearn
    71apim-008Microsoft.ApiManagement/serviceSecurityMediumAPIM should use Managed IdentitiesLearn
    72apim-009Microsoft.ApiManagement/serviceSecurityHighAPIM should only accept a minimum of TLS 1.2Learn
    73apim-010Microsoft.ApiManagement/serviceSecurityHighAPIM should should not accept weak or deprecated ciphers.Learn
    74apim-011Microsoft.ApiManagement/serviceSecurityHighAPIM: Renew expiring certificatesLearn
    75baf3bfc0-32a2-4c0c-926d-c9bf0b49808eMicrosoft.ApiManagement/serviceHighAvailabilityHighMigrate API Management services to Premium SKU to support Availability ZonesLearn
    76740f2c1c-8857-4648-80eb-47d2c56d5a50Microsoft.ApiManagement/serviceHighAvailabilityHighEnable Availability Zones on Premium API Management instancesLearn
    77e35cf148-8eee-49d1-a1c9-956160f99e0bMicrosoft.ApiManagement/serviceHighAvailabilityHighAzure API Management platform version should be stv2Learn
    78appcs-001Microsoft.AppConfiguration/configurationStoresMonitoringAndAlertingLowAppConfiguration should have diagnostic settings enabledLearn
    79appcs-003Microsoft.AppConfiguration/configurationStoresHighAvailabilityHighAppConfiguration should have a SLALearn
    80appcs-004Microsoft.AppConfiguration/configurationStoresSecurityHighAppConfiguration should have private endpoints enabledLearn
    81appcs-006Microsoft.AppConfiguration/configurationStoresGovernanceLowAppConfiguration Name should comply with naming conventionsLearn
    82appcs-007Microsoft.AppConfiguration/configurationStoresGovernanceLowAppConfiguration should have tagsLearn
    83appcs-008Microsoft.AppConfiguration/configurationStoresSecurityMediumAppConfiguration should have local authentication disabledLearn
    84bb4c8db4-f821-475b-b1ea-16e95358665eMicrosoft.AppConfiguration/configurationStoresGovernanceLowEnable Purge protection for Azure App ConfigurationLearn
    852102a57a-a056-4d5e-afe5-9df9f92177caMicrosoft.AppConfiguration/configurationStoresHighAvailabilityHighUpgrade to App Configuration Standard tierLearn
    86appi-001Microsoft.Insights/componentsHighAvailabilityHighAzure Application Insights SLALearn
    87appi-002Microsoft.Insights/componentsGovernanceLowAzure Application Insights Name should comply with naming conventionsLearn
    88appi-003Microsoft.Insights/componentsGovernanceLowAzure Application Insights should have tagsLearn
    89dac421ec-2832-4c37-839e-b6dc5a38f2faMicrosoft.Insights/componentsServiceUpgradeAndRetirementMediumConvert Classic DeploymentsLearn
    90as-001Microsoft.AnalysisServices/serversMonitoringAndAlertingLowAzure Analysis Service should have diagnostic settings enabledLearn
    91as-002Microsoft.AnalysisServices/serversHighAvailabilityHighAzure Analysis Service should have a SLALearn
    92as-004Microsoft.AnalysisServices/serversGovernanceLowAzure Analysis Service Name should comply with naming conventionsLearn
    93as-005Microsoft.AnalysisServices/serversGovernanceLowAzure Analysis Service should have tagsLearn
    94app-001Microsoft.Web/sitesMonitoringAndAlertingLowApp Service should have diagnostic settings enabledLearn
    95app-004Microsoft.Web/sitesSecurityHighApp Service should have private endpoints enabledLearn
    96app-006Microsoft.Web/sitesGovernanceLowApp Service Name should comply with naming conventionsLearn
    97app-007Microsoft.Web/sitesSecurityHighApp Service should use HTTPS onlyLearn
    98app-008Microsoft.Web/sitesGovernanceLowApp Service should have tagsLearn
    99app-009Microsoft.Web/sitesSecurityMediumApp Service should use VNET integrationLearn
    100app-010Microsoft.Web/sitesSecurityMediumApp Service should have VNET Route all enabled for VNET integrationLearn
    101app-011Microsoft.Web/sitesSecurityHighApp Service should use TLS 1.2Learn
    102app-012Microsoft.Web/sitesSecurityHighApp Service remote debugging should be disabledLearn
    103app-013Microsoft.Web/sitesSecurityHighApp Service should not allow insecure FTPLearn
    104app-014Microsoft.Web/sitesScalabilityHighApp Service should have Always On enabledLearn
    105app-015Microsoft.Web/sitesHighAvailabilityMediumApp Service should avoid using Client AffinityLearn
    106app-016Microsoft.Web/sitesSecurityMediumApp Service should use Managed IdentitiesLearn
    107asp-001Microsoft.Web/serverfarmsMonitoringAndAlertingLowPlan should have diagnostic settings enabledLearn
    108asp-003Microsoft.Web/serverfarmsHighAvailabilityHighPlan should have a SLALearn
    109asp-006Microsoft.Web/serverfarmsGovernanceLowPlan Name should comply with naming conventionsLearn
    110asp-007Microsoft.Web/serverfarmsGovernanceLowPlan should have tagsLearn
    111func-001Microsoft.Web/sitesMonitoringAndAlertingLowFunction should have diagnostic settings enabledLearn
    112func-004Microsoft.Web/sitesSecurityHighFunction should have private endpoints enabledLearn
    113func-006Microsoft.Web/sitesGovernanceLowFunction Name should comply with naming conventionsLearn
    114func-007Microsoft.Web/sitesSecurityHighFunction should use HTTPS onlyLearn
    115func-008Microsoft.Web/sitesGovernanceLowFunction should have tagsLearn
    116func-009Microsoft.Web/sitesSecurityMediumFunction should use VNET integrationLearn
    117func-010Microsoft.Web/sitesSecurityMediumFunction should have VNET Route all enabled for VNET integrationLearn
    118func-011Microsoft.Web/sitesSecurityMediumFunction should use TLS 1.2Learn
    119func-012Microsoft.Web/sitesSecurityMediumFunction remote debugging should be disabledLearn
    120func-013Microsoft.Web/sitesHighAvailabilityMediumFunction should avoid using Client AffinityLearn
    121func-014Microsoft.Web/sitesSecurityMediumFunction should use Managed IdentitiesLearn
    122logics-001Microsoft.Web/sitesMonitoringAndAlertingLowLogic App should have diagnostic settings enabledLearn
    123logics-004Microsoft.Web/sitesSecurityHighLogic App should have private endpoints enabledLearn
    124logics-006Microsoft.Web/sitesGovernanceLowLogic App Name should comply with naming conventionsLearn
    125logics-007Microsoft.Web/sitesSecurityHighLogic App should use HTTPS onlyLearn
    126logics-008Microsoft.Web/sitesGovernanceLowLogic App should have tagsLearn
    127logics-009Microsoft.Web/sitesSecurityMediumLogic App should use VNET integrationLearn
    128logics-010Microsoft.Web/sitesSecurityMediumLogic App should have VNET Route all enabled for VNET integrationLearn
    129logics-011Microsoft.Web/sitesSecurityMediumLogic App should use TLS 1.2Learn
    130logics-012Microsoft.Web/sitesSecurityMediumLogic App remote debugging should be disabledLearn
    131logics-013Microsoft.Web/sitesHighAvailabilityMediumLogic App should avoid using Client AffinityLearn
    132logics-014Microsoft.Web/sitesSecurityMediumLogic App should use Managed IdentitiesLearn
    133855ca19a-6518-4f2e-9e5a-01796fbca9f8Microsoft.Web/serverFarmsScalabilityHighSet minimum instance count to 2 for app serviceLearn
    13488cb90c2-3b99-814b-9820-821a63f600ddMicrosoft.Web/serverFarmsHighAvailabilityHighMigrate App Service to availability Zone SupportLearn
    135b2113023-a553-2e41-9789-597e2fb54c31Microsoft.Web/serverFarmsHighAvailabilityHighUse Standard or Premium tierLearn
    13607243659-4643-d44c-a1c6-07ac21635072Microsoft.Web/serverFarmsScalabilityMediumAvoid scaling up or downLearn
    1371a2b3c4d-5e6f-7a8b-9c0d-1e2f3a4b5c6dMicrosoft.Web/serverFarmsGovernanceMediumApp Service plans without hosting AppsLearn
    1380b80b67c-afbe-4988-ad58-a85a146b681eMicrosoft.Web/sitesOtherBestPracticesMediumStore configuration as app settingsLearn
    139fd049c28-ae6d-48f0-a641-cc3ba1a3fe1dMicrosoft.Web/sitesOtherBestPracticesHighEnable Health check for App ServicesLearn
    140aab6b4a4-9981-43a4-8728-35c7ecbb746dMicrosoft.Web/sitesGovernanceMediumConfigure network access restrictionsLearn
    141c6c4b962-5af4-447a-9d74-7b9c53a5dff5Microsoft.Web/sitesHighAvailabilityLowEnable auto heal for Functions AppLearn
    142a1d91661-32d4-430b-b3b6-5adeb0975df7Microsoft.Web/sitesGovernanceLowDeploy to a staging slotLearn
    1432d3e4f5a-6b7c-8d9e-0f1a-2b3c4d5e6f7aMicrosoft.Web/connectionsGovernanceMediumAPI Connections not related to any Logic AppLearn
    1443e4f5a6b-7c8d-9e0f-1a2b-3c4d5e6f7a8bMicrosoft.Web/certificatesGovernanceMediumExpired certificatesLearn
    1452b3c4d5e-6f7a-8b9c-0d1e-2f3a4b5c6d7eMicrosoft.Compute/availabilitySetsGovernanceMediumAvailability Sets not associated to any VM or VMSSLearn
    1469ec5b4c8-3dd8-473a-86ee-3273290331b9Microsoft.AVS/privateCloudsHighAvailabilityLowEnable Stretched Clusters for Multi-AZ Availability of the vSAN DatastoreLearn
    1474ee5d535-c47b-470a-9557-4a3dd297d62fMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor CPU Utilization to ensure sufficient resources for workloadsLearn
    148029208c8-5186-4a76-8ee8-6e3445fef4ddMicrosoft.AVS/privateCloudsMonitoringAndAlertingHighMonitor Memory Utilization to ensure sufficient resources for workloadsLearn
    14974fcb9f2-9a25-49a6-8c42-d32851c4afb7Microsoft.AVS/privateCloudsMonitoringAndAlertingHighConfigure Azure Service Health notifications and alerts for Azure VMware SolutionLearn
    1504232eb32-3241-4049-9e14-9b8005817b56Microsoft.AVS/privateCloudsMonitoringAndAlertingHighConfigure Azure Monitor Alert warning thresholds for vSAN datastore utilizationLearn
    151ca-003Microsoft.App/containerAppsHighAvailabilityHighContainerApp should have a SLALearn
    152ca-006Microsoft.App/containerAppsGovernanceLowContainerApp Name should comply with naming conventionsLearn
    153ca-007Microsoft.App/containerAppsGovernanceLowContainerApp should have tagsLearn
    154ca-008Microsoft.App/containerAppsSecurityLowContainerApp should not allow insecure ingress trafficLearn
    155ca-009Microsoft.App/containerAppsSecurityLowContainerApp should use Managed IdentitiesLearn
    156ca-010Microsoft.App/containerAppsHighAvailabilityLowContainerApp should use Azure Files to persist container dataLearn
    157ca-011Microsoft.App/containerAppsHighAvailabilityLowContainerApp should avoid using session affinityLearn
    158cae-001Microsoft.App/managedenvironmentsMonitoringAndAlertingLowContainer Apps Environment should have diagnostic settings enabledLearn
    159cae-003Microsoft.App/managedenvironmentsHighAvailabilityHighContainer Apps Environment should have a SLALearn
    160cae-004Microsoft.App/managedenvironmentsSecurityHighContainer Apps Environment should have private endpoints enabledLearn
    161cae-006Microsoft.App/managedenvironmentsGovernanceLowContainer Apps Environment Name should comply with naming conventionsLearn
    162cae-007Microsoft.App/managedenvironmentsGovernanceLowContainer Apps Environment should have tagsLearn
    163f4201965-a88d-449d-b3b4-021394719eb2Microsoft.App/managedenvironmentsHighAvailabilityHighDeploy zone redundant Container app environmentsLearn
    164ci-002Microsoft.ContainerInstance/containerGroupsHighAvailabilityHighContainerInstance should have availability zones enabledLearn
    165ci-003Microsoft.ContainerInstance/containerGroupsHighAvailabilityHighContainerInstance should have a SLALearn
    166ci-004Microsoft.ContainerInstance/containerGroupsSecurityHighContainerInstance should use private IP addressesLearn
    167ci-006Microsoft.ContainerInstance/containerGroupsGovernanceLowContainerInstance Name should comply with naming conventionsLearn
    168ci-007Microsoft.ContainerInstance/containerGroupsGovernanceLowContainerInstance should have tagsLearn
    169cog-001Microsoft.CognitiveServices/accountsMonitoringAndAlertingLowCognitive Service Account should have diagnostic settings enabledLearn
    170cog-003Microsoft.CognitiveServices/accountsHighAvailabilityHighCognitive Service Account should have a SLALearn
    171cog-004Microsoft.CognitiveServices/accountsSecurityHighCognitive Service Account should have private endpoints enabledLearn
    172cog-006Microsoft.CognitiveServices/accountsGovernanceLowCognitive Service Account Name should comply with naming conventionsLearn
    173cog-007Microsoft.CognitiveServices/accountsGovernanceLowCognitive Service Account should have tagsLearn
    174cog-008Microsoft.CognitiveServices/accountsSecurityMediumCognitive Service Account should have local authentication disabledLearn
    175f6a14b32-a727-4ace-b5fa-7b1c6bdff402Microsoft.Network/connectionsScalabilityMediumFor better data path performance enable FastPath on ExpressRoute ConnectionsLearn
    176cosmos-001Microsoft.DocumentDB/databaseAccountsMonitoringAndAlertingLowCosmosDB should have diagnostic settings enabledLearn
    177cosmos-003Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighCosmosDB should have a SLALearn
    178cosmos-004Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have private endpoints enabledLearn
    179cosmos-006Microsoft.DocumentDB/databaseAccountsGovernanceLowCosmosDB Name should comply with naming conventionsLearn
    180cosmos-007Microsoft.DocumentDB/databaseAccountsGovernanceLowCosmosDB should have tagsLearn
    181cosmos-008Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB should have local authentication disabledLearn
    182cosmos-009Microsoft.DocumentDB/databaseAccountsSecurityHighCosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keysLearn
    1839ce78192-74a0-104c-b5bb-9a443f941649Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEvaluate multi-region write capabilityLearn
    184e544520b-8505-7841-9e77-1f1974ee86ecMicrosoft.DocumentDB/databaseAccountsDisasterRecoveryHighConfigure continuous backup modeLearn
    18543663217-a1d3-844b-80ea-571a2ce37c6cMicrosoft.DocumentDB/databaseAccountsHighAvailabilityHighConfigure at least two regions for high availabilityLearn
    186921631f6-ed59-49a5-94c1-f0f3ececa580Microsoft.DocumentDB/databaseAccountsHighAvailabilityHighEnable availability zonesLearn
    1879cabded7-a1fc-6e4a-944b-d7dd98ea31a2Microsoft.DocumentDB/databaseAccountsDisasterRecoveryHighEnable service-managed failover for multi-region accounts with single write regionLearn
    188cr-001Microsoft.ContainerRegistry/registriesMonitoringAndAlertingLowContainerRegistry should have diagnostic settings enabledLearn
    189cr-003Microsoft.ContainerRegistry/registriesHighAvailabilityHighContainerRegistry should have a SLALearn
    190cr-004Microsoft.ContainerRegistry/registriesSecurityHighContainerRegistry should have private endpoints enabledLearn
    191cr-006Microsoft.ContainerRegistry/registriesGovernanceLowContainerRegistry Name should comply with naming conventionsLearn
    192cr-008Microsoft.ContainerRegistry/registriesSecurityMediumContainerRegistry should have the Administrator account disabledLearn
    193cr-009Microsoft.ContainerRegistry/registriesGovernanceLowContainerRegistry should have tagsLearn
    194cr-010Microsoft.ContainerRegistry/registriesGovernanceMediumContainerRegistry should use retention policiesLearn
    195e7f0fd54-fba0-054e-9ab8-e676f2851f88Microsoft.ContainerRegistry/registriesDisasterRecoveryLowEnable soft delete policyLearn
    1968e389532-5db5-7e4c-9d4d-443b3e55ae82Microsoft.ContainerRegistry/registriesGovernanceLowMove Container Registry to a dedicated resource groupLearn
    19703f4a7d8-c5b4-7842-8e6e-14997a34842bMicrosoft.ContainerRegistry/registriesSecurityMediumDisable anonymous pull accessLearn
    198eb005943-40a8-194b-9db2-474d430046b7Microsoft.ContainerRegistry/registriesScalabilityHighUse Premium tier for critical production workloadsLearn
    19963491f70-22e4-3b4a-8b0c-845450e46facMicrosoft.ContainerRegistry/registriesHighAvailabilityMediumEnable zone redundancyLearn
    20036ea6c09-ef6e-d743-9cfb-bd0c928a430bMicrosoft.ContainerRegistry/registriesDisasterRecoveryHighCreate container registries with geo-replication enabledLearn
    2013ef86f16-f65b-c645-9901-7830d6dc3a1bMicrosoft.ContainerRegistry/registriesScalabilityMediumManage registry sizeLearn
    202dbw-001Microsoft.Databricks/workspacesMonitoringAndAlertingLowAzure Databricks should have diagnostic settings enabledLearn
    203dbw-003Microsoft.Databricks/workspacesHighAvailabilityHighAzure Databricks should have a SLALearn
    204dbw-004Microsoft.Databricks/workspacesSecurityHighAzure Databricks should have private endpoints enabledLearn
    205dbw-006Microsoft.Databricks/workspacesGovernanceLowAzure Databricks Name should comply with naming conventionsLearn
    206dbw-007Microsoft.Databricks/workspacesSecurityMediumAzure Databricks should have the Public IP disabledLearn
    207dec-001Microsoft.Kusto/clustersMonitoringAndAlertingLowAzure Data Explorer should have diagnostic settings enabledLearn
    208dec-002Microsoft.Kusto/clustersHighAvailabilityHighAzure Data Explorer SLALearn
    209dec-003Microsoft.Kusto/clustersHighAvailabilityHighAzure Data Explorer Production Cluster should not use Dev SKULearn
    210dec-004Microsoft.Kusto/clustersGovernanceLowAzure Data Explorer Name should comply with naming conventionsLearn
    211dec-005Microsoft.Kusto/clustersGovernanceLowAzure Data Explorer should have tagsLearn
    212dec-008Microsoft.Kusto/clustersSecurityHighAzure Data Explorer should use Disk EncryptionLearn
    213dec-009Microsoft.Kusto/clustersSecurityLowAzure Data Explorer should use Managed IdentitiesLearn
    2143263a64a-c256-de48-9818-afd3cbc55c2aMicrosoft.Compute/disksOtherBestPracticesMediumShared disks should only be enabled in clustered serversLearn
    215fa0cf4f5-0b21-47b7-89a9-ee936f193ce1Microsoft.Compute/disksHighAvailabilityMediumUse Azure Disks with Zone Redundant Storage for higher resiliency and availabilityLearn
    2163c4d5e6f-7a8b-9c0d-1e2f-3a4b5c6d7e8fMicrosoft.Compute/disksGovernanceMediumManaged Disks with ‘Unattached’ stateLearn
    217d40c769d-2f08-4980-8d8f-a386946276e6Microsoft.Network/expressRouteCircuitsScalabilityMediumImplement rate-limiting across ExpressRoute Direct Circuits to optimize network flowLearn
    21860077378-7cb1-4b35-89bb-393884d9921dMicrosoft.Network/ExpressRoutePortsHighAvailabilityHighThe Admin State of both Links of an ExpressRoute Direct should be in Enabled stateLearn
    2190bee356b-7348-4799-8cab-0c71ffe13018Microsoft.Network/ExpressRoutePortsScalabilityMediumEnsure ExpressRoute Direct is not over-subscribedLearn
    220evgd-001Microsoft.EventGrid/domainsMonitoringAndAlertingLowEvent Grid Domain should have diagnostic settings enabledLearn
    221evgd-003Microsoft.EventGrid/domainsHighAvailabilityHighEvent Grid Domain should have a SLALearn
    222evgd-004Microsoft.EventGrid/domainsSecurityHighEvent Grid Domain should have private endpoints enabledLearn
    223evgd-006Microsoft.EventGrid/domainsGovernanceLowEvent Grid Domain Name should comply with naming conventionsLearn
    224evgd-007Microsoft.EventGrid/domainsGovernanceLowEvent Grid Domain should have tagsLearn
    225evgd-008Microsoft.EventGrid/domainsSecurityMediumEvent Grid Domain should have local authentication disabledLearn
    226evh-001Microsoft.EventHub/namespacesMonitoringAndAlertingLowEvent Hub Namespace should have diagnostic settings enabledLearn
    227evh-003Microsoft.EventHub/namespacesHighAvailabilityHighEvent Hub Namespace should have a SLALearn
    228evh-004Microsoft.EventHub/namespacesSecurityHighEvent Hub Namespace should have private endpoints enabledLearn
    229evh-006Microsoft.EventHub/namespacesGovernanceLowEvent Hub Namespace Name should comply with naming conventionsLearn
    230evh-007Microsoft.EventHub/namespacesGovernanceLowEvent Hub should have tagsLearn
    231evh-008Microsoft.EventHub/namespacesSecurityMediumEvent Hub should have local authentication disabledLearn
    23284636c6c-b317-4722-b603-7b1ffc16384bMicrosoft.EventHub/namespacesHighAvailabilityHighEnsure zone redundancy is enabled in supported regionsLearn
    233fbfef3df-04a5-41b2-a8fd-b8541eb04956Microsoft.EventHub/namespacesScalabilityHighEnable auto-inflate on Event Hub Standard tierLearn
    2340d1e2f3a-4b5c-6d7e-8f9a-0b1c2d3e4f5aMicrosoft.Network/frontDoorWebApplicationFirewallPoliciesGovernanceMediumFront Door WAF Policy without associationsLearn
    235b49a39fd-f431-4b61-9062-f2157849d845Microsoft.Compute/galleriesHighAvailabilityMediumA minimum of three replicas should be kept for production image versionsLearn
    236488dcc8b-f2e3-40ce-bf95-73deb2db095fMicrosoft.Compute/galleriesHighAvailabilityMediumZone redundant storage should be used for image versionsLearn
    2371c5e1e58-4e56-491c-8529-10f37af9d4edMicrosoft.Compute/galleriesHighAvailabilityLowConsider creating TrustedLaunchSupported images where possibleLearn
    238b1e1378d-4572-4414-bebd-b8872a6d4d1cMicrosoft.Devices/IotHubsScalabilityHighUse Device Provisioning ServiceLearn
    239e7dbd21f-b27a-4b8c-a901-cedb1e6d8e1eMicrosoft.Devices/IotHubsMonitoringAndAlertingLowDisabled Fallback RouteLearn
    240eeba3a49-fef0-481f-a471-7ff01139b474Microsoft.Devices/IotHubsHighAvailabilityHighDo not use free tierLearn
    241it-006Microsoft.VirtualMachineImages/imageTemplatesGovernanceLowImage Template Name should comply with naming conventionsLearn
    242it-007Microsoft.VirtualMachineImages/imageTemplatesGovernanceLowImage Template should have tagsLearn
    24321fb841b-ba70-1f4e-a460-1f72fb41aa51Microsoft.VirtualMachineImages/imageTemplatesDisasterRecoveryLowReplicate your Image Templates to a secondary regionLearn
    244kv-001Microsoft.KeyVault/vaultsMonitoringAndAlertingLowKey Vault should have diagnostic settings enabledLearn
    245kv-003Microsoft.KeyVault/vaultsHighAvailabilityHighKey Vault should have a SLALearn
    246kv-006Microsoft.KeyVault/vaultsGovernanceLowKey Vault Name should comply with naming conventionsLearn
    247kv-007Microsoft.KeyVault/vaultsGovernanceLowKey Vault should have tagsLearn
    2481cca00d2-d9ab-8e42-a788-5d40f49405cbMicrosoft.KeyVault/vaultsDisasterRecoveryHighKey vaults should have soft delete enabledLearn
    24970fcfe6d-00e9-5544-a63a-fff42b9f2edbMicrosoft.KeyVault/vaultsDisasterRecoveryMediumKey vaults should have purge protection enabledLearn
    25000c3d2b0-ea6e-4c4b-89be-b78a35caeb51Microsoft.KeyVault/vaultsSecurityMediumPrivate endpoint should be configured for Key VaultLearn
    251lb-001Microsoft.Network/loadBalancersMonitoringAndAlertingLowLoad Balancer should have diagnostic settings enabledLearn
    252lb-003Microsoft.Network/loadBalancersHighAvailabilityHighLoad Balancer should have a SLALearn
    253lb-006Microsoft.Network/loadBalancersGovernanceLowLoad Balancer Name should comply with naming conventionsLearn
    254lb-007Microsoft.Network/loadBalancersGovernanceLowLoad Balancer should have tagsLearn
    2556d82d042-6d61-ad49-86f0-6a5455398081Microsoft.Network/loadBalancersHighAvailabilityHighEnsure the Backend Pool contains at least two instancesLearn
    2568d319a05-677b-944f-b9b4-ca0fb42e883cMicrosoft.Network/loadBalancersHighAvailabilityMediumUse NAT Gateway instead of Outbound Rules for Production WorkloadsLearn
    257621dbc78-3745-4d32-8eac-9e65b27b7512Microsoft.Network/loadBalancersHighAvailabilityHighEnsure Standard Load Balancer is zone-redundantLearn
    258e5f5fcea-f925-4578-8599-9a391e888a60Microsoft.Network/loadBalancersMonitoringAndAlertingHighUse Health Probes to detect backend instances availabilityLearn
    25938c3bca1-97a1-eb42-8cd3-838b243f35baMicrosoft.Network/loadBalancersHighAvailabilityHighUse Standard Load Balancer SKULearn
    2609c0d1e2f-3a4b-5c6d-7e8f-9a0b1c2d3e4fMicrosoft.Network/loadBalancersGovernanceMediumLoad Balancers with empty backend address poolsLearn
    261log-003Microsoft.OperationalInsights/workspacesHighAvailabilityHighLog Analytics Workspace SLALearn
    262log-006Microsoft.OperationalInsights/workspacesGovernanceLowLog Analytics Workspace Name should comply with naming conventionsLearn
    263log-007Microsoft.OperationalInsights/workspacesGovernanceLowLog Analytics Workspace should have tagsLearn
    264logic-001Microsoft.Logic/workflowsMonitoringAndAlertingLowLogic App should have diagnostic settings enabledLearn
    265logic-003Microsoft.Logic/workflowsHighAvailabilityHighLogic App should have a SLALearn
    266logic-004Microsoft.Logic/workflowsSecurityHighLogic App should limit access to Http TriggersLearn
    267logic-006Microsoft.Logic/workflowsGovernanceLowLogic App Name should comply with naming conventionsLearn
    268logic-007Microsoft.Logic/workflowsGovernanceLowLogic App should have tagsLearn
    269maria-001Microsoft.DBforMariaDB/serversMonitoringAndAlertingLowMariaDB should have diagnostic settings enabledLearn
    270maria-002Microsoft.DBforMariaDB/serversSecurityHighMariaDB should have private endpoints enabledLearn
    271maria-003Microsoft.DBforMariaDB/serversGovernanceLowMariaDB server Name should comply with naming conventionsLearn
    272maria-004Microsoft.DBforMariaDB/serversHighAvailabilityHighMariaDB server should have a SLALearn
    273maria-005Microsoft.DBforMariaDB/serversGovernanceLowMariaDB should have tagsLearn
    274maria-006Microsoft.DBforMariaDB/serversSecurityLowMariaDB should enforce TLS >= 1.2Learn
    275mysql-001Microsoft.DBforMySQL/serversMonitoringAndAlertingLowAzure Database for MySQL - Single Server should have diagnostic settings enabledLearn
    276mysql-003Microsoft.DBforMySQL/serversHighAvailabilityHighAzure Database for MySQL - Single Server should have a SLALearn
    277mysql-004Microsoft.DBforMySQL/serversSecurityHighAzure Database for MySQL - Single Server should have private endpoints enabledLearn
    278mysql-006Microsoft.DBforMySQL/serversGovernanceLowAzure Database for MySQL - Single Server Name should comply with naming conventionsLearn
    279mysql-007Microsoft.DBforMySQL/serversHighAvailabilityHighAzure Database for MySQL - Single Server is on the retirement pathLearn
    280mysql-008Microsoft.DBforMySQL/serversGovernanceLowAzure Database for MySQL - Single Server should have tagsLearn
    281mysqlf-001Microsoft.DBforMySQL/flexibleServersMonitoringAndAlertingLowAzure Database for MySQL - Flexible Server should have diagnostic settings enabledLearn
    282mysqlf-003Microsoft.DBforMySQL/flexibleServersHighAvailabilityHighAzure Database for MySQL - Flexible Server should have a SLALearn
    283mysqlf-004Microsoft.DBforMySQL/flexibleServersSecurityHighAzure Database for MySQL - Flexible Server should have private access enabledLearn
    284mysqlf-006Microsoft.DBforMySQL/flexibleServersGovernanceLowAzure Database for MySQL - Flexible Server Name should comply with naming conventionsLearn
    285mysqlf-007Microsoft.DBforMySQL/flexibleServersGovernanceLowAzure Database for MySQL - Flexible Server should have tagsLearn
    2868176a79d-8645-4e52-96be-a10fc0204fe5Microsoft.DBforMySQL/flexibleServersScalabilityHighConfigure storage auto-growLearn
    28788856605-53d8-4bbd-a75b-4a7b14939d32Microsoft.DBforMySQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
    28882a9a0f2-24ee-496f-9ad2-25f81710942dMicrosoft.DBforMySQL/flexibleServersScalabilityHighEnable custom maintenance scheduleLearn
    2895c96afc3-7d2e-46ff-a4c7-9c32850c441bMicrosoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
    290b49a8653-cc43-48c9-8513-a2d2e3f14dd1Microsoft.DBforMySQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
    291ab984130-c57b-6c4a-8d04-6723b4e1bdb6Microsoft.NetApp/netAppAccountsScalabilityHighUse standard network features for production in Azure NetApp FilesLearn
    29247d100a5-7f85-5742-967a-67eb5081240aMicrosoft.NetApp/netAppAccountsHighAvailabilityHighUse availability zones for high availability in Azure NetApp FilesLearn
    29372827434-c773-4345-9493-34848ddf5803Microsoft.NetApp/netAppAccountsHighAvailabilityHighUse snapshots for data protection in Azure NetApp FilesLearn
    294b2fb3e60-97ec-e34d-af29-b16a0d61c2acMicrosoft.NetApp/netAppAccountsDisasterRecoveryHighEnable backup for data protection in Azure NetApp FilesLearn
    295e30317d2-c502-4dfe-a2d3-0a737cc79545Microsoft.NetApp/netAppAccountsDisasterRecoveryHighEnable Cross-region replication of Azure NetApp Files volumesLearn
    296e3d742e1-dacd-9b48-b6b1-510ec9f87c96Microsoft.NetApp/netAppAccountsDisasterRecoveryHighEnable Cross-zone replication of Azure NetApp Files volumesLearn
    297ng-001Microsoft.Network/natGatewaysMonitoringAndAlertingLowNAT Gateway should have diagnostic settings enabledLearn
    298ng-003Microsoft.Network/natGatewaysHighAvailabilityHighNAT Gateway SLALearn
    299ng-006Microsoft.Network/natGatewaysGovernanceLowNAT Gateway Name should comply with naming conventionsLearn
    300ng-007Microsoft.Network/natGatewaysGovernanceLowNAT Gateway should have tagsLearn
    3015c6d7e8f-9a0b-1c2d-3e4f-5a6b7c8d9e0fMicrosoft.Network/natGatewaysGovernanceMediumNAT Gateways not attached to any subnetLearn
    3026f7a8b9c-0d1e-2f3a-4b5c-6d7e8f9a0b1cMicrosoft.Network/networkInterfacesGovernanceMediumNetwork Interfaces not attached to any resourceLearn
    303nsg-001Microsoft.Network/networkSecurityGroupsMonitoringAndAlertingLowNSG should have diagnostic settings enabledLearn
    304nsg-003Microsoft.Network/networkSecurityGroupsHighAvailabilityHighNSG SLALearn
    305nsg-006Microsoft.Network/networkSecurityGroupsGovernanceLowNSG Name should comply with naming conventionsLearn
    306nsg-007Microsoft.Network/networkSecurityGroupsGovernanceLowNSG should have tagsLearn
    3078291c1fa-650c-b44b-b008-4deb7465919dMicrosoft.Network/networkSecurityGroupsSecurityMediumThe NSG only has Default Security Rules, make sure to configure the necessary rulesLearn
    3087a8b9c0d-1e2f-3a4b-5c6d-7e8f9a0b1c2dMicrosoft.Network/networkSecurityGroupsGovernanceMediumNetwork Security Groups not attached to any network interface or subnetLearn
    3098bb4a57b-55e4-d24e-9c19-2679d8bc779fMicrosoft.Network/networkSecurityGroupsMonitoringAndAlertingLowMonitor changes in Network Security Groups with Azure MonitorLearn
    310nw-003Microsoft.Network/networkWatchersHighAvailabilityHighNetwork Watcher SLALearn
    311nw-006Microsoft.Network/networkWatchersGovernanceLowNetwork Watcher Name should comply with naming conventionsLearn
    312nw-007Microsoft.Network/networkWatchersGovernanceLowNetwork Watcher should have tagsLearn
    31322a769ed-0ecb-8b49-bafe-8f52e6373d9cMicrosoft.Network/networkWatchersMonitoringAndAlertingLowFix Flow Log configurations in Failed state or Disabled StatusLearn
    314bf0b7dbd-016d-458c-af99-70fcb03ad451Microsoft.Network/networkWatchersMonitoringAndAlertingMediumEnable traffic analytics in Virtual Network Flow Logs configurationLearn
    3157e8f9a0b-1c2d-3e4f-5a6b-7c8d9e0f1a2bMicrosoft.Network/privateDnsZonesGovernanceMediumPrivate DNS zones without Virtual Network LinksLearn
    316pep-003Microsoft.Network/privateEndpointsHighAvailabilityHighPrivate Endpoint SLALearn
    317pep-006Microsoft.Network/privateEndpointsGovernanceLowPrivate Endpoint Name should comply with naming conventionsLearn
    318pep-007Microsoft.Network/privateEndpointsGovernanceLowPrivate Endpoint should have tagsLearn
    319b89c9acc-0aba-fb44-9ff2-3dbfcf97dce7Microsoft.Network/privateEndpointsHighAvailabilityMediumResolve issues with Private Endpoints in non Succeeded connection stateLearn
    3208f9a0b1c-2d3e-4f5a-6b7c-8d9e0f1a2b3cMicrosoft.Network/privateEndpointsGovernanceMediumPrivate Endpoints not connected to any resourceLearn
    321pip-003Microsoft.Network/publicIPAddressesHighAvailabilityHighPublic IP SLALearn
    322pip-006Microsoft.Network/publicIPAddressesGovernanceLowPublic IP Name should comply with naming conventionsLearn
    323pip-007Microsoft.Network/publicIPAddressesGovernanceLowPublic IP should have tagsLearn
    3245cea1501-6fe4-4ec4-ac8f-f72320eb18d3Microsoft.Network/publicIPAddressesHighAvailabilityMediumUpgrade Basic SKU public IP addresses to Standard SKULearn
    325c4254c66-b8a5-47aa-82f6-e7d7fb418f47Microsoft.Network/publicIPAddressesSecurityMediumPublic IP addresses should have DDoS protection enabledLearn
    3265e6f7a8b-9c0d-1e2f-3a4b-5c6d7e8f9a0bMicrosoft.Network/publicIPAddressesGovernanceMediumPublic IPs not attached to any resourceLearn
    327c63b81fb-7afc-894c-a840-91bb8a8dcfafMicrosoft.Network/publicIPAddressesHighAvailabilityHighUse Standard SKU and Zone-Redundant IPs when applicableLearn
    3281adba190-5c4c-e646-8527-dd1b2a6d8b15Microsoft.Network/publicIPAddressesHighAvailabilityMediumUse NAT gateway for outbound connectivity to avoid SNAT ExhaustionLearn
    329psql-001Microsoft.DBforPostgreSQL/serversMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
    330psql-003Microsoft.DBforPostgreSQL/serversHighAvailabilityHighPostgreSQL should have a SLALearn
    331psql-004Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should have private endpoints enabledLearn
    332psql-006Microsoft.DBforPostgreSQL/serversGovernanceLowPostgreSQL Name should comply with naming conventionsLearn
    333psql-007Microsoft.DBforPostgreSQL/serversGovernanceLowPostgreSQL should have tagsLearn
    334psql-008Microsoft.DBforPostgreSQL/serversSecurityHighPostgreSQL should enforce SSLLearn
    335psql-009Microsoft.DBforPostgreSQL/serversSecurityLowPostgreSQL should enforce TLS >= 1.2Learn
    336psqlf-001Microsoft.DBforPostgreSQL/flexibleServersMonitoringAndAlertingLowPostgreSQL should have diagnostic settings enabledLearn
    337psqlf-003Microsoft.DBforPostgreSQL/flexibleServersHighAvailabilityHighPostgreSQL should have a SLALearn
    338psqlf-004Microsoft.DBforPostgreSQL/flexibleServersSecurityHighPostgreSQL should have private access enabledLearn
    339psqlf-006Microsoft.DBforPostgreSQL/flexibleServersGovernanceLowPostgreSQL Name should comply with naming conventionsLearn
    340psqlf-007Microsoft.DBforPostgreSQL/flexibleServersGovernanceLowPostgreSQL should have tagsLearn
    341ca87914f-aac4-4783-ab67-82a6f936f194Microsoft.DBforPostgreSQL/flexibleServersHighAvailabilityHighEnable HA with zone redundancyLearn
    342b2bad57d-7e03-4c0f-9024-597c9eb295bbMicrosoft.DBforPostgreSQL/flexibleServersScalabilityHighEnable custom maintenance scheduleLearn
    34331f4ac4b-29cb-4588-8de2-d8fe6f13ceb3Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure geo redundant backup storageLearn
    3442ab85a67-26be-4ed2-a0bb-101b2513ec63Microsoft.DBforPostgreSQL/flexibleServersDisasterRecoveryHighConfigure one or more read replicasLearn
    345redis-001Microsoft.Cache/RedisMonitoringAndAlertingLowRedis should have diagnostic settings enabledLearn
    346redis-003Microsoft.Cache/RedisHighAvailabilityHighRedis should have a SLALearn
    347redis-006Microsoft.Cache/RedisGovernanceLowRedis Name should comply with naming conventionsLearn
    348redis-007Microsoft.Cache/RedisGovernanceLowRedis should have tagsLearn
    349redis-008Microsoft.Cache/RedisSecurityHighRedis should not enable non SSL portsLearn
    350redis-009Microsoft.Cache/RedisSecurityLowRedis should enforce TLS >= 1.2Learn
    3515a44bd30-ae6a-4b81-9b68-dc3a8ffca4d8Microsoft.Cache/RedisHighAvailabilityHighEnable zone redundancy for Azure Cache for RedisLearn
    352c474fc96-4e6a-4fb0-95d0-a26b3f35933cMicrosoft.Cache/redisSecurityMediumConfigure Private EndpointsLearn
    3531c2d3e4f-5a6b-7c8d-9e0f-1a2b3c4d5e6fMicrosoft.Resources/resourceGroupsGovernanceMediumResource Groups without resourcesLearn
    3541549b91f-2ea0-4d4f-ba2a-4596becbe3deMicrosoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Cross Region Restore for your GRS Recovery Services VaultLearn
    3559e39919b-78af-4a0b-b70f-c548dae97c25Microsoft.RecoveryServices/vaultsDisasterRecoveryMediumEnable Soft Delete for Recovery Services Vaults in Azure BackupLearn
    35617e877f7-3a89-4205-8a24-0670de54ddcdMicrosoft.RecoveryServices/vaultsDisasterRecoveryHighValidate VM functionality with a Site Recovery test failover to check performance at targetLearn
    3572912472d-0198-4bdc-aa90-37f145790edcMicrosoft.RecoveryServices/vaultsMonitoringAndAlertingMediumMigrate from classic alerts to built-in Azure Monitor alerts for Azure Recovery Services VaultsLearn
    358udr-003Microsoft.Network/routeTablesHighAvailabilityHighRout Table SLALearn
    359udr-006Microsoft.Network/routeTablesGovernanceLowRout Table Name should comply with naming conventionsLearn
    360udr-007Microsoft.Network/routeTablesGovernanceLowRout Table should have tagsLearn
    3618b9c0d1e-2f3a-4b5c-6d7e-8f9a0b1c2d3eMicrosoft.Network/routeTablesGovernanceMediumRoute Tables not attached to any subnetLearn
    36223b2dfc7-7e5d-9443-9f62-980ca621b561Microsoft.Network/routeTablesMonitoringAndAlertingMediumMonitor changes in Route Tables with Azure MonitorLearn
    363sb-001Microsoft.ServiceBus/namespacesMonitoringAndAlertingLowService Bus should have diagnostic settings enabledLearn
    364sb-003Microsoft.ServiceBus/namespacesHighAvailabilityHighService Bus should have a SLALearn
    365sb-004Microsoft.ServiceBus/namespacesSecurityHighService Bus should have private endpoints enabledLearn
    366sb-006Microsoft.ServiceBus/namespacesGovernanceLowService Bus Name should comply with naming conventionsLearn
    367sb-007Microsoft.ServiceBus/namespacesGovernanceLowService Bus should have tagsLearn
    368sb-008Microsoft.ServiceBus/namespacesSecurityMediumService Bus should have local authentication disabledLearn
    369f075a1bd-de9e-4819-9a1d-1ac41037a74fMicrosoft.ServiceBus/namespacesServiceUpgradeAndRetirementHighConfigure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higherLearn
    370sigr-001Microsoft.SignalRService/SignalRMonitoringAndAlertingLowSignalR should have diagnostic settings enabledLearn
    371sigr-003Microsoft.SignalRService/SignalRHighAvailabilityHighSignalR should have a SLALearn
    372sigr-004Microsoft.SignalRService/SignalRSecurityHighSignalR should have private endpoints enabledLearn
    373sigr-006Microsoft.SignalRService/SignalRGovernanceLowSignalR Name should comply with naming conventionsLearn
    374sigr-007Microsoft.SignalRService/SignalRGovernanceLowSignalR should have tagsLearn
    3756a8b3db9-5773-413a-a127-4f7032f34bbdMicrosoft.SignalRService/SignalRHighAvailabilityHighEnable zone redundancy for SignalRLearn
    376sql-004Microsoft.Sql/serversSecurityHighSQL should have private endpoints enabledLearn
    377sql-006Microsoft.Sql/serversGovernanceLowSQL Name should comply with naming conventionsLearn
    378sql-007Microsoft.Sql/serversGovernanceLowSQL should have tagsLearn
    379sql-008Microsoft.Sql/serversSecurityLowSQL should enforce TLS >= 1.2Learn
    380sqldb-001Microsoft.Sql/servers/databasesMonitoringAndAlertingLowSQL Database should have diagnostic settings enabledLearn
    381sqldb-003Microsoft.Sql/servers/databasesHighAvailabilityHighSQL Database should have a SLALearn
    382sqldb-006Microsoft.Sql/servers/databasesGovernanceLowSQL Database Name should comply with naming conventionsLearn
    383sqldb-007Microsoft.Sql/servers/databasesGovernanceLowSQL Database should have tagsLearn
    384sqlep-002Microsoft.Sql/servers/elasticPoolsGovernanceLowSQL Elastic Pool Name should comply with naming conventionsLearn
    385sqlep-003Microsoft.Sql/servers/elasticPoolsGovernanceLowSQL Elastic Pool should have tagsLearn
    38674c2491d-048b-0041-a140-935960220e20Microsoft.Sql/serversDisasterRecoveryHighUse Active Geo Replication to Create a Readable Secondary in Another RegionLearn
    387943c168a-2ec2-a94c-8015-85732a1b4859Microsoft.Sql/serversDisasterRecoveryHighAuto Failover Groups can encompass one or multiple databases, usually used by the same app.Learn
    388c0085c32-84c0-c247-bfa9-e70977cbf108Microsoft.Sql/serversHighAvailabilityHighEnable zone redundancy for Azure SQL Database to achieve high availability and resiliencyLearn
    3897e7daec9-6a81-3546-a4cc-9aef72fec1f7Microsoft.Sql/serversMonitoringAndAlertingHighMonitor your Azure SQL Database in Near Real-Time to Detect Reliability IncidentsLearn
    3904d5e6f7a-8b9c-0d1e-2f3a-4b5c6d7e8f9aMicrosoft.Sql/servers/elasticpoolsGovernanceMediumSQL elastic pool without databasesLearn
    391st-001Microsoft.Storage/storageAccountsMonitoringAndAlertingLowStorage should have diagnostic settings enabledLearn
    392st-003Microsoft.Storage/storageAccountsHighAvailabilityHighStorage should have a SLALearn
    393st-006Microsoft.Storage/storageAccountsGovernanceLowStorage Name should comply with naming conventionsLearn
    394st-007Microsoft.Storage/storageAccountsSecurityHighStorage Account should use HTTPS onlyLearn
    395st-008Microsoft.Storage/storageAccountsGovernanceLowStorage Account should have tagsLearn
    396st-009Microsoft.Storage/storageAccountsSecurityLowStorage Account should enforce TLS >= 1.2Learn
    397st-010Microsoft.Storage/storageAccountsDisasterRecoveryLowStorage Account should have inmutable storage versioning enabledLearn
    398st-011Microsoft.Storage/storageAccountsDisasterRecoveryMediumStorage Account should have soft delete enabledLearn
    3992ad78dec-5a4d-4a30-8fd1-8584335ad781Microsoft.Storage/storageAccountsScalabilityLowConsider upgrading legacy storage accounts to v2 storage accountsLearn
    400dc55be60-6f8c-461e-a9d5-a3c7686ed94eMicrosoft.Storage/storageAccountsSecurityMediumEnable Azure Private Link service for storage accountsLearn
    401e6c7e1cc-2f47-264d-aa50-1da421314472Microsoft.Storage/storageAccountsHighAvailabilityHighEnsure that storage accounts are zone or region redundantLearn
    402syndp-001Microsoft.Synapse/workspaces/sqlPoolsGovernanceLowAzure Synapse Dedicated SQL Pool Name should comply with naming conventionsLearn
    403syndp-002Microsoft.Synapse/workspaces/sqlPoolsHighAvailabilityHighAzure Synapse Dedicated SQL Pool SLALearn
    404syndp-003Microsoft.Synapse/workspaces/sqlPoolsGovernanceLowAzure Synapse Dedicated SQL Pool should have tagsLearn
    405synsp-001Microsoft.Synapse workspaces/bigDataPoolsGovernanceLowAzure Synapse Spark Pool Name should comply with naming conventionsLearn
    406synsp-002Microsoft.Synapse workspaces/bigDataPoolsHighAvailabilityHighAzure Synapse Spark Pool SLALearn
    407synsp-003Microsoft.Synapse workspaces/bigDataPoolsGovernanceLowAzure Synapse Spark Pool should have tagsLearn
    408synw-001Microsoft.Synapse/workspacesMonitoringAndAlertingLowAzure Synapse Workspace should have diagnostic settings enabledLearn
    409synw-002Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should have private endpoints enabledLearn
    410synw-003Microsoft.Synapse/workspacesHighAvailabilityHighAzure Synapse Workspace SLALearn
    411synw-004Microsoft.Synapse/workspacesGovernanceLowAzure Synapse Workspace Name should comply with naming conventionsLearn
    412synw-005Microsoft.Synapse/workspacesGovernanceLowAzure Synapse Workspace should have tagsLearn
    413synw-006Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should establish network segmentation boundariesLearn
    414synw-007Microsoft.Synapse/workspacesSecurityHighAzure Synapse Workspace should disable public network accessLearn
    415traf-001Microsoft.Network/trafficManagerProfilesMonitoringAndAlertingLowTraffic Manager should have diagnostic settings enabledLearn
    416traf-002Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager should have availability zones enabledLearn
    417traf-003Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager should have a SLALearn
    418traf-006Microsoft.Network/trafficManagerProfilesGovernanceLowTraffic Manager Name should comply with naming conventionsLearn
    419traf-007Microsoft.Network/trafficManagerProfilesGovernanceLowTraffic Manager should have tagsLearn
    420traf-009Microsoft.Network/trafficManagerProfilesSecurityHighTraffic Manager: HTTP endpoints should be monitored using HTTPSLearn
    421f05a3e6d-49db-2740-88e2-2b13706c1f67Microsoft.Network/trafficManagerProfilesHighAvailabilityHighTraffic Manager Monitor Status Should be OnlineLearn
    4225b422a7f-8caa-3d48-becb-511599e5bba9Microsoft.Network/trafficManagerProfilesHighAvailabilityMediumTraffic manager profiles should have more than one endpointLearn
    4231ad9d7b7-9692-1441-a8f4-93792efbe97aMicrosoft.Network/trafficManagerProfilesDisasterRecoveryMediumConfigure at least one endpoint within a another regionLearn
    424c31f76a0-48cd-9f44-aa43-99ee904db9bcMicrosoft.Network/trafficManagerProfilesDisasterRecoveryHighEnsure endpoint configured to (All World) for geographic profilesLearn
    4251e2f3a4b-5c6d-7e8f-9a0b-1c2d3e4f5a6bMicrosoft.Network/trafficManagerProfilesGovernanceMediumTraffic Manager without endpointsLearn
    4269437634c-d69e-2747-b13e-631c13182150Microsoft.Network/trafficManagerProfilesBusinessContinuityHighAvoid combining Traffic Manager and Front DoorLearn
    427979ff8be-5f3a-4d8e-9aa3-407ecdd6d6f7Microsoft.DesktopVirtualization/hostPoolsGovernanceMediumConfigure host pool scheduled agent updatesLearn
    428vgw-001Microsoft.Network/virtualNetworkGatewaysMonitoringAndAlertingLowVirtual Network Gateway should have diagnostic settings enabledLearn
    429vgw-002Microsoft.Network/virtualNetworkGatewaysGovernanceLowVirtual Network Gateway Name should comply with naming conventionsLearn
    430vgw-003Microsoft.Network/virtualNetworkGatewaysGovernanceLowVirtual Network Gateway should have tagsLearn
    431vgw-004Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighVirtual Network Gateway should have a SLALearn
    432vgw-005Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighStorage should have availability zones enabledLearn
    4334bae5a28-5cf4-40d9-bcf1-623d28f6d917Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighDeploy VPN gateways with zone-redundant Public IPsLearn
    434d37db635-157f-584d-9bce-4f6fc8c65ce5Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighConnect ExpressRoute gateway with circuits from diverse peering locationsLearn
    435f8c2e6d9-4b3a-45d6-b9e2-8e7f3a1c2d04Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled VPN gateway maintenanceLearn
    4365b1933a6-90e4-f642-a01f-e58594e5aab2Microsoft.Network/virtualNetworkGatewaysHighAvailabilityHighChoose a Zone-redundant VPN gatewayLearn
    4379a0b1c2d-3e4f-5a6b-7c8d-9e0f1a2b3c4dMicrosoft.Network/virtualNetworkGatewaysGovernanceMediumVirtual Network Gateways without Point-to-site configuration or ConnectionsLearn
    438281a2713-c0e0-3c48-b596-19f590c46671Microsoft.Network/virtualNetworkGatewaysHighAvailabilityMediumEnable Active-Active VPN Gateways for redundancyLearn
    439bbe668b7-eb5c-c746-8b82-70afdedf0caeMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityHighUse Zone-redundant ExpressRoute gateway SKUsLearn
    4403e115044-a3aa-433e-be01-ce17d67e50daMicrosoft.Network/virtualNetworkGatewaysHighAvailabilityMediumConfigure customer-controlled ExpressRoute gateway maintenanceLearn
    441vm-003Microsoft.Compute/virtualMachinesHighAvailabilityHighVirtual Machine should have a SLALearn
    442vm-006Microsoft.Compute/virtualMachinesGovernanceLowVirtual Machine Name should comply with naming conventionsLearn
    443vm-007Microsoft.Compute/virtualMachinesGovernanceLowVirtual Machine should have tagsLearn
    444122d11d7-b91f-8747-a562-f56b79bcfbdcMicrosoft.Compute/virtualMachinesHighAvailabilityHighUse Managed Disks for VM disksLearn
    44598b334c0-8578-6046-9e43-b6e8fce6318eMicrosoft.Compute/virtualMachinesGovernanceLowReview VMs in stopped stateLearn
    446c42343ae-2712-2843-a285-3437eb0b28a1Microsoft.Compute/virtualMachinesGovernanceLowEnsure that your VMs are compliant with Azure PoliciesLearn
    4474a9d8973-6dba-0042-b3aa-07924877ebd5Microsoft.Compute/virtualMachinesMonitoringAndAlertingLowConfigure monitoring for all Azure Virtual MachinesLearn
    44870b1d2be-e6c4-b54e-9959-b1b690f9e485Microsoft.Compute/virtualMachinesSecurityLowNetwork access to the VM disk should be set to Disable public access and enable private accessLearn
    449b72214bb-e879-5f4b-b9cd-642db84f36f4Microsoft.Compute/virtualMachinesMonitoringAndAlertingLowEnable VM InsightsLearn
    45052ab9e5c-eec0-3148-8bd7-b6dd9e1be870Microsoft.Compute/virtualMachinesHighAvailabilityHighUse maintenance configurations for the VMsLearn
    4511981f704-97b9-b645-9c57-33f8ded9261aMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumBackup VMs with Azure Backup serviceLearn
    452dfedbeb1-1519-fc47-86a5-52f96cf07105Microsoft.Compute/virtualMachinesScalabilityMediumEnable Accelerated Networking (AccelNet)Learn
    453f0a97179-133a-6e4f-8a49-8a44da73ffceMicrosoft.Compute/virtualMachinesSecurityHighVirtual Machines should have Azure Disk Encryption or EncryptionAtHost enabledLearn
    454df0ff862-814d-45a3-95e4-4fad5a244ba6Microsoft.Compute/virtualMachinesScalabilityHighMission Critical Workloads should consider using Premium or Ultra DisksLearn
    455a8d25876-7951-b646-b4e8-880c9031596bMicrosoft.Compute/virtualMachinesHighAvailabilityHighMigrate VMs using availability sets to VMSS FlexLearn
    456cfe22a65-b1db-fd41-9e8e-d573922709aeMicrosoft.Compute/virtualMachinesDisasterRecoveryMediumReplicate VMs using Azure Site RecoveryLearn
    4571f629a30-c9d0-d241-82ee-6f2eb9d42cb4Microsoft.Compute/virtualMachinesSecurityMediumVMs should not have a Public IP directly associatedLearn
    4582bd0be95-a825-6f47-a8c6-3db1fb5eb387Microsoft.Compute/virtualMachinesHighAvailabilityHighDeploy VMs across Availability ZonesLearn
    4594ea2878f-0d69-8d4a-b715-afc10d1e538eMicrosoft.Compute/virtualMachinesScalabilityLowHost database data on a data diskLearn
    46041a22a5e-5e08-9647-92d0-2ffe9ef1bdadMicrosoft.Compute/virtualMachinesSecurityMediumIP Forwarding should only be enabled for Network Virtual AppliancesLearn
    461273f6b30-68e0-4241-85ea-acf15ffb60bfMicrosoft.Compute/virtualMachinesHighAvailabilityHighRun production workloads on two or more VMs using VMSS FlexLearn
    4621cf8fe21-9593-1e4e-966b-779a294c0d30Microsoft.Compute/virtualMachinesOtherBestPracticesLowCustomer DNS Servers should be configured in the Virtual Network levelLearn
    4633201dba8-d1da-4826-98a4-104066545170Microsoft.Compute/virtualMachinesScalabilityHighDon’t use A or B-Series VMs for production needing constant full CPU performanceLearn
    464302fda08-ee65-4fbe-a916-6dc0b33169c4Microsoft.Compute/virtualMachinesHighAvailabilityHighReserve Compute Capacity for critical workloadsLearn
    46582b3cf6b-9ae2-2e44-b193-10793213f676Microsoft.Compute/virtualMachinesSecurityLowVM network interfaces and associated subnets both have a Network Security Group associatedLearn
    466vmss-003Microsoft.Compute/virtualMachineScaleSetsHighAvailabilityHighVirtual Machine should have a SLALearn
    467vmss-004Microsoft.Compute/virtualMachineScaleSetsGovernanceLowVirtual Machine Scale Set Name should comply with naming conventionsLearn
    468vmss-005Microsoft.Compute/virtualMachineScaleSetsGovernanceLowVirtual Machine Scale Set should have tagsLearn
    469b5a63aa0-c58e-244f-b8a6-cbba0560a6dbMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDisable Force strictly even balance across zones to avoid scale in and out fail attemptsLearn
    470e4ffd7b0-ba24-c84e-9352-ba4819f908c0Microsoft.Compute/virtualMachineScaleSetsOtherBestPracticesLowSet Patch orchestration options to Azure-orchestratedLearn
    47194794d2a-eff0-2345-9b67-6f9349d0a627Microsoft.Compute/virtualMachineScaleSetsMonitoringAndAlertingMediumEnable Azure Virtual Machine Scale Set Application Health MonitoringLearn
    472ee66ff65-9aa3-2345-93c1-25827cf79f44Microsoft.Compute/virtualMachineScaleSetsScalabilityHighConfigure VMSS Autoscale to custom and configure the scaling metricsLearn
    4733f85a51c-e286-9f44-b4dc-51d00768696cMicrosoft.Compute/virtualMachineScaleSetsScalabilityLowEnable Predictive autoscale and configure at least for Forecast OnlyLearn
    474820f4743-1f94-e946-ae0b-45efafd87962Microsoft.Compute/virtualMachineScaleSetsHighAvailabilityHighEnable Automatic Repair Policy on Azure Virtual Machine Scale SetsLearn
    475e7495e1c-0c75-0946-b266-b429b5c7f3bfMicrosoft.Compute/virtualMachineScaleSetsScalabilityMediumDeploy VMSS with Flex orchestration mode instead of UniformLearn
    4761422c567-782c-7148-ac7c-5fc14cf45adcMicrosoft.Compute/virtualMachineScaleSetsHighAvailabilityHighDeploy VMSS across availability zones with VMSS FlexLearn
    477vnet-001Microsoft.Network/virtualNetworksMonitoringAndAlertingLowVirtual Network should have diagnostic settings enabledLearn
    478vnet-006Microsoft.Network/virtualNetworksGovernanceLowVirtual Network Name should comply with naming conventionsLearn
    479vnet-007Microsoft.Network/virtualNetworksGovernanceLowVirtual Network should have tagsLearn
    480vnet-009Microsoft.Network/virtualNetworksHighAvailabilityHighVirtual Network should have at least two DNS servers assignedLearn
    481f0bf9ae6-25a5-974d-87d5-025abec73539Microsoft.Network/virtualNetworksSecurityLowAll Subnets should have a Network Security Group associatedLearn
    48269ea1185-19b7-de40-9da1-9e8493547a5cMicrosoft.Network/virtualNetworksSecurityHighShield public endpoints in Azure VNets with Azure DDoS Standard Protection PlansLearn
    48324ae3773-cc2c-3649-88de-c9788e25b463Microsoft.Network/virtualNetworksSecurityMediumWhen available, use Private Endpoints instead of Service Endpoints for PaaS ServicesLearn
    4843a4b5c6d-7e8f-9a0b-1c2d-3e4f5a6b7c8dMicrosoft.Network/virtualNetworksGovernanceMediumVirtual Networks without subnetsLearn
    48506b77be9-56a3-4d41-b362-8b295c5a283dMicrosoft.Network/virtualNetworksMonitoringAndAlertingMediumEnable Virtual Network Flow LogsLearn
    4864b5c6d7e-8f9a-0b1c-2d3e-4f5a6b7c8d9eMicrosoft.Network/virtualNetworks/subnetsGovernanceMediumSubnets without Connected Devices or DelegationLearn
    487vwa-001Microsoft.Network/virtualWansMonitoringAndAlertingMediumVirtual WAN should have diagnostic settings enabledLearn
    488vwa-002Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN should have availability zones enabledLearn
    489vwa-003Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN should have a SLALearn
    490vwa-005Microsoft.Network/virtualWansHighAvailabilityHighVirtual WAN TypeLearn
    491vwa-006Microsoft.Network/virtualWansGovernanceLowVirtual WAN Name should comply with naming conventionsLearn
    492vwa-007Microsoft.Network/virtualWansGovernanceLowVirtual WAN should have tagsLearn
    493wps-001Microsoft.SignalRService/webPubSubMonitoringAndAlertingLowWeb Pub Sub should have diagnostic settings enabledLearn
    494wps-002Microsoft.SignalRService/webPubSubHighAvailabilityHighWeb Pub Sub should have availability zones enabledLearn
    495wps-003Microsoft.SignalRService/webPubSubHighAvailabilityHighWeb Pub Sub should have a SLALearn
    496wps-004Microsoft.SignalRService/webPubSubSecurityHighWeb Pub Sub should have private endpoints enabledLearn
    497wps-006Microsoft.SignalRService/webPubSubGovernanceLowWeb Pub Sub Name should comply with naming conventionsLearn
    498wps-007Microsoft.SignalRService/webPubSubGovernanceLowWeb Pub Sub should have tagsLearn