Checks for Azure

• SQL Database – Enable Database Encryption Ensures data at rest in SQL databases is encrypted for security and compliance.
• SQL Server – Enable SQL Defender Enables Microsoft Defender to detect and respond to SQL security threats.
• SQL Database – Monitor CPU Utilization Tracks CPU usage to identify performance bottlenecks in SQL databases.
• SQL Database – Monitor IO Utilization Monitors IO activity to ensure optimal database performance and responsiveness.
• SQL Database – Monitor Memory Utilization Tracks memory usage to prevent performance degradation in SQL workloads.
• SQL Database – Protect From Direct Internet Traffic Restricts direct public access to SQL databases to reduce attack surface.
• Storage Account – Enable Storage Encryption Ensures data stored in storage accounts is encrypted at rest.
• Storage Account – Disable Blob Public Access Prevents anonymous public access to blob storage containers.
• Storage Account – Disable Cross-Tenant Replication Avoids unintended data sharing across different Azure tenants.
• Storage Account – Disable Public Network Access Blocks public network access to storage accounts for enhanced security.
• Storage Account – Enable Microsoft Defender Enables threat detection and security monitoring for storage accounts.
• Storage Account – Enable Secure Transfer Forces HTTPS connections to protect data in transit.
• Storage Account – Enforce Minimum TLS Version Ensures secure communication using modern TLS protocols.
• Storage Account – Enforce Network Access Rule Restricts storage access based on defined network rules.
• Storage Account – Enforce Private Endpoint Access Uses private endpoints to securely connect to storage services.
• User – Enable Azure MFA Requires multi-factor authentication for improved account security.
• App Service – Disable Remote Debugging Prevents remote debugging to reduce potential attack vectors.
• App Service – Enable Defender Provides threat protection and monitoring for app services.
• App Service – Enable Entra ID Registration Integrates app authentication with Azure Entra ID.
• App Service – Enable HTTP2 Improves performance and security with HTTP/2 protocol support.
• App Service – Enforce Latest TLS Version Ensures applications use the latest secure TLS versions.
• App Service – Enforce Secure FTPS State Forces secure FTPS connections for file transfers.
• App Service – Monitor Server Errors Tracks server errors to identify and resolve application issues.
• App Service – Redirect HTTP to HTTPS Automatically redirects traffic to secure HTTPS endpoints.
• Cosmos DB – Enable Backup Ensures data is regularly backed up for recovery purposes.
• Cosmos DB – Enable Microsoft Defender Provides threat detection and security alerts for Cosmos DB.
• Cosmos DB – Monitor Latency Tracks latency to maintain optimal database performance.
• Cosmos DB – Ensure Private Connectivity Restricts access to Cosmos DB via private endpoints.
• Cosmos DB for PostgreSQL – Monitor CPU Utilization Monitors CPU usage for PostgreSQL workloads in Cosmos DB.
• Cosmos DB for PostgreSQL – Monitor IO Utilization Tracks IO operations to ensure database efficiency.
• Cosmos DB for PostgreSQL – Monitor Memory Utilization Observes memory usage to avoid performance issues.
• Cosmos DB for PostgreSQL – Protect From Direct Internet Traffic Prevents direct public access to PostgreSQL clusters.
• Cosmos DB – Protect From Direct Internet Traffic Blocks direct internet exposure of Cosmos DB instances.
• Cosmos DB – Restrict Firewall Network Access Limits access using firewall rules for enhanced security.
• Virtual Machine – Enable Defender Provides threat protection for virtual machines.
• Virtual Machine – Protect From Direct Internet Traffic Restricts direct public access to virtual machines.
• Key Vault – Enable Defender Enables threat detection for Key Vault resources.
• Key Vault – Ensure Vault Recoverable Ensures soft delete and recovery features are enabled.
• Key Vault – Require Private Endpoint Access Restricts Key Vault access through private endpoints.
• MySQL Flexible Server – Enable Audit Log Events Connection Logs connection events for auditing and monitoring purposes.
• MySQL Flexible Server – Enable Audit Logs Tracks database activities for security and compliance.
• MySQL Flexible Server – Enforce Minimum TLS Version Ensures secure connections using modern TLS standards.
• PostgreSQL Flexible Server – Configure Log File Retention Defines retention policies for database logs.
• PostgreSQL Flexible Server – Enable Connection Logging Logs database connection attempts for monitoring.
• PostgreSQL Flexible Server – Enable Connection Throttling Limits excessive connections to protect database performance.
• PostgreSQL Flexible Server – Enable Disconnection Logging Logs disconnections to help analyze database activity.
• PostgreSQL Flexible Server – Enable Log Checkpoints Tracks checkpoint operations for performance insights.
• Network Security Group – Ensure Flow Logs Captured Captures network traffic logs for monitoring and analysis.
• General – Enable Auto Provisioning Log Analytics Automatically provisions log analytics for monitoring resources.
• General – Enable Security Notifications Sends alerts for critical security events.
• General – Set Additional Email Address Adds backup email recipients for security notifications.

View More