Azure

Composite Recipes
Recipes that include further recipes, often including the individual recipes below.
​Best practices for Azure​
​Enable Azure Storage Account Trusted Microsoft Services access​
​Ensure Azure SQL server audit log retention is greater than 90 days​
​Ensure Azure key vault is recoverable​
​Set Azure Storage Account default network access to deny​
Recipes
​Disable Kubernetes dashboard​
​Enable Azure Storage secure transfer required​
​Enable geo-redundant backups on PostgreSQL server​
​Encrypt Azure VM data disk with ADE/CMK​
​Ensure AKS policies add-on​
​Ensure AKV secrets have an expiration date set​
​Ensure Azure App Service Web app redirects HTTP to HTTPS​
​Ensure Azure Network Watcher NSG flow logs retention is greater than 90 days​
​Ensure Azure PostgreSQL database server with SSL connection is enabled​
​Ensure Azure SQL Server threat detection alerts are enabled for all threat types​
​Ensure Azure SQL server send alerts to field value is set​
​Ensure Azure application gateway has WAF enabled​
​Ensure FTP Deployments are disabled​
​Ensure MSSQL servers have email service and co-administrators enabled​
​Ensure MySQL is using the latest version of TLS encryption​
​Ensure MySQL server databases have Enforce SSL connection enabled​
​Ensure MySQL server disables public network access​
​Ensure MySQL server enables Threat Detection policy​
​Ensure MySQL server enables geo-redundant backups​
​Ensure PostgreSQL server disables public network access​
​Ensure PostgreSQL server enables Threat Detection policy​
​Ensure PostgreSQL server enables infrastructure encryption​
​Ensure Send email notification for high severity alerts is enabled​
​Ensure Send email notification for high severity alerts to admins is enabled​
​Ensure Web App has incoming client certificates enabled​
​Ensure Web App uses the latest version of HTTP​
​Ensure Web App uses the latest version of TLS encryption​
​Ensure a security contact phone number is present​
​Ensure activity log retention is set to 365 days or greater​
​Ensure all keys have an expiration date​
​Ensure app service enables HTTP logging​
​Ensure app service enables detailed error messages​
​Ensure app service enables failed request tracing​
​Ensure app services use Azure files​
​Ensure key vault allows firewall rules settings​
​Ensure key vault enables purge protection​
​Ensure key vault key is backed by HSM​
​Ensure key vault secrets have content_type set​
​Ensure log profile is configured to capture all activities​
​Ensure managed identity provider is enabled for app services​
​Ensure public network access enabled is set to False for mySQL servers​
​Ensure standard pricing tier is selected​
​Ensure storage account uses latest TLS version​
​Ensure the storage container storing activity logs is not publicly accessible​
Use HTTPS for Cloudfront distribution
Best practices for Azure
Last modified 1mo ago