Updated Azure recs ref page

Author: memildin

articles/defender-for-cloud/recommendations-reference.md

@@ -4,7 +4,7 @@ description: This article lists Microsoft Defender for Cloud's security recommen
 author: memildin
 ms.service: defender-for-cloud
 ms.topic: reference
-ms.date: 05/19/2022
+ms.date: 08/24/2022
 ms.author: memildin
 ms.custom: generated
 ---

includes/asc-recs-appservices.md

@@ -2,7 +2,7 @@
 author: memildin
 ms.service: defender-for-cloud
 ms.topic: include
-ms.date: 05/19/2022
+ms.date: 08/24/2022
 ms.author: memildin
 ms.custom: generated
 ---

includes/asc-recs-compute.md

@@ -2,12 +2,12 @@
 author: memildin
 ms.service: defender-for-cloud
 ms.topic: include
-ms.date: 05/19/2022
+ms.date: 08/24/2022
 ms.author: memildin
 ms.custom: generated
 ---
 
-There are **28** recommendations in this category.
+There are **27** recommendations in this category.
 
 |Recommendation |Description |Severity |
 |---|---|---|
@@ -22,7 +22,6 @@ There are **28** recommendations in this category.
 |[Container registry images should have vulnerability findings resolved](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/dbd0cb49-b563-45e7-9724-889e799fa648) |Container image vulnerability assessment scans your registry for security vulnerabilities and exposes detailed findings for each image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.<br />(Related policy: [Vulnerabilities in Azure Container Registry images should be remediated](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f5f0f936f-2f01-4bf5-b6be-d423792fa562)) |High |
 |[Container with privilege escalation should be avoided](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/43dc2a2e-ce69-4d42-923e-ab7d136f2cfe) |Containers shouldn't run with privilege escalation to root in your Kubernetes cluster.<br>The AllowPrivilegeEscalation attribute controls whether a process can gain more privileges than its parent process.<br />(Related policy: [Kubernetes clusters should not allow container privilege escalation](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f1c6e92c9-99f0-4e55-9cf2-0c234dc48f99)) |Medium |
 |[Containers sharing sensitive host namespaces should be avoided](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/802c0637-5a8c-4c98-abd7-7c96d89d6010) |To protect against privilege escalation outside the container, avoid pod access to sensitive host namespaces (host process ID and host IPC) in a Kubernetes cluster.<br />(Related policy: [Kubernetes cluster containers should not share host process ID or host IPC namespace](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f47a1ee2f-2a2a-4576-bf2a-e0e36709c2b8)) |Medium |
-|[Containers should listen on allowed ports only(Deprecated)](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/5f88450f-9546-4b78-a181-a2d9162bb441) |To reduce the attack surface of your Kubernetes cluster, restrict access to the cluster by limiting containers access to the configured ports.<br />(Related policy: [Ensure containers listen only on allowed ports in Kubernetes cluster](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f440b515e-a580-421e-abeb-b159a61ddcbc)) |Medium |
 |[Containers should only use allowed AppArmor profiles](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/86f91051-9d6a-47c3-a07f-bd14cb214b45) |Containers running on Kubernetes clusters should be limited to allowed AppArmor profiles only.<br>;AppArmor (Application Armor) is a Linux security module that protects an operating system and its applications from security threats. To use it, a system administrator associates an AppArmor security profile with each program.<br />(Related policy: [Kubernetes cluster containers should only use allowed AppArmor profiles](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f511f5417-5d12-434d-ab2e-816901e72a5e)) |High |
 |[Immutable (read-only) root filesystem should be enforced for containers](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/27d6f0e9-b4d5-468b-ae7e-03d5473fd864) |Containers should run with a read only root file system in your Kubernetes cluster. Immutable filesystem protects containers from changes at run-time with malicious binaries being added to PATH.<br />(Related policy: [Kubernetes cluster containers should run with a read only root file system](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2fdf49d893-a74c-421d-bc95-c663042e5b80)) |Medium |
 |[Kubernetes API server should be configured with restricted access](https://portal.azure.com/#blade/Microsoft_Azure_Security/RecommendationsBlade/assessmentKey/1a2b5b4c-f80d-46e7-ac81-b51a9fb363de) |To ensure that only applications from allowed networks, machines, or subnets can access your cluster, restrict access to your Kubernetes API server. You can restrict access by defining authorized IP ranges, or by setting up your API servers as private clusters as explained in<a target="_blank" href="/azure/aks/private-clusters">Create a private Azure Kubernetes Service cluster</a>.<br />(Related policy: [Authorized IP ranges should be defined on Kubernetes Services](https://portal.azure.com/#blade/Microsoft_Azure_Policy/PolicyDetailBlade/definitionId/%2fproviders%2fMicrosoft.Authorization%2fpolicyDefinitions%2f0e246bcf-5f6f-4f87-bc6f-775d4712c7ea)) |High |