You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/recommendations-reference.md
+15Lines changed: 15 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -88,6 +88,21 @@ impact on your secure score.
88
88
(Preview) API Management minimum API version should be set to 2019-12-01 or higher|To prevent service secrets from being shared with read-only users, the minimum API version should be set to 2019-12-01 or higher.|Medium
89
89
(Preview) API Management calls to API backends should be authenticated|Calls from API Management to backends should use some form of authentication, whether via certificates or credentials. Does not apply to Service Fabric backends.|Medium
90
90
91
+
## AI recommendations
92
+
93
+
| Recommendation | Description & related policy | Severity |
| Resource logs in Azure Machine Learning Workspaces should be enabled (Preview) | Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised. | Medium |
96
+
| Azure Machine Learning Workspaces should disable public network access (Preview) | Disabling public network access improves security by ensuring that the Machine Learning Workspaces aren't exposed on the public internet. You can control exposure of your workspaces by creating private endpoints instead. For more information, see [Configure a private endpoint for an Azure Machine Learning workspace](/azure/machine-learning/how-to-configure-private-link). | Medium |
97
+
| Azure Machine Learning Computes should be in a virtual network (Preview) | Azure Virtual Networks provide enhanced security and isolation for your Azure Machine Learning Compute Clusters and Instances, as well as subnets, access control policies, and other features to further restrict access. When a compute is configured with a virtual network, it is not publicly addressable and can only be accessed from virtual machines and applications within the virtual network. | Medium |
98
+
| Azure Machine Learning Computes should have local authentication methods disabled (Preview) | Disabling local authentication methods improves security by ensuring that Machine Learning Computes require Azure Active Directory identities exclusively for authentication. For more information, see [Azure Policy Regulatory Compliance controls for Azure Machine Learning](/azure/machine-learning/security-controls-policy). | Medium |
99
+
| Azure Machine Learning compute instances should be recreated to get the latest software updates (Preview) | Ensure Azure Machine Learning compute instances run on the latest available operating system. Security is improved and vulnerabilities reduced by running with the latest security patches. For more information, see [Vulnerability management for Azure Machine Learning](/azure/machine-learning/concept-vulnerability-management#compute-instance). | Medium |
100
+
| Resource logs in Azure Databricks Workspaces should be enabled (Preview) | Resource logs enable recreating activity trails to use for investigation purposes when a security incident occurs or when your network is compromised. | Medium |
101
+
| Azure Databricks Workspaces should disable public network access (Preview) | Disabling public network access improves security by ensuring that the resource isn't exposed on the public internet. You can control exposure of your resources by creating private endpoints instead. For more information, see [Enable Azure Private Link](/azure/databricks/administration-guide/cloud-configurations/azure/private-link). | Medium |
102
+
| Azure Databricks Clusters should disable public IP (Preview) | Disabling public IP of clusters in Azure Databricks Workspaces improves security by ensuring that the clusters aren't exposed on the public internet. For more information, see [Secure cluster connectivity](/azure/databricks/security/network/secure-cluster-connectivity). | Medium |
103
+
| Azure Databricks Workspaces should be in a virtual network (Preview) | Azure Virtual Networks provide enhanced security and isolation for your Azure Databricks Workspaces, as well as subnets, access control policies, and other features to further restrict access. For more information, see [Deploy Azure Databricks in your Azure virtual network](/azure/databricks/administration-guide/cloud-configurations/azure/vnet-inject). | Medium |
104
+
| Azure Databricks Workspaces should use private link (Preview) | Azure Private Link lets you connect your virtual networks to Azure services without a public IP address at the source or destination. The Private Link platform handles the connectivity between the consumer and services over the Azure backbone network. By mapping private endpoints to Azure Databricks workspaces, you can reduce data leakage risks. For more information, see [Create the workspace and private endpoints in the Azure portal UI](/azure/databricks/administration-guide/cloud-configurations/azure/private-link-standard#create-the-workspace-and-private-endpoints-in-the-azure-portal-ui). | Medium |
105
+
91
106
## Deprecated recommendations
92
107
93
108
|Recommendation|Description & related policy|Severity|
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments