You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/security-center/recommendations-reference.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -30,7 +30,6 @@ Your Secure Score is based on the number of Security Center recommendations you'
30
30
31
31
|Recommendation|Description & related policy|Severity|Quick fix enabled?([Learn more](https://docs.microsoft.com/azure/security-center/security-center-remediate-recommendations#recommendations-with-quick-fix-remediation))|Resource type|
32
32
|----|----|----|----|----|
33
-
|**Access to App Services should be restricted<br/>(DEPRECATED)**|Restrict access to your App Services by changing the networking configuration, to deny inbound traffic from ranges that are too broad.<br>(Related policy: [Preview]: Access to App Services should be restricted)|High|N|App service|
34
33
|**Adaptive Network Hardening recommendations should be applied on internet facing virtual machines**|Customers on the standard pricing tier will see this recommendation when the Adaptive Network Hardening feature finds an overly-permissive NSG rule.<br>(Related policy: Adaptive Network Hardening recommendations should be applied on internet facing virtual machines)|High|N|Virtual machine|
35
34
|**All network ports should be restricted on NSG associated to your VM**|Harden the network security groups of your Internet-facing VMs by restricting the access of your existing allow rules.<br>This recommendation is triggered when any port is opened to *all* sources (except for ports 22, 3389, 5985, 5986, 80, and 1443).<br>(Related policy: Access through internet facing endpoint should be restricted)|High|N|Virtual machine|
36
35
|**DDoS Protection Standard should be enabled**|Protect virtual networks containing applications with public IPs by enabling DDoS protection service standard. DDoS protection enables mitigation of network volumetric and protocol attacks.<br>(Related policy: DDoS Protection Standard should be enabled)|High|N|Virtual network|
@@ -49,10 +48,10 @@ Your Secure Score is based on the number of Security Center recommendations you'
49
48
50
49
|Recommendation|Description & related policy|Severity|Quick fix enabled?([Learn more](https://docs.microsoft.com/azure/security-center/security-center-remediate-recommendations#recommendations-with-quick-fix-remediation))|Resource type|
51
50
|----|----|----|----|----|
51
+
|**Authorized IP ranges should be defined on Kubernetes Services**|Restrict access to the Kubernetes service management API by granting API access only to IP addresses in specific ranges. It is recommended to configure authorized IP ranges so only applications from allowed networks can access the cluster.<br>(Related policy: [Preview]: Authorized IP ranges should be defined on Kubernetes Services)|High|N|Compute resources (Containers)|
52
+
|**Pod Security Policies should be defined to reduce the attack vector by removing unnecessary application privileges (Preview)**|Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure pod security policies so pods can only access resources which they are allowed to access.<br>(Related policy: [Preview]: Pod Security Policies should be defined on Kubernetes Services)|Medium|N|Compute resources (Containers)|
52
53
|**Role-Based Access Control should be used to restrict access to a Kubernetes Service Cluster**|To provide granular filtering of the actions that users can perform, use Role-Based Access Control (RBAC) to manage permissions in Kubernetes Service Clusters and configure relevant authorization policies. For more information see [Azure role-based access control](https://docs.microsoft.com/azure/aks/concepts-identity#role-based-access-controls-rbac).<br>(Related policy: [Preview]: Role-Based Access Control (RBAC) should be used on Kubernetes Services)|Medium|N|Compute resources (Containers)|
53
54
|**The Kubernetes Service should be upgraded to the latest Kubernetes version**|Upgrade Azure Kubernetes Service clusters to the latest Kubernetes version in order to benefit from up-to-date vulnerability patches. For details regarding specific Kubernetes vulnerabilities see [Kubernetes CVEs](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=kubernetes).<br>(Related policy: [Preview]: Kubernetes Services should be upgraded to a non-vulnerable Kubernetes version)|High|N|Compute resources (Containers)|
54
-
|**Pod Security Policies should be defined to reduce the attack vector by removing unnecessary application privileges (Preview)**|Define Pod Security Policies to reduce the attack vector by removing unnecessary application privileges. It is recommended to configure pod security policies so pods can only access resources which they are allowed to access.<br>(Related policy: [Preview]: Pod Security Policies should be defined on Kubernetes Services)|Medium|N|Compute resources (Containers)|
55
-
|**Authorized IP ranges should be defined on Kubernetes Services**|Restrict access to the Kubernetes service management API by granting API access only to IP addresses in specific ranges. It is recommended to configure authorized IP ranges so only applications from allowed networks can access the cluster.<br>(Related policy: [Preview]: Authorized IP ranges should be defined on Kubernetes Services)|High|N|Compute resources (Containers)|
56
55
|**Vulnerabilities in Azure Container Registry images should be remediated (powered by Qualys)**|Container image vulnerability assessment scans your registry for security vulnerabilities on each pushed container image and exposes detailed findings per image. Resolving the vulnerabilities can greatly improve your containers' security posture and protect them from attacks.<br>(No related policy)|High|N|Compute resources (Containers)|
57
56
||||||
58
57
@@ -170,6 +169,7 @@ Your Secure Score is based on the number of Security Center recommendations you'
170
169
171
170
|Recommendation|Description & related policy|Severity|Quick fix enabled?([Learn more](https://docs.microsoft.com/azure/security-center/security-center-remediate-recommendations#recommendations-with-quick-fix-remediation))|Resource type|
172
171
|----|----|----|----|----|
172
+
|**Access to App Services should be restricted**|Restrict access to your App Services by changing the networking configuration, to deny inbound traffic from ranges that are too broad.<br>(Related policy: [Preview]: Access to App Services should be restricted)|High|N|App service|
173
173
|**The rules for web applications on IaaS NSGs should be hardened**|Harden the network security group (NSG) of your virtual machines that are running web applications, with NSG rules that are overly permissive with regards to web application ports.<br>(Related policy: The NSGs rules for web applications on IaaS should be hardened)|High|N|Virtual machine|
0 commit comments