@@ -37,9 +37,6 @@ definitions that audit insecure connections to storage accounts and Redis Cache.
3737- Secure transfer to storage accounts should be enabled
3838- Show audit results from Windows web servers that are not using secure communication protocols
3939- Deploy prerequisites to audit Windows web servers that are not using secure communication protocols
40- - Latest TLS version should be used in your API App
41- - Latest TLS version should be used in your Web App
42- - Latest TLS version should be used in your Function App
4340
4441## 2.3 Data at rest protection
4542
@@ -172,8 +169,8 @@ help you take corrective actions to ensure access Azure resources is restricted
172169
173170- \[ Preview\] : Deploy requirements to audit Linux VMs that have accounts without passwords
174171- \[ Preview\] : Deploy requirements to audit Linux VMs that allow remote connections from accounts without passwords
175- - \[ Preview\] : Audit Linux VMs that have accounts without passwords
176- - \[ Preview\] : Audit Linux VMs that allow remote connections from accounts without passwords
172+ - \[ Preview\] : Show audit results from Linux VMs that have accounts without passwords
173+ - \[ Preview\] : Show audit results from Linux VMs that allow remote connections from accounts without passwords
177174- Storage accounts should be migrated to new Azure Resource Manager resources
178175- Virtual machines should be migrated to new Azure Resource Manager resources
179176- Audit VMs that do not use managed disks
@@ -188,12 +185,10 @@ also assigns a policy that enables adaptive application controls on virtual mach
188185
189186- Audit unrestricted network access to storage accounts
190187- Adaptive Application Controls should be enabled on virtual machines
191- - The NSGs rules for web applications on IaaS should be hardened
192188- Access through Internet facing endpoint should be restricted
193- - Network Security Group Rules for Internet facing virtual machines should be hardened
189+ - Adaptive Network Hardening recommendations should be applied on internet facing virtual machines
194190- Endpoint protection solution should be installed on virtual machine scale sets
195191- Just-In-Time network access control should be applied on virtual machines
196- - Audit unrestricted network access to storage accounts
197192- Remote debugging should be turned off for Function App
198193- Remote debugging should be turned off for Web Application
199194- Remote debugging should be turned off for API App
@@ -246,15 +241,15 @@ This blueprint also assigns an Azure Policy definition that audits Linux VM pass
246241permissions to alert if they're set incorrectly. This design enables you to take corrective action
247242to ensure authenticators aren't compromised.
248243
249- - \[ Preview\] : Audit Linux VM /etc/ passwd file permissions are set to 0644
244+ - \[ Preview\] : Show audit results from Linux VMs that do not have the passwd file permissions set to 0644
250245
251246## 13 Audit Information for Users
252247
253248This blueprint helps you ensure system events are logged by assigning [ Azure Policy] ( ../../../policy/overview.md )
254249definitions that audit log settings on Azure resources. An assigned policy also audits if virtual
255250machines aren't sending logs to a specified log analytics workspace.
256251
257- - Auditing should be enabled on advanced data security settings on SQL Server
252+ - Advanced data security should be enabled on your SQL servers
258253- Audit diagnostic setting
259254- \[ Preview\] : Deploy Log Analytics Agent for Linux VMs
260255- \[ Preview\] : Deploy Log Analytics Agent for Windows VMs
0 commit comments