Low Alerts for Azure
Auditing on SQL Server Should Be Enabled
Audit Retention for SQL Servers Should Be Set to at Least 90 Days
Azure Backup Should be Enabled for Virtual Machines
Azure Monitor log profile should collect logs for categories 'write,' 'delete,' and 'action'
Container Registries Should be Encrypted with a Customer-Managed Key (CMK)
Copy of Geo-Redundant Backup Should Be Enabled for Azure Database for MySQL
Copy of Geo-Redundant Backup Should Be Enabled for Azure Database for PostgreSQL
Custom subscription owner roles should not exist
Diagnostic Logs in Azure Data Lake Store Should Be Enabled
Diagnostic Logs in Data Lake Analytics Should Be Enabled
Diagnostic Logs in Event Hub Should be Enabled
Diagnostic Logs in IoT Hub Should Be Enabled
Diagnostic Logs in Key Vault Should Be Enabled
[Enable if Required] Azure Cosmos Db Accounts Should Use Customer-Managed Keys to Encrypt Data at Rest
[Enable if Required] Azure Machine Learning Workspaces Should Be Encrypted With a Customer-Managed Key (CMK)
[Enable if Required] Cognitive Services Accounts Should Enable Data Encryption With a Customer-Managed Key (CMK)
[Enable if Required] MySQL Servers Should Use Customer-Managed Keys to Encrypt Data at Rest
[Enable if Required] PostgreSQL Servers Should Use Customer-Managed Keys to Encrypt Data at Rest
[Enable if Required] SQL Managed Instances Should use Customer-Managed Keys to Encrypt Data at Rest
[Enable if required] SQL Servers Should Use Customer-Managed Keys to Encrypt Data at Rest
[Enable if Required] Storage Accounts Should Use Customer-Managed Key (CMK) for Encryption
Ensure That 'HTTP Version' is the Latest, if Used to Run the Web App
Geo-Redundant Backup Should Be Enabled for Azure Database for MariaDB
Guest Attestation Extension Should be Installed on XYZ
Install Azure Security Center for IoT Security Module to Get More Visibility Into Your IoT Devices
IoT Devices - Agent Sending Underutilized Messages
Kubernetes Clusters Should Not Use the Default Namespace
Linux Virtual Machines Should Enforce Kernel Module Signature Validation
Linux Virtual Machines Should Use Secure Boot
Machines Should be Restarted to Apply security Configuration Updates
Network Watcher Should Be Enabled
Non-Internet-Facing Virtual Machines Should Be Protected With Network Security Groups
Only Approved VM Extensions Should be Installed
Remote Debugging should be Disabled for Apps
Remove/Approve Untrusted Boot Components
Secure Boot Should be Enabled on Supported Windows Virtual Machines
Sensitive Data in Your SQL Databases Should Be Classified
Storage Accounts Should be Migrated to New Azure Resource Manager Resources
Transparent Data Encryption on SQL Databases Should Be Enabled
Unattached disks should be encrypted
vTPM Should be Enabled on Supported Virtual Machines
Web Application Firewall (WAF) Should Be Enabled for Application Gateway
Web Application Firewall (WAF) Should Be Enabled for Azure Front Door Service Service
, multiple selections available,