PlatformResourcesSign inSign Up

General Policies

Suggest Edits

How to Use this Page

This page lists the Azure General Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure Azure VM data disk is encrypted with ADE/CMK
Policy ID: BC_AZR_GENERAL_1

Ensure Azure App Service Web app authentication is On
Policy ID: BC_AZR_GENERAL_2

Ensure a security contact phone number is present
Policy ID: BC_AZR_GENERAL_3

Ensure Send email notification for high severity alerts is enabled
Policy ID: BC_AZR_GENERAL_4

Ensure Send email notification for high severity alerts to admins is enabled
Policy ID: BC_AZR_GENERAL_5

Ensure Azure SQL Server threat detection alerts are enabled for all threat types
Policy ID: BC_AZR_GENERAL_6

Ensure Azure SQL server send alerts to field value is set
Policy ID: BC_AZR_GENERAL_7

Ensure MSSQL servers have email service and co-administrators enabled
Policy ID: BC_AZR_GENERAL_8

Ensure standard pricing tier is selected
Policy ID: BC_AZR_GENERAL_9

Ensure all keys have an expiration date
Policy ID: BC_AZR_GENERAL_10

Ensure Azure key vault is recoverable
Policy ID: BC_AZR_GENERAL_11

Ensure a retention period of less than 90 days is specified
Policy ID: BC_AZR_GENERAL_12

Ensure Azure Linux scale set uses an SSH key
Policy ID: BC_AZR_GENERAL_13

Ensure Virtual Machine extensions are not installed
Policy ID: BC_AZR_GENERAL_14

Ensure FTP Deployments are disabled
Policy ID: BC_AZR_GENERAL_15

Ensure PostgreSQL server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_16

Ensure key vault key is backed by HSM
Policy ID: BC_AZR_GENERAL_17

Ensure MariaDB server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_18

Ensure My SQL server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_19

Ensure Virtual Machines are backed up using Azure backup
Policy ID: BC_AZR_GENERAL_20

Ensure Cosmos DB accounts have CMKs to encrypt data at rest
Policy ID: BC_AZR_GENERAL_21

Ensure Data Lake Store accounts enable encryption
Policy ID: BC_AZR_GENERAL_22

Ensure PostgreSQL server enables infrastructure encryption
Policy ID: BC_AZR_GENERAL_24

Ensure Automation account variables are encrypted
Policy ID: BC_AZR_GENERAL_25

Ensure Azure Data Explorer uses disk encryption
Policy ID: BC_AZR_GENERAL_26

Ensure Azure Data Explorer uses double encryption
Policy ID: BC_AZR_GENERAL_27

Ensure Azure Batch account uses key vault to encrypt data
Policy ID: BC_AZR_GENERAL_28

Ensure managed disks use a specific set of disk encryption sets for customer-managed key encryption
Policy ID: BC_AZR_GENERAL_29

Ensure MySQL server enables infrastructure encryption
Policy ID: BC_AZR_GENERAL_30

Ensure Virtual Machine scale sets have encryption at host enabled
Policy ID: BC_AZR_GENERAL_31

Ensure storage for critical data are encrypted with CMKs
Policy ID: BC_AZR_GENERAL_32

Ensure Azure Data Explorer encryption at rest uses a CMK
Policy ID: BC_AZR_GENERAL_33

Ensure unattached disks are encrypted
Policy ID: BC_AZR_GENERAL_34

Ensure Azure data factories are encrypted with a CMK
Policy ID: BC_AZR_GENERAL_35

Ensure MySQL server enables CMKs for encryption
Policy ID: BC_AZR_GENERAL_36

Ensure PostgreSQL server enables CMKs for encryption
Policy ID: BC_AZR_GENERAL_37

Ensure Azure storage account encryption CMKs are enabled
Policy ID: BC_AZR_GENERAL_38

Ensure Azure Data Factory uses Git repository for source control
Policy ID: BC_AZR_GENERAL_39

Ensure key vault enables purge protection
Policy ID: BC_AZR_GENERAL_40

Ensure key vault enables soft-delete
Policy ID: BC_AZR_GENERAL_41

Ensure key vault secrets have content_type set
Policy ID: BC_AZR_GENERAL_42

Ensure Service Fabric clusters use AD for authentication
Policy ID: BC_AZR_GENERAL_43

Ensure My SQL server enables Threat Detection policy
Policy ID: BC_AZR_GENERAL_44

Ensure PostgreSQL server enables Threat Detection policy
Policy ID: BC_AZR_GENERAL_45

Ensure Azure Security Center Defender is set to On for servers
Policy ID: BC_AZR_GENERAL_46

Ensure Azure function app authentication is set to On
Policy ID: BC_AZR_GENERAL_47

Ensure CORS disallows resource to access app services
Policy ID: BC_AZR_GENERAL_48

Ensure security contact emails are set
Policy ID: BC_AZR_GENERAL_49

Ensure Azure Security Center Defender is set to On for app service
Policy ID: BC_AZR_GENERAL_50

Ensure CORS does not allow resources to access function apps
Policy ID: BC_AZR_GENERAL_51

Ensure function app uses the latest HTTP version
Policy ID: BC_AZR_GENERAL_52

Ensure Azure Security Center Defender is set to On for Azure SQL database servers
Policy ID: BC_AZR_GENERAL_53

Ensure managed identity provider is enabled for app services
Policy ID: BC_AZR_GENERAL_54

Ensure remote debugging is not enabled for app services
Policy ID: BC_AZR_GENERAL_55

Ensure Azure Defender is set to On for SQL servers on machines
Policy ID: BC_AZR_GENERAL_56

Ensure Azure App Service Web app uses the latest .Net Core version
Policy ID: BC_AZR_GENERAL_57

Ensure Azure App Service Web app uses the latest PHP version
Policy ID: BC_AZR_GENERAL_58

Ensure Azure App Service Web app uses the latest Python version
Policy ID: BC_AZR_GENERAL_59

Ensure Azure App Service Web app uses the latest Java version
Policy ID: BC_AZR_GENERAL_60

Ensure Azure Security Center Defender is set to On for storage
Policy ID: BC_AZR_GENERAL_61

Ensure Azure Security Center Defender is set to On for Kubernetes
Policy ID: BC_AZR_GENERAL_62

Ensure Azure Defender is set to On for container registries
Policy ID: BC_AZR_GENERAL_63

Ensure Azure Security Center Defender set to On for Key Vault
Policy ID: BC_AZR_GENERAL_64

Ensure app services use Azure files
Policy ID: BC_AZR_GENERAL_65

Ensure Virtual Machines are utilizing managed disks
Policy ID: BC_AZR_GENERAL_66

Ensure automatic OS image patching is enabled for Virtual Machine scale sets
Policy ID: BC_AZR_GENERAL_67

Ensure Microsoft Antimalware is configured to automatically update Virtual Machines
Policy ID: BC_AZR_GENERAL_68

Ensure SQL servers enable data security policy
Policy ID: BC_AZR_GENERAL_69

Ensure Azure SQL server ADS Vulnerability Assessment is enabled
Policy ID: BC_AZR_GENERAL_70

Ensure Azure SQL server ADS Vulnerability Assessment Periodic recurring scans is enabled
Policy ID: BC_AZR_GENERAL_71

Ensure Azure SQL server ADS VA Send scan reports to is configured
Policy ID: BC_AZR_GENERAL_72

Ensure Azure SQL server ADS VA Also send email notifications to admins and subscription owners is enabled
Policy ID: BC_AZR_GENERAL_73

Ensure SQL servers have Azure Active Directory admin configured
Policy ID: BC_AZR_GENERAL_74

Ensure Azure Virtual Machines are utilizing managed disks
Policy ID: BC_AZR_GENERAL_75

Ensure MSSQL is using the latest version of TLS encryption
Policy ID: BC_AZR_GENERAL_76

Ensure MySQL is using the latest version of TLS encryption
Policy ID: BC_AZR_GENERAL_77

Ensure that Active Directory is used for Service Fabric authentication
Policy ID: BC_AZR_GENERAL_78

Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
Policy ID: BC_AZR_GENERAL_79

Ensure that Service Fabric uses available three levels of protection
Policy ID: BC_AZR_GENERAL_80

Ensure Azure resources that support tags have Tags
Policy ID: BC_AZR_GENERAL_81

Updated over 2 years ago