General Policies
How to Use this Page
This page lists the Azure General Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.
Ensure Azure VM data disk is encrypted with ADE/CMK
Policy ID: BC_AZR_GENERAL_1
Ensure Azure App Service Web app authentication is On
Policy ID: BC_AZR_GENERAL_2
Ensure a security contact phone number is present
Policy ID: BC_AZR_GENERAL_3
Ensure Send email notification for high severity alerts is enabled
Policy ID: BC_AZR_GENERAL_4
Ensure Send email notification for high severity alerts to admins is enabled
Policy ID: BC_AZR_GENERAL_5
Ensure Azure SQL Server threat detection alerts are enabled for all threat types
Policy ID: BC_AZR_GENERAL_6
Ensure Azure SQL server send alerts to field value is set
Policy ID: BC_AZR_GENERAL_7
Ensure MSSQL servers have email service and co-administrators enabled
Policy ID: BC_AZR_GENERAL_8
Ensure standard pricing tier is selected
Policy ID: BC_AZR_GENERAL_9
Ensure all keys have an expiration date
Policy ID: BC_AZR_GENERAL_10
Ensure Azure key vault is recoverable
Policy ID: BC_AZR_GENERAL_11
Ensure a retention period of less than 90 days is specified
Policy ID: BC_AZR_GENERAL_12
Ensure Azure Linux scale set uses an SSH key
Policy ID: BC_AZR_GENERAL_13
Ensure Virtual Machine extensions are not installed
Policy ID: BC_AZR_GENERAL_14
Ensure FTP Deployments are disabled
Policy ID: BC_AZR_GENERAL_15
Ensure PostgreSQL server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_16
Ensure key vault key is backed by HSM
Policy ID: BC_AZR_GENERAL_17
Ensure MariaDB server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_18
Ensure My SQL server enables geo-redundant backups
Policy ID: BC_AZR_GENERAL_19
Ensure Virtual Machines are backed up using Azure backup
Policy ID: BC_AZR_GENERAL_20
Ensure Cosmos DB accounts have CMKs to encrypt data at rest
Policy ID: BC_AZR_GENERAL_21
Ensure Data Lake Store accounts enable encryption
Policy ID: BC_AZR_GENERAL_22
Ensure PostgreSQL server enables infrastructure encryption
Policy ID: BC_AZR_GENERAL_24
Ensure Automation account variables are encrypted
Policy ID: BC_AZR_GENERAL_25
Ensure Azure Data Explorer uses disk encryption
Policy ID: BC_AZR_GENERAL_26
Ensure Azure Data Explorer uses double encryption
Policy ID: BC_AZR_GENERAL_27
Ensure Azure Batch account uses key vault to encrypt data
Policy ID: BC_AZR_GENERAL_28
Ensure managed disks use a specific set of disk encryption sets for customer-managed key encryption
Policy ID: BC_AZR_GENERAL_29
Ensure MySQL server enables infrastructure encryption
Policy ID: BC_AZR_GENERAL_30
Ensure Virtual Machine scale sets have encryption at host enabled
Policy ID: BC_AZR_GENERAL_31
Ensure storage for critical data are encrypted with CMKs
Policy ID: BC_AZR_GENERAL_32
Ensure Azure Data Explorer encryption at rest uses a CMK
Policy ID: BC_AZR_GENERAL_33
Ensure unattached disks are encrypted
Policy ID: BC_AZR_GENERAL_34
Ensure Azure data factories are encrypted with a CMK
Policy ID: BC_AZR_GENERAL_35
Ensure MySQL server enables CMKs for encryption
Policy ID: BC_AZR_GENERAL_36
Ensure PostgreSQL server enables CMKs for encryption
Policy ID: BC_AZR_GENERAL_37
Ensure Azure storage account encryption CMKs are enabled
Policy ID: BC_AZR_GENERAL_38
Ensure Azure Data Factory uses Git repository for source control
Policy ID: BC_AZR_GENERAL_39
Ensure key vault enables purge protection
Policy ID: BC_AZR_GENERAL_40
Ensure key vault enables soft-delete
Policy ID: BC_AZR_GENERAL_41
Ensure key vault secrets have content_type set
Policy ID: BC_AZR_GENERAL_42
Ensure Service Fabric clusters use AD for authentication
Policy ID: BC_AZR_GENERAL_43
Ensure My SQL server enables Threat Detection policy
Policy ID: BC_AZR_GENERAL_44
Ensure PostgreSQL server enables Threat Detection policy
Policy ID: BC_AZR_GENERAL_45
Ensure Azure Security Center Defender is set to On for servers
Policy ID: BC_AZR_GENERAL_46
Ensure Azure function app authentication is set to On
Policy ID: BC_AZR_GENERAL_47
Ensure CORS disallows resource to access app services
Policy ID: BC_AZR_GENERAL_48
Ensure security contact emails are set
Policy ID: BC_AZR_GENERAL_49
Ensure Azure Security Center Defender is set to On for app service
Policy ID: BC_AZR_GENERAL_50
Ensure CORS does not allow resources to access function apps
Policy ID: BC_AZR_GENERAL_51
Ensure function app uses the latest HTTP version
Policy ID: BC_AZR_GENERAL_52
Ensure Azure Security Center Defender is set to On for Azure SQL database servers
Policy ID: BC_AZR_GENERAL_53
Ensure managed identity provider is enabled for app services
Policy ID: BC_AZR_GENERAL_54
Ensure remote debugging is not enabled for app services
Policy ID: BC_AZR_GENERAL_55
Ensure Azure Defender is set to On for SQL servers on machines
Policy ID: BC_AZR_GENERAL_56
Ensure Azure App Service Web app uses the latest .Net Core version
Policy ID: BC_AZR_GENERAL_57
Ensure Azure App Service Web app uses the latest PHP version
Policy ID: BC_AZR_GENERAL_58
Ensure Azure App Service Web app uses the latest Python version
Policy ID: BC_AZR_GENERAL_59
Ensure Azure App Service Web app uses the latest Java version
Policy ID: BC_AZR_GENERAL_60
Ensure Azure Security Center Defender is set to On for storage
Policy ID: BC_AZR_GENERAL_61
Ensure Azure Security Center Defender is set to On for Kubernetes
Policy ID: BC_AZR_GENERAL_62
Ensure Azure Defender is set to On for container registries
Policy ID: BC_AZR_GENERAL_63
Ensure Azure Security Center Defender set to On for Key Vault
Policy ID: BC_AZR_GENERAL_64
Ensure app services use Azure files
Policy ID: BC_AZR_GENERAL_65
Ensure Virtual Machines are utilizing managed disks
Policy ID: BC_AZR_GENERAL_66
Ensure automatic OS image patching is enabled for Virtual Machine scale sets
Policy ID: BC_AZR_GENERAL_67
Ensure Microsoft Antimalware is configured to automatically update Virtual Machines
Policy ID: BC_AZR_GENERAL_68
Ensure SQL servers enable data security policy
Policy ID: BC_AZR_GENERAL_69
Ensure Azure SQL server ADS Vulnerability Assessment is enabled
Policy ID: BC_AZR_GENERAL_70
Ensure Azure SQL server ADS Vulnerability Assessment Periodic recurring scans is enabled
Policy ID: BC_AZR_GENERAL_71
Ensure Azure SQL server ADS VA Send scan reports to is configured
Policy ID: BC_AZR_GENERAL_72
Ensure Azure SQL server ADS VA Also send email notifications to admins and subscription owners is enabled
Policy ID: BC_AZR_GENERAL_73
Ensure SQL servers have Azure Active Directory admin configured
Policy ID: BC_AZR_GENERAL_74
Ensure Azure Virtual Machines are utilizing managed disks
Policy ID: BC_AZR_GENERAL_75
Ensure MSSQL is using the latest version of TLS encryption
Policy ID: BC_AZR_GENERAL_76
Ensure MySQL is using the latest version of TLS encryption
Policy ID: BC_AZR_GENERAL_77
Ensure that Active Directory is used for Service Fabric authentication
Policy ID: BC_AZR_GENERAL_78
Ensure 'Allow access to Azure services' for PostgreSQL Database Server is disabled
Policy ID: BC_AZR_GENERAL_79
Ensure that Service Fabric uses available three levels of protection
Policy ID: BC_AZR_GENERAL_80
Ensure Azure resources that support tags have Tags
Policy ID: BC_AZR_GENERAL_81
Updated almost 2 years ago