Networking Policies

How to Use this Page

This page lists the Azure Networking Policies that Bridgecrew helps you enforce. You can browse this page, or search for a specific policy ID or short title. For each policy, press the link for more details about a policy and its fix options.

Ensure Azure instance authenticates using SSH keys
Policy ID: BC_AZR_NETWORKING_1

Ensure RDP Internet access is restricted
Policy ID: BC_AZR_NETWORKING_2

Ensure SSH Internet access is restricted
Policy ID: BC_AZR_NETWORKING_3

Ensure SQL databases do not allow ingress from 0.0.0.0/0
Policy ID: BC_AZR_NETWORKING_4

Ensure Azure App Service Web app redirects HTTP to HTTPS
Policy ID: BC_AZR_NETWORKING_5

Ensure Web App uses the latest version of TLS encryption
Policy ID: BC_AZR_NETWORKING_6

Ensure Web App has incoming client certificates enabled
Policy ID: BC_AZR_NETWORKING_7

Ensure Web App uses the latest version of HTTP
Policy ID: BC_AZR_NETWORKING_8

Ensure MySQL server databases have Enforce SSL connection enabled
Policy ID: BC_AZR_NETWORKING_9

Ensure Azure PostgreSQL database server with SSL connection is enabled
Policy ID: BC_AZR_NETWORKING_10

Ensure Azure PostgreSQL database server with log checkpoints parameter is enabled
Policy ID: BC_AZR_NETWORKING_11

Ensure Azure PostgreSQL database server with log connections parameter is enabled
Policy ID: BC_AZR_NETWORKING_12

Ensure Azure PostgreSQL database server with connection throttling parameter is enabled
Policy ID: BC_AZR_NETWORKING_13

Ensure public access level for Blob Containers is set to private
Policy ID: BC_AZR_NETWORKING_14

Ensure Azure Storage Account default network access is set to Deny
Policy ID: BC_AZR_NETWORKING_15

Ensure Azure Storage Account Trusted Microsoft Services access is enabled
Policy ID: BC_AZR_NETWORKING_16

Ensure MariaDB servers have Enforce SSL connection enabled
Policy ID: BC_AZR_NETWORKING_17

Ensure Azure storage account does not allow blob containers with public access
Policy ID: BC_AZR_NETWORKING_18

Ensure storage accounts have secure transfer enabled
Policy ID: BC_AZR_NETWORKING_19

Ensure PostgreSQL server disables public network access
Policy ID: BC_AZR_NETWORKING_20

Ensure function apps are only accessible over HTTPS
Policy ID: BC_AZR_NETWORKING_21

Ensure UDP Services are restricted from the Internet
Policy ID: BC_AZR_NETWORKING_22

Ensure Azure cache for Redis has public network access disabled
Policy ID: BC_AZR_NETWORKING_23

Ensure only SSL are enabled for cache for Redis
Policy ID: BC_AZR_NETWORKING_24

Ensure Azure container container group is deployed into a virtual network
Policy ID: BC_AZR_NETWORKING_25

Ensure Cosmos DB accounts have restricted access
Policy ID: BC_AZR_NETWORKING_26

Ensure Azure Synapse workspaces have no IP firewall rules attached
Policy ID: BC_AZR_NETWORKING_27

Ensure Azure Cosmos DB disables public network access
Policy ID: BC_AZR_NETWORKING_28

Ensure Azure Data factory public network access is disabled
Policy ID: BC_AZR_NETWORKING_29

Ensure Azure Event Grid domain public network access is disabled
Policy ID: BC_AZR_NETWORKING_30

Ensure API management services use virtual networks
Policy ID: BC_AZR_NETWORKING_31

Ensure Azure IoT Hub disables public network access
Policy ID: BC_AZR_NETWORKING_32

Ensure key vault allows firewall rules settings
Policy ID: BC_AZR_NETWORKING_33

Ensure SQL server disables public network access
Policy ID: BC_AZR_NETWORKING_34

Ensure Azure virtual machine NIC has IP forwarding disabled
Policy ID: BC_AZR_NETWORKING_35

Ensure network interfaces do not use public IPs
Policy ID: BC_AZR_NETWORKING_36

Ensure Azure application gateway has WAF enabled
Policy ID: BC_AZR_NETWORKING_37

Ensure Azure front door has WAF enabled
Policy ID: BC_AZR_NETWORKING_38

Ensure application gateway uses WAF in Detection or Prevention modes
Policy ID: BC_AZR_NETWORKING_39

Ensure Azure front door uses WAF in Detection or Prevention modes
Policy ID: BC_AZR_NETWORKING_40

Ensure Azure cognitive search disables public network access
Policy ID: BC_AZR_NETWORKING_41

Ensure Azure file sync disables public network access
Policy ID: BC_AZR_NETWORKING_42

Ensure Azure Synapse Workspaces enable managed virtual networks
Policy ID: BC_AZR_NETWORKING_43

Ensure My SQL server disables public network access
Policy ID: BC_AZR_NETWORKING_44

Ensure 'public network access enabled' is set to False for MySQL servers
Policy ID: BC_AZR_NETWORKING_45