Azure Policy Index

How to Use this Page

This page lists the Azure Policies that Bridgecrew helps you enforce, grouped by category. You can browse this page, search for a specific policy ID or jump to one of the categories from the list below or from the right menu. For each policy, press the link for more details about a policy and its remediation options.

Click a category to jump that section on this page.

General

Enable Azure Managed Disk Encryption
Violation ID: BC_AZR_GENERAL_1

Ensure App Service Authentication is Set to On for Azure App Service
Violation ID: BC_AZR_GENERAL_2

Ensure Security Contact Phone Number is Set
Violation ID: BC_AZR_GENERAL_3

Ensure Send Email Notification for High Severity Alerts is Set to On
Violation ID: BC_AZR_GENERAL_4

Ensure Send Email Notification for High Severity Alerts to Admins is Set to On
Violation ID: BC_AZR_GENERAL_5

Ensure Threat Detection Types is Set to All
Violation ID: BC_AZR_GENERAL_6

Enable Send Alerts To for MSSQL Servers
Violation ID: BC_AZR_GENERAL_7

Enable Email Service and Co-administrators for MSSQL Servers
Violation ID: BC_AZR_GENERAL_8

Ensure Standard Pricing Tier is Selected
Violation ID: BC_AZR_GENERAL_9

Set an Expiration Date on All Keys
Violation ID: BC_AZR_GENERAL_10

Ensure the Key Vault is Recoverable
Violation ID: BC_AZR_GENERAL_11

IAM

Enable Register with Azure Active Directory on App Service
Violation ID: BC_AZR_IAM_1

Do not Create Custom Subscription Owner Roles
Violation ID: BC_AZR_IAM_2

Kubernetes

Configure AKS Logging to Azure Monitoring
Violation ID: BC_AZR_KUBERNETES_1

Enable RBAC on AKS Clusters
Violation ID: BC_AZR_KUBERNETES_2

Ensure AKS API Server has Authorized IP Ranges
Violation ID: BC_AZR_KUBERNETES_3

Configure AKS Cluster Network Policy
Violation ID: BC_AZR_KUBERNETES_4

Disable Kube Dashboard
Violation ID: BC_AZR_KUBERNETES_5

Logging

Ensure Network Security Group Flow Log Retention Period is Greater than 90 Days
Violation ID: BC_AZR_LOGGING_1

Set Auditing to On for SQL Servers
Violation ID: BC_AZR_LOGGING_2

Ensure Auditing Retention is Greater than 90 Days
Violation ID: BC_AZR_LOGGING_3

Enable Requests on Storage Logging for Queue Service
Violation ID: BC_AZR_LOGGING_4

Set Activity Log Retention to 365 Days or Greater
Violation ID: BC_AZR_LOGGING_5

Ensure Audit Profile Captures all Activities
Violation ID: BC_AZR_LOGGING_6

Networking

Ensure Azure Instance Uses SSH Key Authentication
Violation ID: BC_AZR_NETWORKING_1

Restrict RDP Access from the Internet
Violation ID: BC_AZR_NETWORKING_2

Restrict SSH Access from the Internet
Violation ID: BC_AZR_NETWORKING_3

Do Not Allow Ingress to SQL Databases from 0.0.0.0/0
Violation ID: BC_AZR_NETWORKING_4

Ensure Web App Redirects All HTTP Traffic to HTTPS in Azure App Service
Violation ID: BC_AZR_NETWORKING_5

Ensure Web App uses the Latest Version of TLS Encryption
Violation ID: BC_AZR_NETWORKING_6

Set Web App Client Certificates to On
Violation ID: BC_AZR_NETWORKING_7

Use Latest HTTP Version to Run the Web App
Violation ID: BC_AZR_NETWORKING_8

Enable Enforce SSL Connection for MySQL Database Server
Violation ID: BC_AZR_NETWORKING_9

Enable Enforce SSL Connection for PostgreSQL Database Server
Violation ID: BC_AZR_NETWORKING_10

Set Server Parameter log_checkpoints to ON for PostgreSQL Database Server
Violation ID: BC_AZR_NETWORKING_11

Set Server Parameter log_connections to ON for PostgreSQL Database Server
Violation ID: BC_AZR_NETWORKING_12

Set Server Parameter connection_throttling to ON for PostgreSQL Database Server
Violation ID: BC_AZR_NETWORKING_13

Set Public Access Level to Private for Blob Containers
Violation ID: BC_AZR_NETWORKING_14

Set Default Network Access Rule for Storage Accounts to Deny
Violation ID: BC_AZR_NETWORKING_15

Enable Trusted Microsoft Services for Storage Account Access
Violation ID: BC_AZR_NETWORKING_16

Secrets

Set an Expiration Date on All Secrets
Violation ID: BC_AZR_SECRETS_1

Storage

Ensure Secure Transfer Required is Enabled
Violation ID: BC_AZR_STORAGE_1

Updated 3 months ago


Azure Policy Index


Suggested Edits are limited on API Reference Pages

You can only suggest edits to Markdown body content, but not to the API spec.