CodeAnt AI home pagelight logodark logo
  • Dashboard
  • Dashboard
  • Documentation
  • Demo Call with CEO
  • Blog
  • Slack
  • Get Started
    • CodeAnt AI
    • Setup
    • Control Center
    • Pull Request Review
    • IDE
    • Compliance
    • Anti-Patterns
    • Code Governance
    • Infrastructure Security Database
    • Application Security Database
      • Apex
      • Bash
      • C
      • Clojure
      • Cpp
      • Csharp
      • Dockerfile
      • Elixir
      • Fingerprints
      • Generic
      • Go
      • Html
      • Java
      • Javascript
      • Json
      • Kotlin
      • Ocaml
      • Php
      • Problem-based-packs
      • Python
      • Ruby
      • Rust
      • Scala
      • Solidity
      • Swift
      • Terraform
        • Aws
        • Azure
          • Best practice
          • Security
          • Security
        • Gcp
        • Lang
      • Typescript
      • Yaml
    Azure

    Best practice

    azure-appgateway-enables-waf

    Ensure that Application Gateway enables WAF

    azure-appservice-https-20-enabled

    Ensure that HTTP Version is the latest if used to run the web app

    azure-postgresql-geo-backup-enabled

    Ensure that PostgreSQL server enables geo-redundant backups

    azure-sqlserver-email-alerts-enabled

    Ensure that Send Alerts To is enabled for MSSQL servers

    azure-appservice-used-azure-files

    Ensure that app services use Azure Files

    azure-ad-used-auth-service-fabric

    Ensures that Active Directory is used for authentication for Service Fabric

    azure-defenderon-sqlservers-vms

    Ensure that Azure Defender is set to On for SQL servers on machines

    azure-securitycenter-standard-pricing

    Ensure that standard pricing tier is selected

    azure-vmscale-sets-auto-os-image-patching-enabled

    Ensure that automatic OS image patching is enabled for Virtual Machine Scale Sets

    azure-networkinterface-enable-ip-forwarding

    Ensure that Network Interfaces disable IP forwarding
    Likelihood: LOW
    Confidence: LOW
    CWE:
    - CWE-284: Improper Access Control
    OWASP:
    - A05:2017 - Broken Access Control
    - A01:2021 - Broken Access Control

    azure-postgresql-server-connection-throttling-enabled

    Ensure server parameter connection_throttling is set to ON for PostgreSQL Database Server

    azure-securitycenter-contact-phone

    Ensure that Security contact Phone number is set

    azure-defenderon-servers

    Ensure that Azure Defender is set to On for Servers

    azure-appservice-dotnet-framework-version

    Ensure that Net Framework version is the latest, if used as a part of the web app

    azure-postgresql-server-log-connections-enabled

    Ensure server parameter log_connections is set to ON for PostgreSQL Database Server

    azure-appservice-python-version

    Ensure that Python version is the latest, if used to run the web app

    azure-functionapps-accessible-over-https

    Ensure that HTTP Version is the latest if used to run the Function app

    azure-sqlserver-threat-detection-types

    Ensure that Threat Detection types is set to All

    azure-aks-uses-azure-policies-addon

    Ensure that AKS uses Azure Policies Add-on

    azure-defenderon-appservices

    Ensure that Azure Defender is set to On for App Service

    azure-securitycenter-email-alert-admins

    Ensure that Send email notification for high severity alerts is set to On

    azure-securitcenter-email-alert

    Ensure that Send email notification for high severity alerts is set to On

    azure-mariadb-geo-backup-enabled

    Ensure that MariaDB server enables geo-redundant backups

    azure-secret-content-type

    Ensure that key vault secrets have “content_type” set

    azure-keyvault-enables-firewall-rules-settings

    Ensure that key vault allows firewall rules settings

    azure-mysql-threat-detection-enabled

    Ensure that MySQL server enables Threat detection policy

    azure-securitycenter-contact-emails

    Ensure that Security contact emails is set

    azure-keyvault-recovery-enabled

    Ensure the key vault is recoverable https://docs.bridgecrew.io/docs/ensure-the-key-vault-is-recoverable

    azure-postgresql-server-log-checkpoint-enabled

    Ensure server parameter log_checkpoints is set to ON for PostgreSQL Database Server

    azure-appservice-php-version

    Ensure that PHP version is the latest, if used to run the web app

    azure-mariadb-sslenforcement-enabled

    Ensure Enforce SSL connection is set to Enabled for MariaDB servers

    azure-frontdoor-enables-waf

    Ensure that Azure Front Door enables WAF

    azure-secret-expiration-date

    Ensure that the expiration date is set on all secrets

    azure-monitor-log-profile-categories

    Ensure audit profile captures all the activities

    azure-monitor-log-profile-retention-days

    Ensure that Activity Log Retention is set 365 days or greater

    azure-sqlserver-email-alerts-toadmins-enabled

    Ensure that Email service and co-administrators is Enabled for MSSQL servers

    azure-defenderon-keyvaults

    Ensure that Azure Defender is set to On for Key Vault

    azure-postgresql-flexi-server-geo-backup-enabled

    Ensure that PostgreSQL Flexible server enables geo-redundant backups

    azure-postgresql-threat-detection-enabled

    Ensure that PostgreSQL server enables Threat detection policy

    azure-appservice-java-version

    Ensure that Java version is the latest, if used to run the web app

    azure-keyvault-enables-purge-protection

    Ensure that key vault enables purge protection

    azure-functionapp-http-version-latest

    Ensure that HTTP Version is the latest if used to run the Function app

    azure-storage-account-enables-secure-transfer

    Ensure that storage account enables secure transfer

    azure-mysql-server-tlsenforcement-enabled

    Ensure Enforce SSL connection is set to Enabled for MySQL servers

    azure-appservice-ftps-state

    Ensure FTP deployments are disabled

    azure-defenderon-storage

    Ensure that Azure Defender is set to On for Storage

    azure-mysql-geo-backup-enabled

    Ensure that MySQL server enables geo-redundant backups

    azure-synapse-workscape-enables-managed-virtual-network

    Ensure that Azure Synapse workspaces enables managed virtual networks

    azure-defenderon-sqlservers

    Ensure that Azure Defender is set to On for SQL servers

    azure-defenderon-container-registry

    Ensure that Azure Defender is set to On for Container

    azure-defenderon-kubernetes

    Ensure that Azure Defender is set to On for Kubernetes

    azure-frontdoor-use-wafmode

    Ensure that Azure Front Door uses WAF and configured in “Detection” or “Prevention” modes

    azure-postgresql-ssl-enforcement-enabled

    Ensure Enforce SSL connection is set to Enabled for PostgreSQL servers

    azure-keyvault-enables-soft-delete

    Ensure that key vault enables soft delete

    azure-waf-specificed-mode-app-gw

    Ensure that Application Gateway uses WAF in “Detection” or “Prevention” modes

    SecuritySecurity
    twitterlinkedin
    Powered by Mintlify
    Assistant
    Responses are generated using AI and may contain mistakes.