standard
turbot/azure_compliance
Pipelines
The Azure Compliance mod has 276 pipelines.
Start with these recommended pipelines:
- Detect & correct App Service web apps register with active directory disabled
- Detect & correct App Service web apps with remote debugging enabled
- Detect & correct App Service web apps without HTTPS enabled
- Detect & correct Compute disks with data access auth mode disabled
- Detect & correct Key Vaults with purge protection disabled
- Detect & correct Key Vaults with RBAC disabled
- Detect & correct MySQL flexible servers with audit log disabled
- Detect & correct PostgreSQL flexible servers with connection throttling disabled
- Detect & correct PostgreSQL flexible servers with log checkpoints disabled
- Detect & correct PostgreSQL flexible servers with SSL disabled
- Detect & correct PostgreSQL servers allowing access to Azure services
- Detect & correct PostgreSQL servers with infrastructure encryption disabled
- Detect & correct PostgreSQL servers with log checkpoints disabled
- Detect & correct PostgreSQL servers with log retention less than 3 days
- Detect & correct PostgreSQL servers with logging connections disabled
- Detect & correct PostgreSQL servers with logging disconnections disabled
- Detect & correct PostgreSQL servers with logging duration disabled
- Detect & correct PostgreSQL servers with SSL disabled
- Detect & correct SQL Databases with public access enabled
- Detect & correct SQL Databases with transparent data encryption disabled
- Detect & correct SQL servers with public network access enabled
- Detect & correct Storage Accounts with blob public access enabled
- Detect & correct Storage Accounts with blob service logging disabled
- Detect & correct Storage Accounts with blob soft delete disabled
- Detect & correct Storage Accounts with default network access rule set to Allow
- Detect & correct Storage Accounts with minimum TLS version less than 1.2
- Detect & correct Storage Accounts with public access enabled
- Detect & correct Storage Accounts with queue service logging disabled
- Detect & correct Storage Accounts with secure transfer required disabled
- Detect & correct Storage Accounts with table service logging disabled
- Detect & correct Storage Accounts with trusted Microsoft services access disabled
- Detect & correct Subscriptions with custom owner roles