Triggers

The Azure Compliance mod has mod has 109 triggers:

• Detect & correct App Service web apps register with active directory disabled
• Detect & correct App Service web apps with authentication disabled
• Detect & correct App Service web apps with FTP deployment enabled
• Detect & correct App Service web apps with remote debugging enabled
• Detect & correct App Service web apps without HTTPS enabled
• Detect & correct App Service web apps without latest HTTP version
• Detect & correct App Service web apps without the latest PHP version
• Detect & correct App Service web apps without the latest python version
• Detect & correct App Service web apps without the latest TLS version
• Detect & correct Compute disks not encrypted with CMK
• Detect & correct Compute disks with data access auth mode disabled
• Detect & correct Compute disks with public access enabled
• Detect & correct unattached Compute disks not encrypted with CMK
• Detect & correct Compute VMs without a managed disk
• Detect & correct Cosmos DB accounts with virtual network filter disabled
• Detect & correct Cosmos DB accounts without a private link
• Detect & correct Authorization policies allowing IAM users to create security group
• Detect & correct authorization policy allowing IAM users to register application
• Detect & correct IAM conditional access with MFA disabled
• Detect & correct IAM conditional access with MFA disabled for administrators
• Detect & correct Subscriptions with custom owner roles
• Detect & correct Key Vaults with logging disabled
• Detect & correct Key Vaults with purge protection disabled
• Detect & correct Key Vaults with RBAC disabled
• Detect & correct Key Vaults without a private link
• Detect & correct Key Vaults with non-RBAC keys without expiration date
• Detect & correct Key Vaults with non-RBAC secrets without expiration date
• Detect & correct Key Vaults with RBAC keys without expiration date
• Detect & correct Key Vaults with RBAC secrets without expiration date
• Detect & correct Storage account containers insights activity logs not encrypted with CMK
• Detect & correct MySQL flexible servers with audit log disabled
• Detect & correct MySQL flexible servers with audit log events not set to connection
• Detect & correct MySQL flexible servers with SSL disabled
• Detect & correct MySQL flexible servers without minimum TLS 1.2
• Detect & correct Network load balancers with basic SKU
• Detect & correct Network public IPs with basic SKU
• Detect & correct NSGs allowing inbound to HTTPS port
• Detect & correct NSGs allowing inbound to RDP port
• Detect & correct NSGs allowing inbound to SSH port
• Detect & correct NSGs allowing inbound to UDP port
• Detect & correct NSGs flow log with retention period less than 90 days
• Detect & correct regions with network watcher disabled
• Detect & correct PostgreSQL flexible servers with log retention less than 3 days
• Detect & correct PostgreSQL flexible servers with connection throttling disabled
• Detect & correct PostgreSQL flexible servers with log checkpoints disabled
• Detect & correct PostgreSQL flexible servers with SSL disabled
• Detect & correct PostgreSQL servers allowing access to Azure services
• Detect & correct PostgreSQL servers with connection throttling disabled
• Detect & correct PostgreSQL servers with infrastructure encryption disabled
• Detect & correct PostgreSQL servers with log checkpoints disabled
• Detect & correct PostgreSQL servers with logging connections disabled
• Detect & correct PostgreSQL servers with logging disconnections disabled
• Detect & correct PostgreSQL servers with logging duration disabled
• Detect & correct PostgreSQL servers with log retention less than 3 days
• Detect & correct PostgreSQL servers with SSL disabled
• Detect & correct Redis Caches with basic SKU
• Detect & correct Security Center settings without MCAS integration
• Detect & correct Security Center settings without WDATP integration
• Detect & correct Security Center auto provisioning settings with automatic provisioning monitoring agent disabled
• Detect & correct Security Centers with azure defender disabled for App Service
• Detect & correct Security Centers with azure defender disabled for Container
• Detect & correct Security Centers with Azure Defender disabled for Container Registry
• Detect & correct Security Centers with Azure Defender disabled for Cosmos DB
• Detect & correct Security Centers with Azure Defender disabled for DNS
• Detect & correct Security Centers with Azure Defender disabled for Key Vault
• Detect & correct Security Centers with Azure Defender disabled for open-source relational database
• Detect & correct Security Centers with Azure Defender disabled for Resource Manager
• Detect & correct Security Centers with Azure Defender disabled for Server
• Detect & correct Security Centers with Azure Defender disabled for SQL Database
• Detect & correct Security Centers with Azure Defender disabled for SQL Server Virtual Machine
• Detect & correct Security Centers with Azure Defender disabled for Storage
• Detect & correct Security Centers with security alerts to owner disabled
• Detect & correct Security Centers without additional email configured
• Detect & correct Security Centers without notify alerts configured
• Detect & correct SQL Databases with public access enabled
• Detect & correct SQL Databases with transparent data encryption disabled
• Detect & correct SQL servers TDE protector not encrypted with CMK
• Detect & correct SQL servers with auditing disabled
• Detect & correct SQL servers with auditing retention period less than 90 days
• Detect & correct SQL servers with public network access enabled
• Detect & correct SQL servers without active directory admin configured
• Detect & correct Storage Accounts with blob public access enabled
• Detect & correct Storage Accounts with blob service logging disabled
• Detect & correct Storage Accounts with blob soft delete disabled
• Detect & correct Storage Accounts with default network access rule set to Allow
• Detect & correct Storage accounts with encryption at rest using CMK disabled
• Detect & correct Storage Accounts with infrastructure encryption disabled
• Detect & correct Storage Accounts with minimum TLS version less than 1.2
• Detect & correct Storage Accounts with public access enabled
• Detect & correct Storage Accounts with queue service logging disabled
• Detect & correct Storage Accounts with secure transfer required disabled
• Detect & correct Storage Accounts with table service logging disabled
• Detect & correct Storage Accounts with trusted Microsoft services access disabled
• Detect & correct Storage Accounts not using private link
• Detect & correct Subscriptions diagnostic settings without capturing proper categories
• Detect & correct Subscriptions without activity log alert for create policy assignment
• Detect & correct Subscriptions without activity log alert for create and update NSG
• Detect & correct Subscriptions without activity log alert for create and update security solution
• Detect & correct Subscriptions without activity log alert for create and update SQL servers firewall rule
• Detect & correct Subscriptions without activity log alert for delete NSG
• Detect & correct Subscriptions without activity log alert for delete policy assignment
• Detect & correct Subscriptions without activity log alert for delete public IP address
• Detect & correct Subscriptions without activity log alert for delete security solution
• Detect & correct Subscriptions without activity log alert for delete SQL servers firewall rule
• Detect & correct Subscriptions without activity log alert for create update public IP address
• Detect & correct Subscriptions without application insight configured
• Detect & correct Subscriptions without network bastion host
• Detect & correct Tenants with guest users
• Detect & correct Tenants with more than five IAM global administrator