Spaces
Apps
Templates
Create
Blue Hexagon Documentation
All content
Space settings
Content
Getting started
Blue Hexagon Quick Start Guide
Blue Hexagon Portal User-Guide
•
Blue Hexagon Verdict API
•
Blue Hexagon Insights API
Integrations
•
Deploying Blue Hexagon with AWS Traffic Mirroring
•
Blue Hexagon VMware Virtual Appliance User Guide
•
AWS Marketplace
Blue Hexagon for AWS
Blue Hexagon for Azure
Blue Hexagon for GCP - Legacy
Blue Hexagon Enterprise Single Sign-On (SSO)
AWS Misconfiguration Remediations
GCP Misconfiguration Remediations
Azure Misconfiguration Remediations
•
Azure-ActiveDirectory-Ensure-No-Guest-User
•
Azure-ActiveDirectory-Minimum-Password-Length
•
Azure-ActiveDirectory-No-Custom-Owner-Roles
•
Azure-ActiveDirectory-Password-Requires-Lowercase
•
Azure-ActiveDirectory-Password-Requires-Numbers
•
Azure-ActiveDirectory-Password-Requires-Symbols
•
Azure-SQLDatabases-DB-Restorable
•
Azure-VirtualMachines-Scale-Sets-Health-Monitoring-Enabled
•
Azure-Monitor-Log-Profile-Archive-Data
•
Azure-AzurePolicy-Resource-Location-Matches-Resource-Group
•
Azure-Resources-Resources-Usage-Limits
•
Azure-CDNProfiles-Detect-Insecure-Custom-Origin
•
Azure-ActiveDirectory-Password-Requires-Uppercase
•
Azure-AppService-.NET-Framework-Version
•
Azure-AppService-App-Service-Certificates-Expiry
•
Azure-AppService-Authentication-Enabled
•
Azure-AppService-Client-Certificates-Enabled
•
Azure-AppService-HTTP-2.0-Enabled
•
Azure-AppService-HTTPS-Only-Enabled
•
Azure-AppService-Identity-Enabled
•
Azure-AppService-Java-Version
•
Azure-AppService-PHP-Version
•
Azure-AppService-Python-Version
•
Azure-AppService-Secret-Detection
•
Azure-AppService-TLS-Version-Check
•
Azure-AppService-Web-Apps-Always-On-Enabled
•
Azure-AppService-Web-Apps-Remote-Debugging-Disabled
•
Azure-AzurePolicy-Resources-Allowed-Locations
•
Azure-BlobService-Blob-Container-Private-Access
•
Azure-BlobService-Blob-Service-Immutable
•
Azure-CDNProfiles-Endpoint-Logging-Enabled
•
Azure-ContainerRegistry-ACR-Admin-User
•
Azure-CosmosDB-Advanced-Threat-Protection-Enabled
•
Azure-CosmosDB-Automatic-Failover-Enabled
•
Azure-CosmosDB-Cosmos-DB-Public-Access-Disabled
•
Azure-FileService-File-Service-All-Access-ACL
•
Azure-KeyVaults-Key-Expiration-Enabled
•
Azure-KeyVaults-Key-Vault-Recovery-Enabled
•
Azure-KeyVaults-Secret-Expiration-Enabled
•
Azure-KubernetesService-Kubernetes-Latest-Version
•
Azure-KubernetesService-Kubernetes-RBAC-Enabled
•
Azure-KubernetesService-Kubernetes-Version-For-Agent-Pools
•
Azure-LoadBalancer-LB-HTTPS-Only
•
Azure-LoadBalancer-LB-No-Instances
•
Azure-LogAlerts-Network-Security-Groups-Logging-Enabled
•
Azure-LogAlerts-Network-Security-Groups-Rule-Logging-Enabled
•
Azure-LogAlerts-Policy-Assignment-Alerts-Enabled
•
Azure-LogAlerts-Security-Policy-Alerts-Enabled
•
Azure-LogAlerts-Security-Solution-Logging
•
Azure-LogAlerts-SQL-Server-Firewall-Rule-Alerts-Monitor
•
Azure-LogAlerts-Virtual-Network-Alerts-Monitor
•
Azure-Monitor-Azure-Monitor-Logs-Enabled
•
Azure-Monitor-Key-Vault-Log-Analytics-Enabled
•
Azure-Monitor-Load-Balancer-Log-Analytics-Enabled
•
Azure-Monitor-Log-Profile-Retention-Policy
•
Azure-Monitor-NSG-Log-Analytics-Enabled
•
Azure-MySQLServer-Enforce-MySQL-SSL-Connection
•
Azure-NetworkSecurityGroups-Default-Security-Group
•
Azure-NetworkSecurityGroups-Excessive-Security-Groups
•
Azure-NetworkSecurityGroups-Network-Watcher-Enabled
•
Azure-NetworkSecurityGroups-Open-All-Ports
•
Azure-NetworkSecurityGroups-Open-CIFS
•
Azure-NetworkSecurityGroups-Open-DNS
•
Azure-NetworkSecurityGroups-Open-Docker
•
Azure-NetworkSecurityGroups-Open-FTP
•
Azure-NetworkSecurityGroups-Open-Hadoop-HDFS-NameNode-Metadata-Service
•
Azure-NetworkSecurityGroups-Open-Hadoop-HDFS-NameNode-WebUI
•
Azure-NetworkSecurityGroups-Open-Kibana
•
Azure-NetworkSecurityGroups-Open-MySQL
•
Azure-NetworkSecurityGroups-Open-NetBIOS
•
Azure-NetworkSecurityGroups-Open-Oracle
•
Azure-NetworkSecurityGroups-Open-Oracle-Auto-Data-Warehouse
•
Azure-NetworkSecurityGroups-Open-PostgreSQL
•
Azure-NetworkSecurityGroups-Open-RDP
•
Azure-NetworkSecurityGroups-Open-RPC
•
Azure-NetworkSecurityGroups-Open-Salt
•
Azure-NetworkSecurityGroups-Open-SMBoTCP
•
Azure-NetworkSecurityGroups-Open-SMTP
•
Azure-NetworkSecurityGroups-Open-SQLServer
•
Azure-NetworkSecurityGroups-Open-SSH
•
Azure-NetworkSecurityGroups-Open-Telnet
•
Azure-NetworkSecurityGroups-Open-VNC-Client
•
Azure-NetworkSecurityGroups-Open-VNC-Server
•
Azure-NetworkWatcher-NSG-Flow-Logs-Retention-Period
•
Azure-PostgreSQLServer-Azure-Active-Directory-Admin-Configured
•
Azure-PostgreSQLServer-Connection-Throttling-Enabled
•
Azure-PostgreSQLServer-Enable-Geo-Redundant-Backups
•
Azure-PostgreSQLServer-Enforce-PostgreSQL-SSL-Connection
•
Azure-PostgreSQLServer-Log-Checkpoints-Enabled
•
Azure-PostgreSQLServer-Log-Connections-Enabled
•
Azure-PostgreSQLServer-Log-Disconnections-Enabled
•
Azure-PostgreSQLServer-Log-Duration-Enabled
•
Azure-PostgreSQLServer-Log-Retention-Period
•
Azure-PostgreSQLServer-Storage-Auto-Growth-Enabled
•
Azure-QueueService-Queue-Service-All-Access-ACL
•
Azure-RedisCache-Minimum-TLS-Version
•
Azure-RedisCache-SSL-Access-Only-Enabled
•
Azure-Resources-Management-Lock-Enabled
•
Azure-SecurityCenter-Admin-Security-Alerts-Enabled
•
Azure-SecurityCenter-Application-Whitelisting-Enabled
•
Azure-SecurityCenter-Auto-Provisioning-Enabled
•
Azure-SecurityCenter-High-Severity-Alerts-Enabled
•
Azure-SecurityCenter-Monitor-Blob-Encryption
•
Azure-SecurityCenter-Monitor-Disk-Encryption
•
Azure-SecurityCenter-Monitor-Endpoint-Protection
•
Azure-SecurityCenter-Monitor-External-Accounts-with-Write-Permissions
•
Azure-SecurityCenter-Monitor-IP-Forwarding
•
Azure-SecurityCenter-Monitor-JIT-Network-Access
•
Azure-SecurityCenter-Monitor-Next-Generation-Firewall
•
Azure-SecurityCenter-Monitor-NSG-Enabled
•
Azure-SecurityCenter-Monitor-SQL-Auditing
•
Azure-SecurityCenter-Monitor-SQL-Encryption
•
Azure-SecurityCenter-Monitor-System-Updates
•
Azure-SecurityCenter-Monitor-Total-Number-of-Subscription-Owners
•
Azure-SecurityCenter-Monitor-VM-Vulnerability
•
Azure-SecurityCenter-Security-Configuration-Monitoring
•
Azure-SecurityCenter-Security-Contacts-Enabled
•
Azure-SecurityCenter-Standard-Pricing-Enabled
•
Azure-SQLDatabases-Database-Auditing-Enabled
•
Azure-SQLDatabases-Point-in-Time-Restore-Backup-Retention
•
Azure-SQLDatabases-SQL-DB-Multiple-AZ
•
Azure-SQLServer-Advanced-Data-Security-Enabled
•
Azure-SQLServer-Audit-Action-Groups-Enabled
•
Azure-SQLServer-Audit-Retention-Policy
•
Azure-SQLServer-Auto-Failover-Groups-Enabled
•
Azure-SQLServer-Azure-Active-Directory-Admin-Enabled
•
Azure-SQLServer-Email-Account-Admins-Enabled
•
Azure-SQLServer-Send-Alerts-Enabled
•
Azure-SQLServer-Server-Auditing-Enabled
•
Azure-SQLServer-SQL-Server-Automatic-Tuning-Enabled
•
Azure-SQLServer-SQL-Server-Minimum-TLS-Version
•
Azure-SQLServer-SQL-Server-Private-Endpoints-Configured
•
Azure-SQLServer-SQL-Server-Public-Access
•
Azure-SQLServer-TDE-Protector-Encrypted
•
Azure-StorageAccounts-Blob-Service-Encryption
•
Azure-StorageAccounts-Blobs-Soft-Deletion-Enabled
•
Azure-StorageAccounts-File-Service-Encryption
•
Azure-StorageAccounts-Log-Container-Public-Access
•
Azure-StorageAccounts-Log-Storage-Encryption
•
Azure-StorageAccounts-Network-Access-Default-Action
•
Azure-StorageAccounts-Storage-Accounts-AAD-Enabled
•
Azure-StorageAccounts-Storage-Accounts-Encryption
•
Azure-StorageAccounts-Storage-Accounts-HTTPS
•
Azure-StorageAccounts-Trusted-MS-Access-Enabled
•
Azure-TableService-Table-Service-All-Access-ACL
•
Azure-VirtualMachines-Accelerated-Networking-Enabled
•
Azure-VirtualMachines-Automatic-Instance-Repairs-Enabled
•
Azure-VirtualMachines-Automatic-OS-Upgrades-Enabled
•
Azure-VirtualMachines-Classic-Instances
•
Azure-VirtualMachines-Disk-Volumes-BYOK-Encryption-Enabled
•
Azure-VirtualMachines-Guest-Level-Diagnostics-Enabled
•
Azure-VirtualMachines-Managed-VM-Machine-Image
•
Azure-VirtualMachines-No-Empty-Scale-Sets
•
Azure-VirtualMachines-No-Unattached-Disk-Volumes
•
Azure-VirtualMachines-Old-VM-Disk-Snapshots
•
Azure-VirtualMachines-Password-Authentication-Disabled
•
Azure-VirtualMachines-Premium-SSD-Disabled
•
Azure-VirtualMachines-Scale-Set-Multi-Az
•
Azure-VirtualMachines-Scale-Sets-Autoscale-Enabled
•
Azure-VirtualMachines-Scale-Sets-Autoscale-Notifications-Enabled
•
Azure-VirtualMachines-Virtual-Machine-Boot-Diagnostics-Enabled
•
Azure-VirtualMachines-Virtual-Machine-Performance-Diagnostics-Enabled
•
Azure-VirtualMachines-VM-Active-Directory-(AD)-Authentication-Enabled
•
Azure-VirtualMachines-VM-Agent-Enabled
•
Azure-VirtualMachines-VM-Approved-Extensions
•
Azure-VirtualMachines-VM-Auto-Update-Enabled
•
Azure-VirtualMachines-VM-Availability-Set-Enabled
•
Azure-VirtualMachines-VM-Availability-Set-Limit
•
Azure-VirtualMachines-VM-Backups-Enabled
•
Azure-VirtualMachines-VM-Daily-Backup-Retention-Period
•
Azure-VirtualMachines-VM-Data-Disk-Encryption
•
Azure-VirtualMachines-VM-Desired-SKU-Size
•
Azure-VirtualMachines-VM-Endpoint-Protection
•
Azure-VirtualMachines-VM-Instance-Limit
•
Azure-VirtualMachines-VM-Instant-Restore-Backup-Retention-Period
•
Azure-VirtualMachines-VM-Managed-Disks-Enabled
•
Azure-VirtualMachines-VM-OS-Disk-Encryption
•
Azure-VirtualNetworks-DDoS-Standard-Protection-Enabled
•
Azure-VirtualNetworks-Managed-NAT-Gateway-In-Use
•
Azure-VirtualNetworks-Multiple-Subnets
•
Azure-VirtualNetworks-No-Network-Gateways-Connections
•
Azure-VirtualNetworks-No-Network-Gateways-In-Use
•
Azure-VirtualNetworks-Virtual-Network-Peering
OCI Misconfiguration Remediations
•
Blue Hexagon Audit for OCI
•
Blue Hexagon for GCP - Terraform
Blue Hexagon Documentation
/
Azure Misconfiguration Remediations
Summarize
Azure Misconfiguration Remediations
Saumitra Das
Owned by
Saumitra Das
Last updated:
Nov 23, 2021
1 min read
Loading data...
Blue Hexagon Proprietary
{"serverDuration": 42, "requestCorrelationId": "cb8b55cb57684d429081a8a1e8d8b271"}