Detections
Analytics

CIS Microsoft Azure Foundations v1.5.0 L1

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Azure Foundations v1.5.0 L1

Updated: 1/3/2024

Authority: CIS

Plugin: microsoft_azure

Revision: 1.4

Estimated Item Count: 89

Audit Items

DescriptionCategories
1.1.1 Ensure Security Defaults is enabled on Azure Active Directory
1.1.2 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Privileged Users
1.1.4 Ensure that 'Restore multi-factor authentication on all remembered devices' is Enabled
1.2.1 Ensure Trusted Locations Are Defined
1.2.2 Ensure that an exclusionary Geographic Access Policy is considered
1.2.3 Ensure that A Multi-factor Authentication Policy Exists for Administrative Groups
1.2.4 Ensure that A Multi-factor Authentication Policy Exists for All Users
1.2.5 Ensure Multi-factor Authentication is Required for Risky Sign-ins
1.2.6 Ensure Multi-factor Authentication is Required for Azure Management
1.4 Ensure Guest Users Are Reviewed on a Regular Basis
1.5 Ensure that 'Allow users to remember multi-factor authentication on devices they trust' is 'Disabled'
1.6 Ensure That 'Number of methods required to reset' is set to '2'
1.7 Ensure that a Custom Bad Password List is set to 'Enforce' for your Organization
1.8 Ensure that 'Number of days before users are asked to re-confirm their authentication information' is not set to '0'
1.9 Ensure that 'Notify users on password resets?' is set to 'Yes'
1.10 Ensure That 'Notify all admins when other admins reset their password?' is set to 'Yes'
1.12 Ensure that 'Users can consent to apps accessing company data on their behalf' is set to 'No'
1.13 Ensure that 'Users can add gallery apps to My Apps' is set to 'No'
1.14 Ensure That 'Users Can Register Applications' Is Set to 'No'
1.15 Ensure That 'Guest users access restrictions' is set to 'Guest user access is restricted to properties and memberships of their own directory objects'
1.17 Ensure That 'Restrict access to Azure AD administration portal' is Set to 'Yes'
1.22 Ensure that 'Require Multi-Factor Authentication to register or join devices with Azure AD' is set to 'Yes'
1.23 Ensure That No Custom Subscription Owner Roles Are Created
2.2.1 Ensure that Auto provisioning of 'Log Analytics agent for Azure VMs' is Set to 'On'
2.3.1 Ensure That 'All users with the following roles' is set to 'Owner'
2.3.2 Ensure 'Additional email addresses' is Configured with a Security Contact Email
2.3.3 Ensure That 'Notify about alerts with the following severity' is Set to 'High'
2.5 Ensure that Microsoft Defender Recommendation for 'Apply system updates' status is 'Completed'
2.6 Ensure Any of the ASC Default Policy Settings are Not Set to 'Disabled'
3.1 Ensure that 'Secure transfer required' is set to 'Enabled'
3.3 Ensure that 'Enable key rotation reminders' is enabled for each Storage Account
3.4 Ensure that Storage Account Access Keys are Periodically Regenerated
3.6 Ensure that Shared Access Signature Tokens Expire Within an Hour
3.7 Ensure that 'Public access level' is disabled for storage accounts with blob containers
3.8 Ensure Default Network Access Rule for Storage Accounts is Set to Deny
3.10 Ensure Private Endpoints are used to access Storage Accounts
3.11 Ensure Soft Delete is Enabled for Azure Containers and Blob Storage
3.15 Ensure the 'Minimum TLS version' for storage accounts is set to 'Version 1.2'
4.1.1 Ensure that 'Auditing' is set to 'On'
4.1.2 Ensure no Azure SQL Databases allow ingress from 0.0.0.0/0 (ANY IP)
4.1.4 Ensure that Azure Active Directory Admin is Configured for SQL Servers
4.1.5 Ensure that 'Data encryption' is set to 'On' on a SQL Database
4.1.6 Ensure that 'Auditing' Retention is 'greater than 90 days'
4.2.5 Ensure that Vulnerability Assessment (VA) setting 'Also send email notifications to admins and subscription owners' is set for each SQL Server
4.3.1 Ensure 'Enforce SSL connection' is set to 'ENABLED' for PostgreSQL Database Server
4.3.2 Ensure Server Parameter 'log_checkpoints' is set to 'ON' for PostgreSQL Database Server
4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
4.3.4 Ensure server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
4.3.5 Ensure server parameter 'connection_throttling' is set to 'ON' for PostgreSQL Database Server
4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server