Detections
Analytics

CIS Microsoft Azure Foundations v1.5.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Azure Foundations v1.5.0 L2

Updated: 1/3/2024

Authority: CIS

Plugin: microsoft_azure

Revision: 1.2

Estimated Item Count: 60

File Details

Filename: CIS_Microsoft_Azure_Foundations_v1.5.0_L2.audit

Size: 202 kB

MD5: 80389843148553624022fd7917925644
SHA256: 1e033167437b11c7313ebc442d1cd7683bf7174db366a0ed78e148caed269bde

Audit Items

DescriptionCategories
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions
1.3 Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
1.11 Ensure That 'Users Can Consent to Apps Accessing Company Data on Their Behalf' Is Set To 'Allow for Verified Publishers'
1.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'
1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On'
2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On'
2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On'
2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On'
2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On'
2.1.9 Ensure That Microsoft Defender for Cosmos DB Is Set To 'On'
2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On'
2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On'
2.1.12 Ensure That Microsoft Defender for IoT Is Set To 'On'
2.1.13 Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
2.2.2 Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
2.2.3 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
2.4.1 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
2.4.2 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'
3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
4.5.2 Ensure That Private Endpoints Are Used Where Possible
5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
5.1.7 Ensure that logging for Azure AppService 'AppServiceHTTPLogs' is enabled.
6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'
6.6 Ensure that Network Watcher is 'Enabled'
7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)