Detections
Analytics

CIS Microsoft Azure Foundations v2.0.0 L2

Warning! Audit Deprecated

This audit file has been deprecated and will be removed in a future update.

View Next Version

Audit Details

Name: CIS Microsoft Azure Foundations v2.0.0 L2

Updated: 6/17/2024

Authority: CIS

Plugin: microsoft_azure

Revision: 1.2

Estimated Item Count: 63

File Details

Filename: CIS_Microsoft_Azure_Foundations_v2.0.0_L2.audit

Size: 213 kB

MD5: cecb62f6dc15f756e65b9a8e242f4520
SHA256: 110a9f56dc4862493cece6b3cd923332c446a1344bf5ecba67914283887afc24

Audit Items

DescriptionCategories
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions
1.4 Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management
1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'
1.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'
1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'
1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'
1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'
1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'
1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks
1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'
2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On'
2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On'
2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On'
2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'
2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'
2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'
2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On'
2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On'
2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'
2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On'
2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On'
2.1.12 Ensure That Microsoft Defender for Resource Manager Is Set To 'On'
2.1.16 Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'
2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'
2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected
2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected
2.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On'
3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'
3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests
3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access
3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys
3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests
3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests
4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key
4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers
4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account
4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server
4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server
4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server
4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server
4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks
4.5.2 Ensure That Private Endpoints Are Used Where Possible
5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key
5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics
5.1.7 Ensure that logging for Azure AppService 'HTTP logs' is enabled
5.3.1 Ensure Application Insights are Configured
5.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)
6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'