Detections
Analytics

CIS Microsoft Azure Foundations v2.0.0 L2

Audit Details

Name: CIS Microsoft Azure Foundations v2.0.0 L2

Updated: 1/3/2024

Authority: CIS

Plugin: microsoft_azure

Revision: 1.0

Estimated Item Count: 63

File Details

Filename: CIS_Microsoft_Azure_Foundations_v2.0.0_L2.audit

Size: 279 kB

MD5: a641152c89641f557a5cc2a6cae1b7a1
SHA256: c478c7035a19ea917825dac46adad0eba85558d088de8821a592b981fd830ce0

Audit Items

DescriptionCategories
1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - List Users

IDENTIFICATION AND AUTHENTICATION

1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Assignments

IDENTIFICATION AND AUTHENTICATION

1.1.3 Ensure that 'Multi-Factor Auth Status' is 'Enabled' for all Non-Privileged Users - Role Definitions

IDENTIFICATION AND AUTHENTICATION

1.4 Ensure Access Review is Set Up for External Users in Azure AD Privileged Identity Management

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.12 Ensure 'User consent for applications' Is Set To 'Allow for Verified Publishers'

ACCESS CONTROL, CONFIGURATION MANAGEMENT, IDENTIFICATION AND AUTHENTICATION

1.16 Ensure that 'Guest invite restrictions' is set to 'Only users assigned to specific admin roles can invite guest users'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, IDENTIFICATION AND AUTHENTICATION

1.18 Ensure that 'Restrict user ability to access groups features in the Access Pane' is Set to 'Yes'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.19 Ensure that 'Users can create security groups in Azure portals, API or PowerShell' is set to 'No'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.20 Ensure that 'Owners can manage group membership requests in the Access Panel' is set to 'No'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.21 Ensure that 'Users can create Microsoft 365 groups in Azure portals, API or PowerShell' is set to 'No'

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY

1.24 Ensure a Custom Role is Assigned Permissions for Administering Resource Locks

ACCESS CONTROL, AUDIT AND ACCOUNTABILITY, MEDIA PROTECTION

1.25 Ensure That 'Subscription Entering AAD Directory' and 'Subscription Leaving AAD Directory' Is Set To 'Permit No One'

ACCESS CONTROL, IDENTIFICATION AND AUTHENTICATION

2.1.1 Ensure That Microsoft Defender for Servers Is Set to 'On'

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.1.2 Ensure That Microsoft Defender for App Services Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.3 Ensure That Microsoft Defender for Databases Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.4 Ensure That Microsoft Defender for Azure SQL Databases Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.5 Ensure That Microsoft Defender for SQL Servers on Machines Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.6 Ensure That Microsoft Defender for Open-Source Relational Databases Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.7 Ensure That Microsoft Defender for Storage Is Set To 'On'

RISK ASSESSMENT

2.1.8 Ensure That Microsoft Defender for Containers Is Set To 'On'

RISK ASSESSMENT

2.1.9 Ensure That Microsoft Defender for Azure Cosmos DB Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION

2.1.10 Ensure That Microsoft Defender for Key Vault Is Set To 'On'

RISK ASSESSMENT

2.1.11 Ensure That Microsoft Defender for DNS Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

2.1.12 Ensure That Microsoft Defender for Resource Manager Is Set To 'On'

ACCESS CONTROL, RISK ASSESSMENT

2.1.16 Ensure that Auto provisioning of 'Vulnerability assessment for machines' is Set to 'On'

RISK ASSESSMENT

2.1.17 Ensure that Auto provisioning of 'Microsoft Defender for Containers components' is Set to 'On'

RISK ASSESSMENT

2.1.21 Ensure that Microsoft Defender for Cloud Apps integration with Microsoft Defender for Cloud is Selected

RISK ASSESSMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

2.1.22 Ensure that Microsoft Defender for Endpoint integration with Microsoft Defender for Cloud is selected

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

2.2.1 Ensure That Microsoft Defender for IoT Hub Is Set To 'On'

RISK ASSESSMENT, SYSTEM AND INFORMATION INTEGRITY

3.2 Ensure that 'Enable Infrastructure Encryption' for Each Storage Account in Azure Storage is Set to 'enabled'

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.5 Ensure Storage Logging is Enabled for Queue Service for 'Read', 'Write', and 'Delete' requests

AUDIT AND ACCOUNTABILITY

3.9 Ensure 'Allow Azure services on the trusted services list to access this storage account' is Enabled for Storage Account Access

ACCESS CONTROL, MEDIA PROTECTION, SYSTEM AND COMMUNICATIONS PROTECTION, SYSTEM AND INFORMATION INTEGRITY

3.12 Ensure Storage for Critical Data are Encrypted with Customer Managed Keys

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

3.13 Ensure Storage logging is Enabled for Blob Service for 'Read', 'Write', and 'Delete' requests

AUDIT AND ACCOUNTABILITY

3.14 Ensure Storage Logging is Enabled for Table Service for 'Read', 'Write', and 'Delete' Requests

AUDIT AND ACCOUNTABILITY

4.1.3 Ensure SQL server's Transparent Data Encryption (TDE) protector is encrypted with Customer-managed key

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

4.2.1 Ensure that Microsoft Defender for SQL is set to 'On' for critical SQL Servers

RISK ASSESSMENT

4.2.2 Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account

RISK ASSESSMENT

4.2.3 Ensure that Vulnerability Assessment (VA) setting 'Periodic recurring scans' is set to 'on' for each SQL server

RISK ASSESSMENT

4.2.4 Ensure that Vulnerability Assessment (VA) setting 'Send scan reports to' is configured for a SQL server

RISK ASSESSMENT

4.4.3 Ensure server parameter 'audit_log_enabled' is set to 'ON' for MySQL Database Server

AUDIT AND ACCOUNTABILITY

4.4.4 Ensure server parameter 'audit_log_events' has 'CONNECTION' set for MySQL Database Server

AUDIT AND ACCOUNTABILITY

4.5.1 Ensure That 'Firewalls & Networks' Is Limited to Use Selected Networks Instead of All Networks

SECURITY ASSESSMENT AND AUTHORIZATION, CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

4.5.2 Ensure That Private Endpoints Are Used Where Possible

CONFIGURATION MANAGEMENT, CONTINGENCY PLANNING, PLANNING, PROGRAM MANAGEMENT, SYSTEM AND SERVICES ACQUISITION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.4 Ensure the storage account containing the container with activity logs is encrypted with Customer Managed Key

IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

5.1.6 Ensure that Network Security Group Flow logs are captured and sent to Log Analytics

SYSTEM AND INFORMATION INTEGRITY

5.1.7 Ensure that logging for Azure AppService 'HTTP logs' is enabled

AUDIT AND ACCOUNTABILITY

5.3.1 Ensure Application Insights are Configured

AUDIT AND ACCOUNTABILITY, SYSTEM AND SERVICES ACQUISITION

5.5 Ensure that SKU Basic/Consumption is not used on artifacts that need to be monitored (Particularly for Production Workloads)

CONFIGURATION MANAGEMENT

6.5 Ensure that Network Security Group Flow Log retention period is 'greater than 90 days'

AUDIT AND ACCOUNTABILITY