Cloud Scan - Remediation Steps for Azure

AZURE BL 1-1 Storage accounts - Secure transfer required must be enabled
You can configure your storage account to accept requests from secure connections only by setting the Secure transfer required property for the storage acco...
Mon, 19 Jul, 2021 at 3:59 PM
AZURE BL 1-2 Storage Accounts - data must be encrypted with Customer Managed Keys
By default, data in the storage account is encrypted using Microsoft Managed Keys at rest. All Azure Storage resources are encrypted, including blobs, disks...
Mon, 19 Jul, 2021 at 3:59 PM
AZURE BL 1-3 Storage Accounts that include activity logs should be encrypted with Customer Managed Keys
By default, data in the storage account is encrypted using Microsoft Managed Keys at rest. All Azure Storage resources are encrypted, including blobs, disks...
Mon, 19 Jul, 2021 at 4:00 PM
AZURE BL 1-4 Storage Accounts data at rest must be encrypted
Storage Accounts are encrypted by default with Microsoft-managed keys. This check ensures that the default encryption is not changed or interfered with....
Mon, 19 Jul, 2021 at 4:00 PM
AZURE BL 1-5 Virtual machines use managed disks
Description One or more virtual machines are attached to unmanaged disks. Azure-managed disks are block-level storage volumes that are maintained by Azure ...
Mon, 19 Jul, 2021 at 4:00 PM
AZURE BL 1-6 Virtual machines managed disks are encrypted with CMK
Description  Managed disks both attached / unattached may contain sensitive information, and companies must use customer-managed keys to ens...
Mon, 19 Jul, 2021 at 4:01 PM
AZURE BL 1-7 Virtual machines OS disks are managed
Remediation coming soon
Mon, 19 Jul, 2021 at 4:01 PM
AZURE BL 1-8 Virtual machines OS disks are encrypted using CMK
Description  Virtual Machine OS and data disks are encrypted with platform-managed keys by default. Companies must use customer-managed keys (CMK)...
Mon, 19 Jul, 2021 at 4:01 PM
AZURE BL 1-9 Public access from 0.0.0.0/0 is denied
Description  By allowing public access (from IP 0.0.0.0/0)  over the internet you are potentially allowing attackers all over the inte...
Mon, 19 Jul, 2021 at 4:02 PM
AZURE BL 2-0 Ports Allowed as * or 0-65535 are restricted
Description  By allowing access to all Ports (* or 0-65535)  over the internet you are potentially allowing attackers or malicious use...
Mon, 19 Jul, 2021 at 4:02 PM