Cloud Security Rules

RULE	SERVICE GROUP
H App Service allows FTP deployments	App Service (Web Apps)
H Azure Kubernetes Service instance has RBAC disabled	Container
H Batch job runs in admin mode	Batch
H Cognitive Search service public network access is enabled	Search
H Data Lake Storage firewall disabled	Data Lake
H Linux virtual machine has password authentication enabled	Compute
H Public read access is enabled for storage containers and blobs	Storage
H Storage account allows any traffic by default	Storage
H Storage container allows public access	Storage
H Virtual machine configuration contains sensitive data	Compute
H Virtual machine is configured with password authentication for admin	Compute
M AKS local accounts are enabled	Container
M App Configuration does not use an SLA	App Service (Web Apps)
M App Gateway does not use OWASP 3.x rules	Network
M App Service Plan does not use two or more instances	App Service (Web Apps)
M App Service remote debugging is enabled	App Service (Web Apps)
M App Service web app allows HTTP traffic	App Service (Web Apps)
M Automation variables are not encrypted	Automation
M Azure App Service allows HTTP traffic	App Service (Web Apps)
M Azure Container Registry admin user is enabled	Container
M Azure Data Lake Analytics Firewall Rule allows public access	Data Lake
M Azure Defender is disabled for Azure Resource Manager (ARM)	Security Center
M Azure Defender is disabled for virtual machines	Security Center
M CDN endpoint does not enforce HTTPS	CDN
M Container image quarantine is disabled	Container
M Cosmos DB account does not restrict user access to data operations	CosmosDB (DocumentDB)
M CosmosDB account public network access is enabled	CosmosDB (DocumentDB)
M Custom subscription role grants owner rights	Authorization
M Data Factory public access is enabled	Data Factory
M Data Lake Storage allows inbound access from any source instead of a restricted range	Data Lake

AWS

Azure

Google

Kubernetes