Benchmark: 7 Virtual Machines
Overview
This section covers security recommendations to follow in order to set virtual machine policies on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 7 Virtual Machines.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_7Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v140_7 --shareControls
- 7.1 Ensure Virtual Machines are utilizing Managed Disks
- 7.2 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- 7.3 Ensure that 'Unattached disks' are encrypted with CMK
- 7.4 Ensure that only approved extensions are installed
- 7.5 Ensure that the latest OS Patches for all Virtual Machines are applied
- 7.6 Ensure that the endpoint protection for all Virtual Machines is installed
- 7.7 Ensure that VHD's are encrypted