Benchmark: 7 Virtual Machines
Overview
This section covers security recommendations to follow for the configuration of Virtual Machines on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 7 Virtual Machines.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_7Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v210_7 --shareControls
- 7.1 Ensure an Azure Bastion Host Exists
- 7.2 Ensure Virtual Machines are utilizing Managed Disks
- 7.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- 7.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- 7.5 Ensure that Only Approved Extensions Are Installed
- 7.6 Ensure that Endpoint Protection for all Virtual Machines is installed
- 7.7 [Legacy] Ensure that VHDs are Encrypted
- 7.8 Ensure only MFA enabled identities can access privileged Virtual Machine
- 7.9 Ensure Trusted Launch is enabled on Virtual Machines