Benchmark: 8 Virtual Machines
Overview
This section covers security recommendations to follow for the configuration of Virtual Machines on an Azure subscription.
Usage
Install the mod:
mkdir dashboardscd dashboardspowerpipe mod initpowerpipe mod install github.com/turbot/steampipe-mod-azure-complianceStart the Powerpipe server:
steampipe service startpowerpipe serverOpen http://localhost:9033 in your browser and select 8 Virtual Machines.
Run this benchmark in your terminal:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_8Snapshot and share results via Turbot Pipes:
powerpipe benchmark run azure_compliance.benchmark.cis_v300_8 --shareControls
- 8.1 Ensure an Azure Bastion Host Exists
- 8.2 Ensure Virtual Machines are utilizing Managed Disks
- 8.3 Ensure that 'OS and Data' disks are encrypted with Customer Managed Key (CMK)
- 8.4 Ensure that 'Unattached disks' are encrypted with 'Customer Managed Key' (CMK)
- 8.5 Ensure that 'Disk Network Access' is NOT set to 'Enable public access from all networks'
- 8.6 Ensure that 'Enable Data Access Authentication Mode' is 'Checked'
- 8.7 Ensure that Only Approved Extensions Are Installed
- 8.8 Ensure that Endpoint Protection for all Virtual Machines is installed
- 8.9 [Legacy] Ensure that VHDs are Encrypted
- 8.10 Ensure only MFA enabled identities can access privileged Virtual Machine
- 8.11 Ensure Trusted Launch is enabled on Virtual Machines