apimanagement_backend_uses_httpsapimanagement_service_client_certificate_enabledapimanagement_service_restrict_public_accessapimanagement_service_uses_latest_tls_versionapimanagement_service_with_virtual_networkapp_configuration_encryption_enabledapp_configuration_local_auth_disabledapp_configuration_purge_protection_enabledapp_configuration_restrict_public_accessapp_configuration_sku_standardapplication_gateway_restrict_message_lookup_log4j2application_gateway_use_secure_ssl_cipherapplication_gateway_uses_https_listenerapplication_gateway_waf_enabledappservice_authentication_enabledappservice_azure_defender_enabledappservice_environment_internal_encryption_enabledappservice_environment_zone_redundant_enabledappservice_ftp_deployment_disabledappservice_function_app_builtin_logging_enabledappservice_function_app_client_certificates_onappservice_function_app_cors_no_starappservice_function_app_ftps_enabledappservice_function_app_latest_http_versionappservice_function_app_latest_java_versionappservice_function_app_latest_python_versionappservice_function_app_latest_tls_versionappservice_function_app_only_https_accessibleappservice_function_app_public_access_disabledappservice_function_app_uses_managed_identityappservice_plan_minimum_skuappservice_plan_zone_redundantappservice_web_app_always_onappservice_web_app_client_certificates_onappservice_web_app_cors_no_starappservice_web_app_detailed_error_messages_enabledappservice_web_app_diagnostic_logs_enabledappservice_web_app_failed_request_tracing_enabledappservice_web_app_ftps_enabledappservice_web_app_health_check_enabledappservice_web_app_http_logs_enabledappservice_web_app_incoming_client_cert_onappservice_web_app_latest_dotnet_framework_versionappservice_web_app_latest_http_versionappservice_web_app_latest_java_versionappservice_web_app_latest_php_versionappservice_web_app_latest_python_versionappservice_web_app_latest_tls_versionappservice_web_app_public_access_disabledappservice_web_app_register_with_active_directory_enabledappservice_web_app_remote_debugging_disabledappservice_web_app_slot_latest_tls_versionappservice_web_app_slot_remote_debugging_disabledappservice_web_app_slot_use_httpsappservice_web_app_use_httpsappservice_web_app_use_virtual_service_endpointappservice_web_app_uses_azure_fileappservice_web_app_uses_managed_identityappservice_web_app_worker_more_than_oneautomation_account_variables_encryption_enabledazure_redis_cache_in_virtual_networkazure_redis_cache_ssl_enabledbatch_account_encrypted_with_cmkbatch_account_logging_enabledcdn_endpoint_custom_domain_uses_latest_tls_versioncdn_endpoint_http_disabledcdn_endpoint_https_enabledcognitive_account_encrypted_with_cmkcognitive_account_public_network_access_disabledcognitive_account_restrict_public_accesscognitive_service_local_auth_disabledcompute_managed_disk_set_encryption_enabledcompute_vm_allow_extension_operations_disabledcompute_vm_and_scale_set_agent_installedcompute_vm_and_scale_set_encryption_at_host_enabledcompute_vm_and_scale_set_ssh_key_enabled_linuxcompute_vm_automatic_updates_enabled_windowscompute_vm_disable_password_authenticationcompute_vm_disable_password_authentication_linuxcompute_vm_guest_configuration_installedcompute_vm_guest_configuration_installed_linuxcompute_vm_guest_configuration_installed_windowscompute_vm_malware_agent_installedcompute_vm_scale_set_automatic_os_upgrade_enabledcompute_vm_scale_set_disable_password_authentication_linuxcompute_vm_system_updates_installedcompute_vm_uses_azure_resource_managercompute_vm_utilizing_managed_diskcontainer_instance_container_group_in_virtual_networkcontainer_instance_container_group_secure_environment_variablecontainer_registry_admin_user_disabledcontainer_registry_anonymous_pull_disabledcontainer_registry_azure_defender_enabledcontainer_registry_encrypted_with_cmkcontainer_registry_geo_replication_enabledcontainer_registry_image_scan_enabledcontainer_registry_public_network_access_disabledcontainer_registry_quarantine_policy_enabledcontainer_registry_restrict_public_accesscontainer_registry_retention_policy_enabledcontainer_registry_trust_policy_enabledcontainer_registry_use_virtual_service_endpointcontainer_registry_zone_redundant_enabledcosmodb_account_access_key_metadata_writes_disabledcosmodb_account_local_authentication_disabledcosmodb_account_public_network_access_disabledcosmodb_account_restrict_public_accesscosmosdb_account_encryption_at_rest_using_cmkcosmosdb_account_with_firewall_rulescosmosdb_use_virtual_service_endpointdata_factory_encrypted_with_cmkdata_factory_restrict_public_accessdata_factory_uses_git_repositorydatabricks_workspace_restrict_public_accessdatalake_store_account_encryption_enableddns_azure_defender_enabledeventgrid_domain_local_auth_disabledeventgrid_domain_restrict_public_accesseventgrid_domain_uses_managed_identityeventgrid_topic_local_auth_disabledeventgrid_topic_restrict_public_accesseventgrid_topic_uses_managed_identityeventhub_namespace_cmk_encryption_enabledeventhub_namespace_use_virtual_service_endpointeventhub_namespace_uses_latest_tls_versioneventhub_namespace_zone_redundantfirewall_has_firewall_policy_setfirewall_policy_intrusion_detection_mode_set_to_denyfirewall_threat_intel_mode_set_to_denyfrontdoor_firewall_policy_restrict_message_lookup_log4j2frontdoor_waf_enabledhealthcare_fhir_azure_api_encrypted_at_rest_with_cmkhealthcare_fhir_public_network_access_disablediam_no_custom_subscription_owner_roles_creatediot_hub_logging_enablediot_hub_restrict_public_accesskeyvault_azure_defender_enabledkeyvault_key_expiration_setkeyvault_logging_enabledkeyvault_managed_hms_logging_enabledkeyvault_managed_hms_purge_protection_enabledkeyvault_purge_protection_enabledkeyvault_secret_content_type_setkeyvault_secret_expiration_setkeyvault_vault_public_network_access_disabledkeyvault_vault_use_virtual_service_endpointkubernetes_azure_defender_enabledkubernetes_cluster_add_on_azure_policy_enabledkubernetes_cluster_authorized_ip_range_definedkubernetes_cluster_critical_pods_on_system_nodeskubernetes_cluster_key_vault_secret_rotation_enabledkubernetes_cluster_local_admin_disabledkubernetes_cluster_logging_enabledkubernetes_cluster_max_pod_50kubernetes_cluster_network_policy_enabledkubernetes_cluster_node_pool_type_scale_setkubernetes_cluster_node_restrict_public_accesskubernetes_cluster_os_and_data_disks_encrypted_with_cmkkubernetes_cluster_os_disk_ephemeralkubernetes_cluster_restrict_public_accesskubernetes_cluster_sku_standardkubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_hostkubernetes_cluster_upgrade_channelkubernetes_instance_rbac_enabledkusto_cluster_disk_encryption_enabledkusto_cluster_double_encryption_enabledkusto_cluster_encrypted_at_rest_with_cmkkusto_cluster_sku_with_slakusto_cluster_uses_managed_identitylogic_app_workflow_logging_enabledmachine_learning_compute_cluster_local_auth_disabledmachine_learning_compute_cluster_minimum_node_zeromachine_learning_workspace_encrypted_with_cmkmachine_learning_workspace_restrict_public_accessmariadb_server_geo_redundant_backup_enabledmariadb_server_public_network_access_disabledmariadb_server_ssl_enabledmonitor_log_profile_enabled_for_all_categoriesmonitor_log_profile_enabled_for_all_regionsmonitor_log_profile_retention_365_daysmonitor_logs_storage_container_not_public_accessiblemysql_db_server_geo_redundant_backup_enabledmysql_server_encrypted_at_rest_using_cmkmysql_server_infrastructure_encryption_enabledmysql_server_min_tls_1_2mysql_server_public_network_access_disabledmysql_server_threat_detection_enabledmysql_ssl_enablednetwork_dns_server_2network_interface_ip_forwarding_disablednetwork_security_group_http_access_restrictednetwork_security_group_not_configured_gateway_subnetsnetwork_security_group_rdp_access_restrictednetwork_security_group_ssh_access_restrictednetwork_security_group_subnet_associatednetwork_security_group_udp_access_restrictednetwork_security_rule_http_access_restrictednetwork_security_rule_rdp_access_restrictednetwork_security_rule_ssh_access_restrictednetwork_security_rule_udp_access_restrictednetwork_virtual_network_dns_server_2network_watcher_flow_log_retention_period_90_dayspostgres_db_flexible_server_geo_redundant_backup_enabledpostgres_db_server_connection_throttling_onpostgres_db_server_geo_redundant_backup_enabledpostgres_db_server_latest_tls_versionpostgres_db_server_log_checkpoints_onpostgres_db_server_log_connections_onpostgres_db_server_log_disconnections_onpostgres_db_server_log_retention_days_3postgres_db_server_threat_detection_policy_enabledpostgresql_server_encrypted_at_rest_using_cmkpostgresql_server_infrastructure_encryption_enabledpostgresql_server_public_network_access_disabledpostgresql_ssl_enabledredis_cache_min_tls_1_2redis_cache_restrict_public_accessredis_cache_standard_replication_enabledresource_manager_azure_defender_enabledsearch_service_public_allowed_ip_restrict_public_accesssearch_service_public_network_access_disabledsearch_service_replica_count_3search_service_uses_managed_identitysearch_service_uses_sku_supporting_private_linksecuritycenter_automatic_provisioning_monitoring_agent_onsecuritycenter_azure_defender_on_for_appservicesecuritycenter_azure_defender_on_for_containerregistrysecuritycenter_azure_defender_on_for_k8ssecuritycenter_azure_defender_on_for_keyvaultsecuritycenter_azure_defender_on_for_serversecuritycenter_azure_defender_on_for_sqldbsecuritycenter_azure_defender_on_for_sqlservervmsecuritycenter_azure_defender_on_for_storagesecuritycenter_contact_number_configuredsecuritycenter_email_configuredsecuritycenter_notify_alerts_configuredsecuritycenter_security_alerts_to_owner_enabledsecuritycenter_uses_standard_pricing_tierservice_bus_namespace_encrypted_with_cmkservice_bus_namespace_infrastructure_encryption_enabledservice_bus_namespace_latest_tls_versionservice_bus_namespace_local_auth_disabledservice_bus_namespace_restrict_public_accessservice_bus_namespace_uses_managed_identityservicefabric_cluster_active_directory_authentication_enabledservicefabric_cluster_protection_level_as_encrypt_and_signsignalr_services_uses_paid_skuspring_cloud_api_https_only_enabledspring_cloud_api_restrict_public_accessspring_cloud_service_network_injection_enabledsql_database_allow_internet_accesssql_database_ledger_enabledsql_database_log_monitoring_enabledsql_database_long_term_geo_redundant_backup_enabledsql_database_server_azure_defender_enabledsql_database_zone_redundant_enabledsql_db_active_directory_admin_configuredsql_db_public_network_access_disabledsql_server_admins_email_security_alert_enabledsql_server_all_security_alerts_enabledsql_server_atp_enabledsql_server_auditing_storage_account_destination_retention_90_dayssql_server_audting_retention_period_90sql_server_azure_ad_authentication_enabledsql_server_email_security_alert_enabledsql_server_uses_latest_tls_versionsql_server_vm_azure_defender_enabledstorage_account_blob_containers_public_access_privatestorage_account_blob_service_logging_enabledstorage_account_block_public_accessstorage_account_default_network_access_rule_deniedstorage_account_encryption_at_rest_using_cmkstorage_account_encryption_scopes_encrypted_at_rest_with_cmkstorage_account_infrastructure_encryption_enabledstorage_account_queue_services_logging_enabledstorage_account_replication_type_setstorage_account_restrict_network_accessstorage_account_secure_transfer_required_enabledstorage_account_trusted_microsoft_services_enabledstorage_account_use_virtual_service_endpointstorage_account_uses_azure_resource_managerstorage_account_uses_latest_minimum_tls_versionstorage_account_uses_private_linkstorage_azure_defender_enabledstorage_container_restrict_public_accessstorage_sync_private_link_usedsynapse_workspace_data_exfiltration_protection_enabledsynapse_workspace_encryption_at_rest_using_cmksynapse_workspace_private_link_usedweb_pubsub_sku_with_slaweb_pubsub_uses_managed_identity
Queries in Terraform Azure Compliance
The Terraform Azure Compliance mod includes 291 queries:
- apimanagement_backend_uses_https
- apimanagement_service_client_certificate_enabled
- apimanagement_service_restrict_public_access
- apimanagement_service_uses_latest_tls_version
- apimanagement_service_with_virtual_network
- app_configuration_encryption_enabled
- app_configuration_local_auth_disabled
- app_configuration_purge_protection_enabled
- app_configuration_restrict_public_access
- app_configuration_sku_standard
- application_gateway_restrict_message_lookup_log4j2
- application_gateway_use_secure_ssl_cipher
- application_gateway_uses_https_listener
- application_gateway_waf_enabled
- appservice_authentication_enabled
- appservice_azure_defender_enabled
- appservice_environment_internal_encryption_enabled
- appservice_environment_zone_redundant_enabled
- appservice_ftp_deployment_disabled
- appservice_function_app_builtin_logging_enabled
- appservice_function_app_client_certificates_on
- appservice_function_app_cors_no_star
- appservice_function_app_ftps_enabled
- appservice_function_app_latest_http_version
- appservice_function_app_latest_java_version
- appservice_function_app_latest_python_version
- appservice_function_app_latest_tls_version
- appservice_function_app_only_https_accessible
- appservice_function_app_public_access_disabled
- appservice_function_app_uses_managed_identity
- appservice_plan_minimum_sku
- appservice_plan_zone_redundant
- appservice_web_app_always_on
- appservice_web_app_client_certificates_on
- appservice_web_app_cors_no_star
- appservice_web_app_detailed_error_messages_enabled
- appservice_web_app_diagnostic_logs_enabled
- appservice_web_app_failed_request_tracing_enabled
- appservice_web_app_ftps_enabled
- appservice_web_app_health_check_enabled
- appservice_web_app_http_logs_enabled
- appservice_web_app_incoming_client_cert_on
- appservice_web_app_latest_dotnet_framework_version
- appservice_web_app_latest_http_version
- appservice_web_app_latest_java_version
- appservice_web_app_latest_php_version
- appservice_web_app_latest_python_version
- appservice_web_app_latest_tls_version
- appservice_web_app_public_access_disabled
- appservice_web_app_register_with_active_directory_enabled
- appservice_web_app_remote_debugging_disabled
- appservice_web_app_slot_latest_tls_version
- appservice_web_app_slot_remote_debugging_disabled
- appservice_web_app_slot_use_https
- appservice_web_app_use_https
- appservice_web_app_use_virtual_service_endpoint
- appservice_web_app_uses_azure_file
- appservice_web_app_uses_managed_identity
- appservice_web_app_worker_more_than_one
- automation_account_variables_encryption_enabled
- azure_redis_cache_in_virtual_network
- azure_redis_cache_ssl_enabled
- batch_account_encrypted_with_cmk
- batch_account_logging_enabled
- cdn_endpoint_custom_domain_uses_latest_tls_version
- cdn_endpoint_http_disabled
- cdn_endpoint_https_enabled
- cognitive_account_encrypted_with_cmk
- cognitive_account_public_network_access_disabled
- cognitive_account_restrict_public_access
- cognitive_service_local_auth_disabled
- compute_managed_disk_set_encryption_enabled
- compute_vm_allow_extension_operations_disabled
- compute_vm_and_scale_set_agent_installed
- compute_vm_and_scale_set_encryption_at_host_enabled
- compute_vm_and_scale_set_ssh_key_enabled_linux
- compute_vm_automatic_updates_enabled_windows
- compute_vm_disable_password_authentication
- compute_vm_disable_password_authentication_linux
- compute_vm_guest_configuration_installed
- compute_vm_guest_configuration_installed_linux
- compute_vm_guest_configuration_installed_windows
- compute_vm_malware_agent_installed
- compute_vm_scale_set_automatic_os_upgrade_enabled
- compute_vm_scale_set_disable_password_authentication_linux
- compute_vm_system_updates_installed
- compute_vm_uses_azure_resource_manager
- compute_vm_utilizing_managed_disk
- container_instance_container_group_in_virtual_network
- container_instance_container_group_secure_environment_variable
- container_registry_admin_user_disabled
- container_registry_anonymous_pull_disabled
- container_registry_azure_defender_enabled
- container_registry_encrypted_with_cmk
- container_registry_geo_replication_enabled
- container_registry_image_scan_enabled
- container_registry_public_network_access_disabled
- container_registry_quarantine_policy_enabled
- container_registry_restrict_public_access
- container_registry_retention_policy_enabled
- container_registry_trust_policy_enabled
- container_registry_use_virtual_service_endpoint
- container_registry_zone_redundant_enabled
- cosmodb_account_access_key_metadata_writes_disabled
- cosmodb_account_local_authentication_disabled
- cosmodb_account_public_network_access_disabled
- cosmodb_account_restrict_public_access
- cosmosdb_account_encryption_at_rest_using_cmk
- cosmosdb_account_with_firewall_rules
- cosmosdb_use_virtual_service_endpoint
- data_factory_encrypted_with_cmk
- data_factory_restrict_public_access
- data_factory_uses_git_repository
- databricks_workspace_restrict_public_access
- datalake_store_account_encryption_enabled
- dns_azure_defender_enabled
- eventgrid_domain_local_auth_disabled
- eventgrid_domain_restrict_public_access
- eventgrid_domain_uses_managed_identity
- eventgrid_topic_local_auth_disabled
- eventgrid_topic_restrict_public_access
- eventgrid_topic_uses_managed_identity
- eventhub_namespace_cmk_encryption_enabled
- eventhub_namespace_use_virtual_service_endpoint
- eventhub_namespace_uses_latest_tls_version
- eventhub_namespace_zone_redundant
- firewall_has_firewall_policy_set
- firewall_policy_intrusion_detection_mode_set_to_deny
- firewall_threat_intel_mode_set_to_deny
- frontdoor_firewall_policy_restrict_message_lookup_log4j2
- frontdoor_waf_enabled
- healthcare_fhir_azure_api_encrypted_at_rest_with_cmk
- healthcare_fhir_public_network_access_disabled
- iam_no_custom_subscription_owner_roles_created
- iot_hub_logging_enabled
- iot_hub_restrict_public_access
- keyvault_azure_defender_enabled
- keyvault_key_expiration_set
- keyvault_logging_enabled
- keyvault_managed_hms_logging_enabled
- keyvault_managed_hms_purge_protection_enabled
- keyvault_purge_protection_enabled
- keyvault_secret_content_type_set
- keyvault_secret_expiration_set
- keyvault_vault_public_network_access_disabled
- keyvault_vault_use_virtual_service_endpoint
- kubernetes_azure_defender_enabled
- kubernetes_cluster_add_on_azure_policy_enabled
- kubernetes_cluster_authorized_ip_range_defined
- kubernetes_cluster_critical_pods_on_system_nodes
- kubernetes_cluster_key_vault_secret_rotation_enabled
- kubernetes_cluster_local_admin_disabled
- kubernetes_cluster_logging_enabled
- kubernetes_cluster_max_pod_50
- kubernetes_cluster_network_policy_enabled
- kubernetes_cluster_node_pool_type_scale_set
- kubernetes_cluster_node_restrict_public_access
- kubernetes_cluster_os_and_data_disks_encrypted_with_cmk
- kubernetes_cluster_os_disk_ephemeral
- kubernetes_cluster_restrict_public_access
- kubernetes_cluster_sku_standard
- kubernetes_cluster_temp_disks_and_agent_node_pool_cache_encrypted_at_host
- kubernetes_cluster_upgrade_channel
- kubernetes_instance_rbac_enabled
- kusto_cluster_disk_encryption_enabled
- kusto_cluster_double_encryption_enabled
- kusto_cluster_encrypted_at_rest_with_cmk
- kusto_cluster_sku_with_sla
- kusto_cluster_uses_managed_identity
- logic_app_workflow_logging_enabled
- machine_learning_compute_cluster_local_auth_disabled
- machine_learning_compute_cluster_minimum_node_zero
- machine_learning_workspace_encrypted_with_cmk
- machine_learning_workspace_restrict_public_access
- mariadb_server_geo_redundant_backup_enabled
- mariadb_server_public_network_access_disabled
- mariadb_server_ssl_enabled
- monitor_log_profile_enabled_for_all_categories
- monitor_log_profile_enabled_for_all_regions
- monitor_log_profile_retention_365_days
- monitor_logs_storage_container_not_public_accessible
- mysql_db_server_geo_redundant_backup_enabled
- mysql_server_encrypted_at_rest_using_cmk
- mysql_server_infrastructure_encryption_enabled
- mysql_server_min_tls_1_2
- mysql_server_public_network_access_disabled
- mysql_server_threat_detection_enabled
- mysql_ssl_enabled
- network_dns_server_2
- network_interface_ip_forwarding_disabled
- network_security_group_http_access_restricted
- network_security_group_not_configured_gateway_subnets
- network_security_group_rdp_access_restricted
- network_security_group_ssh_access_restricted
- network_security_group_subnet_associated
- network_security_group_udp_access_restricted
- network_security_rule_http_access_restricted
- network_security_rule_rdp_access_restricted
- network_security_rule_ssh_access_restricted
- network_security_rule_udp_access_restricted
- network_virtual_network_dns_server_2
- network_watcher_flow_log_retention_period_90_days
- postgres_db_flexible_server_geo_redundant_backup_enabled
- postgres_db_server_connection_throttling_on
- postgres_db_server_geo_redundant_backup_enabled
- postgres_db_server_latest_tls_version
- postgres_db_server_log_checkpoints_on
- postgres_db_server_log_connections_on
- postgres_db_server_log_disconnections_on
- postgres_db_server_log_retention_days_3
- postgres_db_server_threat_detection_policy_enabled
- postgresql_server_encrypted_at_rest_using_cmk
- postgresql_server_infrastructure_encryption_enabled
- postgresql_server_public_network_access_disabled
- postgresql_ssl_enabled
- redis_cache_min_tls_1_2
- redis_cache_restrict_public_access
- redis_cache_standard_replication_enabled
- resource_manager_azure_defender_enabled
- search_service_public_allowed_ip_restrict_public_access
- search_service_public_network_access_disabled
- search_service_replica_count_3
- search_service_uses_managed_identity
- search_service_uses_sku_supporting_private_link
- securitycenter_automatic_provisioning_monitoring_agent_on
- securitycenter_azure_defender_on_for_appservice
- securitycenter_azure_defender_on_for_containerregistry
- securitycenter_azure_defender_on_for_k8s
- securitycenter_azure_defender_on_for_keyvault
- securitycenter_azure_defender_on_for_server
- securitycenter_azure_defender_on_for_sqldb
- securitycenter_azure_defender_on_for_sqlservervm
- securitycenter_azure_defender_on_for_storage
- securitycenter_contact_number_configured
- securitycenter_email_configured
- securitycenter_notify_alerts_configured
- securitycenter_security_alerts_to_owner_enabled
- securitycenter_uses_standard_pricing_tier
- service_bus_namespace_encrypted_with_cmk
- service_bus_namespace_infrastructure_encryption_enabled
- service_bus_namespace_latest_tls_version
- service_bus_namespace_local_auth_disabled
- service_bus_namespace_restrict_public_access
- service_bus_namespace_uses_managed_identity
- servicefabric_cluster_active_directory_authentication_enabled
- servicefabric_cluster_protection_level_as_encrypt_and_sign
- signalr_services_uses_paid_sku
- spring_cloud_api_https_only_enabled
- spring_cloud_api_restrict_public_access
- spring_cloud_service_network_injection_enabled
- sql_database_allow_internet_access
- sql_database_ledger_enabled
- sql_database_log_monitoring_enabled
- sql_database_long_term_geo_redundant_backup_enabled
- sql_database_server_azure_defender_enabled
- sql_database_zone_redundant_enabled
- sql_db_active_directory_admin_configured
- sql_db_public_network_access_disabled
- sql_server_admins_email_security_alert_enabled
- sql_server_all_security_alerts_enabled
- sql_server_atp_enabled
- sql_server_auditing_storage_account_destination_retention_90_days
- sql_server_audting_retention_period_90
- sql_server_azure_ad_authentication_enabled
- sql_server_email_security_alert_enabled
- sql_server_uses_latest_tls_version
- sql_server_vm_azure_defender_enabled
- storage_account_blob_containers_public_access_private
- storage_account_blob_service_logging_enabled
- storage_account_block_public_access
- storage_account_default_network_access_rule_denied
- storage_account_encryption_at_rest_using_cmk
- storage_account_encryption_scopes_encrypted_at_rest_with_cmk
- storage_account_infrastructure_encryption_enabled
- storage_account_queue_services_logging_enabled
- storage_account_replication_type_set
- storage_account_restrict_network_access
- storage_account_secure_transfer_required_enabled
- storage_account_trusted_microsoft_services_enabled
- storage_account_use_virtual_service_endpoint
- storage_account_uses_azure_resource_manager
- storage_account_uses_latest_minimum_tls_version
- storage_account_uses_private_link
- storage_azure_defender_enabled
- storage_container_restrict_public_access
- storage_sync_private_link_used
- synapse_workspace_data_exfiltration_protection_enabled
- synapse_workspace_encryption_at_rest_using_cmk
- synapse_workspace_private_link_used
- web_pubsub_sku_with_sla
- web_pubsub_uses_managed_identity