Cloudanix Joins AWS ISV Accelerate Program

Cloudanix

AZURE Key Vault Audit

Ensure that AuditEvent logging is enabled for Azure Key Vault instances in order to record any interactions with your vaults for enhancing data protection and compliance within your Azure cloud account.

AuditEvent logging should be enabled

Ensure that AuditEvent logging is enabled for Azure Key Vault instances in order to record any interactions with your vaults for enhancing data protection and compliance within your Azure cloud account.

Key Vault Recoverability should be enabled

Ensure that production Azure Key Vaults are recoverable in order to prevent permanent deletion/purging of encryption keys, secrets and certificates stored within these vaults. To make your Azure Key Vault instances recoverable, you need to enable both "Soft Delete" and "Do Not Purge" features.

Enable Trusted Microsoft Services access for Key Vault

Ensure that, Allow trusted Microsoft services to bypass this firewall, exception is enabled within your Azure Key Vault network settings in order to grant vault access to trusted Azure cloud services.

Default Network Access should be restricted

Ensure that your Microsoft Azure Key Vaults are configured to deny access to traffic from all networks (including the public Internet). This adds an important layer of security.

User, Group or Applications have full administrator privileges

In Microsoft Azure Key Vault, check for any Users, Groups or Applications with full administrator privileges configured to access and manage Azure Key Vaults, in order to adhere to security best practices and implement the principle of least privileges.

Keys should have an expiration time

In Microsoft Azure Key Vault, check for any keys that does not have any expiration time set.

Keys are about to expire and need rotation

In Microsoft Azure Key Vault, check for any keys that are about to expire and rotate them by creating a new version of these keys.

Secrets should have an expiration time

In Microsoft Azure Key Vault, check for any secrets that does not have any expiration time set.

Secrets are about to expire and need rotation

In Microsoft Azure Key Vault, check for any secrets that are about to expire and rotate them by creating a new version of these secrets.

Auto Renewal should be enabled for SSL Certificates

Microsoft Azure Key Vault service can renew your SSL certificates automatically in order to prevent any application or service outage, credential leak, or process violation that can disrupts your business.

Certificates have insufficient auto renewal period

In Microsoft Azure Key Vault, ensure that certificates have a sufficient auto-renewal period configured for security and compliance purposes. This period indicates the amount of time (number of days) before SSL certificate expiration, when the renewal process is automatically triggered.

Certificates key size is less than recommended key size

In Microsoft Azure Key Vault, check for any certificates that are generated with minimum key size allowed within your organization, for security and compliance purposes.

Certificate Transparency should be enabled

Ensure that Certificate Transparency feature is enabled for all Azure Key Vault SSL/TLS certificates in order to adhere to best practices. Certificate Transparency (CT) is a new Internet standard that addresses the concerns about mis-issued certificates by making the Transport Layer Security (TLS) ecosystem publicly auditable.

cta-image

Secure Every Layer of Your Cloud Stack with Cloudanix

Unify your security workflows with Cloudanix — one dashboard for misconfigurations, drift detection, CI/CD, and identity protection.

Get Started

CLOUDANIX

Insights from Cloudanix

Explore guides, checklists, and blogs that simplify cloud security and help you secure your infrastructure.