AZURE Compute Audit

Your EC2 could become your weakest link. Cloudanix can help!

What we do?

Virtual Machine Extensions Installed

Azure virtual machine extensions are small applications that provide post-deployment configuration and automation tasks on Azure virtual machines. These extensions run with administrative privileges and could potentially access anything on a virtual machine. The Azure Portal and community provide several such extensions.

Addresses: Security

Additional Reading:

Virtual Machines should only allow SSH based authentication

Ensure that your production Microsoft Azure virtual machines are configured to use SSH keys instead of username/password credentials for SSH authentication.

Addresses: Security

Additional Reading:

Virtual Machines should have sufficient daily backup retention period

Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient daily backup retention period configured within the associated backup policy for security and compliance purposes. The maximum retention period supported is 30 days.

Addresses: Reliability

Additional Reading:

Virtual Machines should have sufficient instant restore retention period

Ensure that your Microsoft Azure virtual machines (VMs) have a sufficient snapshot instant restore retention period configured for data security and internal compliance. Instant recovery snapshots are stored together with the VM disk volumes to speed up the recovery point creation and the restore operations. Azure VM instant restore retention period can range from a minimum of 1 day to a maximum of 5 days.

Addresses: Reliability

Additional Reading:

Virtual Machines should have backups

Ensure that Azure Backup service is enabled and configured to create server backups for your Microsoft Azure virtual machines (VMs), in order to follow data security best practices and compliance requirements. Azure Backup service is a cost-effective, one-click backup solution, that simplifies virtual machine data recovery in your Azure cloud account.

Addresses: Security

Additional Reading:

Setup Alerts for Create or Update Virtual Machine Events

Ensure that an Azure activity log alert is fired whenever 'Create Virtual Machine' or 'Update Virtual Machine' events are triggered in your Microsoft Azure cloud account. Activity log alerts get triggered when a new activity log event that matches the condition specified in the alert configuration occurs. The matched condition is Whenever the Administrative Activity Log 'Create or Update Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'

Addresses: Security

Additional Reading:

Setup Alerts for Power Off Virtual Machine Events

Ensure that a Microsoft Azure activity log alert is fired whenever a 'Power Off Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition defined in the alert configuration is triggered. The alert condition that this conformity rule checks for is `Whenever the Administrative Activity Log 'Power Off Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'`

Addresses: Security

Additional Reading:

Setup Alerts for Delete Virtual Machine Events

Ensure that a Microsoft Azure activity log alert is fired whenever a 'Delete Virtual Machine' event is triggered within your cloud account. An Azure activity log alert fires each time the action event that matches the condition specified in the alert configuration is triggered. The alert condition that this rule searches for is `Whenever the Administrative Activity Log 'Delete Virtual Machine (Microsoft.Compute/virtualMachines)' has 'any' level, with 'any' status and event is initiated by 'any'`

Addresses: Security

Additional Reading:

Virtual Machines should user Standard SSD for Cost Effective storage

Ensure that your Microsoft Azure virtual machines (VMs) are using Standard SSD disk volumes instead of Premium SSD volumes for cost-effective storage that fits a broad range of workloads from web servers to enterprise applications that need consistent performance at lower IOPS levels. Unless you are running mission-critical applications or performance sensitive workloads that need more than 6000 IOPS or 750 MiB/s of throughput per VM disk volume, it's recommends converting your Premium SSD volumes to Standard SSD in order to lower the cost of your Azure monthly bill.

Addresses: Cost Optimization

Additional Reading:

Disks Lacking Encryption

Encrypting disks ensures that their entire content is fully unrecoverable without a key and thus protects the volume from unwarranted reads.

Addresses: Security

Additional Reading:

Remove Unattached Virtual Machine Disk Volumes

Identify any unattached (unused) Microsoft Azure virtual machine disk volumes available within your Azure cloud account and delete them in order to lower the cost of your monthly bill and reduce the risk of sensitive data leakage.

Addresses: Security, Cost Optimization

Additional Reading: