The Azure &quot;Security Defaults&quot; recommendations represent an entry-level set of recommendations which will be relevant to organizations and tenants that are either just starting to use Azure as an IaaS solution, or are only utilizing a bare minimum feature set such as the freely licensed tier of Azure Active Directory. Security Defaults recommendations are intended to ensure that these entry-level use cases are still capable of establishing a strong baseline of secure configuration.<br /><br />If your subscription is licensed to use Azure AD Premium P1 or P2, it is strongly recommended that the &quot;Security Defaults&quot; section (this section and the recommendations therein) be bypassed in favor of the use of &quot;Conditional Access.&quot; 

The Azure &quot;Security Defaults&quot; recommendations represent an entry-level&#92;nset of recommendations which will be relevant to organizations and tenants that are&#92;neither just starting to use Azure as an IaaS solution, or are only utilizing a bare minimum&#92;nfeature set such as the freely licensed tier of Azure Active Directory. Security Defaults&#92;nrecommendations are intended to ensure that these entry-level use cases are still&#92;ncapable of establishing a strong baseline of secure configuration.&#92;n&#92;nIf your subscription is licensed to use Azure AD Premium P1 or P2, it is strongly&#92;nrecommended that the &quot;Security Defaults&quot; section (this section and the&#92;nrecommendations therein) be bypassed in favor of the use of &quot;Conditional&#92;nAccess.&quot;&#92;n

Azure > CIS v2.0 > 01 - Identity and Access Management

Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults

Azure > Management Group

Azure > Subscription

Azure > Tenant

Turbot > Folder

Turbot

Turbot > IAM > Turbot Identity

Turbot > IAM > Unidentified Identity

Azure > Active Directory > Directory

Kubernetes > Cluster

GitHub > Repository

ServiceNow > Instance

AWS > Account

GCP > Project

Azure > PostgreSQL > Flexible Server

Azure > PostgreSQL > Server

Azure > SQL Virtual Machine Service > SQL Virtual Machine

Azure > Resource Group

Azure > SQL > Database

Azure > SQL > Elastic Pool

Azure > SQL > Managed Instance

Azure > SQL > Server

Azure > Automation > Automation Account

Azure > Automation > Runbook

Azure > Relay > Namespace

Azure > App Service > App Service Plan

Azure > App Service > Web App

Azure > Synapse Analytics > SQL Pool

Azure > Synapse Analytics > Workspace

Azure > Compute > Availability Set

Azure > Compute > Disk

Azure > Compute > Disk Encryption Set

Azure > Compute > Image

Azure > Compute > Snapshot

Azure > Compute > Ssh Public Key

Azure > Compute > Virtual Machine

Azure > Compute > Virtual Machine Scale Set

Azure > Monitor > Action Group

Azure > Monitor > Metric Alert

Azure > Key Vault > Vault

Azure > Service Bus > Namespace

Azure > MySQL > Flexible Server

Azure > MySQL > Server [Deprecated]

Azure > Application Gateway Service > Application Gateway

Azure > API Management > API Management Service

Azure > Cosmos DB > Database Account

Azure > Application Insights > Application Insight

Azure > AKS > Managed Cluster

Azure > Recovery Service > Vault

Azure > DNS > Zone

Azure > DNS > Record Set

Azure > Databricks > Workspace

Azure > Container Registry > Registry

Azure > SignalR Service > SignalR

Azure > Network > Application Security Group

Azure > Network > Express Route Circuits

Azure > Network > Network Interface

Azure > Network > Network Security Group

Azure > Network > Private DNS Zones

Azure > Network > Private Endpoints

Azure > Network > Public IP Address

Azure > Network > Route Table

Azure > Network > Virtual Network

Azure > Network > Virtual Network Gateway

Azure > Network > Private Link Service

Azure > Load Balancer > Load Balancer

Azure > Search Management > Search Service

Azure > Firewall > Firewall

Azure > Network Watcher > Network Watcher

Azure > Managed Identity > User Assigned Identity

Azure > Data Factory > Factory

Azure > Log Analytics > Log Analytics Workspace

Azure > Storage > Storage Account

AWS > API Gateway > API

AWS > API Gateway > API V2

AWS > API Gateway > Stage

AWS > API Gateway > Domain Name V2

AWS > API Gateway > API Key

AWS > API Gateway > Usage Plan

AWS > API Gateway > Stage v2

AWS > CloudFormation > Stack

AWS > CloudFormation > StackSet

AWS > Athena > Workgroup

AWS > Athena > NamedQuery

AWS > Neptune > DB Instance

AWS > Neptune > DB Cluster

AWS > MSK > Cluster

AWS > DynamoDB > Table

AWS > KMS > Key

AWS > AppStream > Image

AWS > AppStream > Fleet

AWS > AppStream > Image Builder

AWS > SNS > Topic

AWS > SNS > Topic Policy

AWS > VPC > Customer Gateway

AWS > VPC > Transit Gateway

AWS > VPC > Transit Gateway Route Table

AWS > VPC > Peering Connection

AWS > VPC > VPN Connection

AWS > VPC > VPN Gateway

AWS > Amplify > App

AWS > Batch > Compute Environment

AWS > Batch > Job Queue

AWS > Lambda > Function

AWS > RDS > DB Cluster

AWS > RDS > DB Cluster Parameter Group

AWS > RDS > DB Cluster Snapshot [Manual]

AWS > RDS > DB Instance

AWS > RDS > DB Parameter Group

AWS > RDS > DB Snapshot [Manual]

AWS > RDS > Option Group

AWS > RDS > Subnet Group

AWS > Elastic Beanstalk > Application

AWS > Region

AWS > EC2 > Instance

GCP > Folder

Control: Azure > CIS v2.0 > 01 - Identity and Access Management > 1.01 - Security Defaults

Category

In Your Workspace

Developers