Intelligent Assessment: Natural language Guardrails powered by AI →
Mods
Azure

Policy: Azure > CIS v2.0 > 07 - Virtual Machines > 7.01 - Ensure an Azure Bastion Host Exists

Configures auditing against a CIS Benchmark item.

Level: 2

The Azure Bastion service allows secure remote access to Azure Virtual Machines over the Internet without exposing remote access protocol ports and services directly to the Internet. The Azure Bastion service provides this access using TLS over 443/TCP, and subscribes to hardened configurations within an organization's Azure Active Directory service.

The Azure Bastion service allows organizations a more secure means of accessing Azure Virtual Machines over the Internet without assigning public IP addresses to those Virtual Machines. The Azure Bastion service provides Remote Desktop Protocol (RDP) and Secure Shell (SSH) access to Virtual Machines using TLS within a web browser, thus preventing organizations from opening up 3389/TCP and 22/TCP to the Internet on Azure Virtual Machines. Additional benefits of the Bastion service includes Multi-Factor Authentication, Conditional Access Policies, and any other hardening measures configured within Azure Active Directory using a central point of access.

Targets

This policy targets the following resource types:

Primary Policy

This policy is used with the following primary policy:

Policy Specification

Schema Type
string
Default
Per Azure > CIS v2.0 > 07 - Virtual Machines
Valid Values [YAML]
  • Per Azure > CIS v2.0 > 07 - Virtual Machines
    
  • Skip
    
  • Check: Benchmark
    

Category

In Your Workspace

Developers