| AC_AZURE_0236 | Ensure that VA setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0237 | Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0239 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
| AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
| AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
| AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
| AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0255 | Ensure virtual network configuration is added for Azure Kusto Cluster | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0256 | Ensure private DNS zones are not linked to Azure Virtual Network | Azure | Compliance Validation | LOW |
| AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0258 | Ensure default connection policy is not in use for Azure SQL Server | Azure | Compliance Validation | LOW |
| AC_AZURE_0259 | Ensure point-in-time-restore is enabled for Azure SQL Database | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0260 | Ensure backup retention period is enabled for Azure PostgreSQL Server | Azure | Compliance Validation | HIGH |
| AC_AZURE_0261 | Ensure public network access is disabled for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0262 | Ensure public network access is disabled for Azure Container Registry | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0263 | Ensure public network access is disabled for Azure Batch Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0264 | Ensure log profile is configured to capture all activities for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0265 | Ensure Secrets are not exposed in customData used in Azure Virtual Machine | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0266 | Ensure managed virtual networks are in use for Azure Synapse Workspace | Azure | Infrastructure Security | LOW |
| AC_AZURE_0267 | Ensure that 'Phone number' is set for Azure Security Center Contact | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0268 | Ensure geo-redundant backups are enabled for Azure MySQL Single Server | Azure | Data Protection | HIGH |
| AC_AZURE_0269 | Ensure that Accelerated Networking feature is enabled for Azure virtual machines (VMs) | Azure | Compliance Validation | LOW |
| AC_AZURE_0270 | Ensure CIFS / SMB (TCP:3020) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0271 | Ensure CIFS / SMB (TCP:3020) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0272 | Ensure CIFS / SMB (TCP:3020) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0273 | Ensure Cassandra (TCP:7001) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0274 | Ensure Cassandra (TCP:7001) is not exposed to public for Azure Network Security Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0275 | Ensure Cassandra (TCP:7001) is not exposed to more than 32 private hosts for Azure Network Security Rule | Azure | Infrastructure Security | LOW |
| AC_AZURE_0276 | Ensure Cassandra OpsCenter (TCP:61621) is not exposed to entire internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0277 | Ensure tags are associated with Azure CosmosDB Account | Azure | Compliance Validation | LOW |
| AC_AZURE_0278 | Ensure HTTP is disallowed for Azure CDN Endpoint | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0279 | Ensure notification email setting is enabled for Azure SQL Database Threat Detection Policy | Azure | Logging and Monitoring | LOW |
| AC_AZURE_0280 | Ensure accessibility is restricted up to 256 hosts in Azure SQL Firewall Rule | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0281 | Ensure latest version of Azure Kubernetes Cluster is in use | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0282 | Ensure Owner roles are not assigned to any principal using Azure Role Assignment | Azure | Identity and Access Management | HIGH |
| AC_AZURE_0283 | Ensure that Activity Log Retention is set 365 days or greater for Azure Monitor Log Profile | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0284 | Ensure that 'Unattached disks' are encrypted with CMK | Azure | Data Protection | MEDIUM |
| AC_AZURE_0285 | Ensure that SSH access is restricted from the internet | Azure | Infrastructure Security | HIGH |
