Compute Audit

​

Checks performed

• Virtual Machine Extensions Installed
• Virtual Machines Should Only Allow SSH Based Authentication
• Virtual Machines Should Have Sufficient Daily Backup Retention Period
• Virtual Machines Should Have Sufficient Instant Restore Retention Period
• Virtual Machines Should Have Backups
• OS Disks Lacking Encryption
• Disks Lacking Encryption
• Remove Unattached Virtual Machine Disk Volumes
• Approved Azure Machine Image In Use
• Azure Disk Encryption For Boot Disk Volumes
• Azure Disk Encryption For Non-Boot Disk
• VM Scale Sets Should Be Integrated With Load Balancers
• Check for Zone-Redundant Virtual Machine Scale Sets
• Check For Desired VM SKU Size
• Enable Accelerated Networking For Virtual Machines
• Enable Automatic Instance Repairs
• Enable Automatic OS Upgrades
• Enable Autoscale Notifications
• Enable Instance Termination Notifications For Virtual Machine Scale Sets
• Enable Just-In-Time Access for Virtual Machines
• Use BYOK for Disk Volumes Encryption
• Server Side Encryption for Unattached Disk using CMK
• Server Side Encryption for Non-Boot Disk using CMK
• Server Side Encryption for Boot Disk using CMK
• Install Endpoint Protection
• Enable Performance Diagnostics for Azure Virtual Machines
• Enable System-Assigned Managed Identities
• Enable Virtual Machine Access using Active Directory Authentication
• Enable Virtual Machine Boot Diagnostics
• Enable and Configure Health Monitoring
• Remove Unattached Virtual Machine Disk Volume
• Use Customer Managed Keys for Virtual Hard Disk Encryption
• Use Managed Disk Volumes for Virtual Machines
• Virtual Machines Should Use Standard SSD