| AC_AZURE_0210 | Ensure that Diagnostic Logs Are Enabled for All Services that Support it | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0211 | Ensure data backup is enabled using `backup_blob_container_uri` for Azure Analysis Services Servers | Azure | Resilience | MEDIUM |
| AC_AZURE_0212 | Ensure the "Minimum TLS version" is set to "Version 1.2" | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0213 | Ensure that members are always added for AzureAD Groups | Azure | Compliance Validation | LOW |
| AC_AZURE_0214 | Ensure Azure Keyvaults are used to store secrets | Azure | Data Protection | LOW |
| AC_AZURE_0215 | Ensure labels are configured to keep track of organization resources for Azure Kubernetes Cluster | Azure | Compliance Validation | LOW |
| AC_AZURE_0216 | Ensure that a 'Diagnostics Setting' exists | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0218 | Ensure that Activity Log Alert exists for Create Policy Assignment | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0219 | Ensure that only Azure integrated certificate authorities are in use for issuing certificates used in Azure Key Vault Certificate | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0220 | Ensure Customer Managed Key (CMK) is configured for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0221 | Ensure CORS is configured to allow only trusted clients for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0222 | Ensure failing azure functions have email alerts configured for Azure Monitor Action Group | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0223 | Ensure that auto-scaling is enabled for Azure Kubernetes Cluster | Azure | Resilience | MEDIUM |
| AC_AZURE_0224 | Ensure latest TLS/SSL version is in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0225 | Ensure Power BI analysis services are defined for Azure Analysis Services Server | Azure | Compliance Validation | LOW |
| AC_AZURE_0226 | Ensure public access is disabled for Azure Healthcare Service | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0227 | Ensure advanced threat protection is enabled for Azure CosmosDB Account | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0228 | Ensure that customer managed key is used for encryption for Azure Container Registry | Azure | Data Protection | MEDIUM |
| AC_AZURE_0229 | Ensure internal load balancing is enabled for Azure App Service Environment | Azure | Resilience | MEDIUM |
| AC_AZURE_0230 | Ensure Developer/Premium SKUs are in use for Azure API Management | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0231 | Ensure that request initiated from all ports (*) for all destination ports (*) is restricted from the internet for Azure Network Security Rule | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0232 | Ensure the Storage Container Storing the Activity Logs is not Publicly Accessible | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0233 | Ensure the storage account containing the container with activity logs is encrypted with BYOK (Use Your Own Key) | Azure | Data Protection | MEDIUM |
| AC_AZURE_0234 | Ensure that Vulnerability Assessment Setting 'Also send email notifications to admins and subscription owners' is Set for Each SQL Server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0235 | Ensure SQL Server Threat Detection Retention is set to a value greater than 90 days for Azure SQL Database | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0236 | Ensure that VA setting 'Send scan reports to' is configured for a SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0237 | Ensure that VA setting 'Periodic recurring scans' to 'on' for each SQL server | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0238 | Ensure that Vulnerability Assessment (VA) is enabled on a SQL server by setting a Storage Account | Azure | Identity and Access Management | MEDIUM |
| AC_AZURE_0239 | Ensure That 'All users with the following roles' is set to 'Owner' | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0240 | Ensure SQL server's TDE protector is encrypted with Customer-managed key | Azure | Data Protection | MEDIUM |
| AC_AZURE_0241 | Ensure that 'Data encryption' is set to 'On' on a SQL Database | Azure | Data Protection | MEDIUM |
| AC_AZURE_0242 | Ensure Diagnostic Setting captures appropriate categories | Azure | Logging and Monitoring | MEDIUM |
| AC_AZURE_0243 | Ensure that LocalGit repository folder is not set to 'wwwroot' for Azure App Service | Azure | Configuration and Vulnerability Analysis | HIGH |
| AC_AZURE_0244 | Ensure remote debugging is turned off for Azure App Service | Azure | Infrastructure Security | HIGH |
| AC_AZURE_0245 | Ensure that 'HTTP Version' is the Latest, if Used to Run the Web App | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0246 | Ensure that 'Java version' is the latest, if used to run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0247 | Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0248 | Ensure That 'PHP version' is the Latest, If Used to Run the Web App | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0249 | Ensure that '.Net Framework' version is the latest in Azure App Service | Azure | Configuration and Vulnerability Analysis | MEDIUM |
| AC_AZURE_0250 | Ensure integration service environment are used for deployment of Azure Logic App Workflow | Azure | Security Best Practices | LOW |
| AC_AZURE_0251 | Ensure key size is set on all keys for Azure Key Vault Key | Azure | Security Best Practices | MEDIUM |
| AC_AZURE_0252 | Ensure public IP addresses are disabled in Azure Databricks Workspaces | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0253 | Ensure system-assigned managed identity authentication is used for Azure Data Factory | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0254 | Ensure public network access is disabled for Azure Cognitive Account | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0255 | Ensure virtual network configuration is added for Azure Kusto Cluster | Azure | Infrastructure Security | MEDIUM |
| AC_AZURE_0256 | Ensure private DNS zones are not linked to Azure Virtual Network | Azure | Compliance Validation | LOW |
| AC_AZURE_0257 | Ensure Azure Active Directory (AAD) is configured for Azure Synapse Workspace | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0258 | Ensure default connection policy is not in use for Azure SQL Server | Azure | Compliance Validation | LOW |
| AC_AZURE_0259 | Ensure point-in-time-restore is enabled for Azure SQL Database | Azure | Compliance Validation | MEDIUM |
| AC_AZURE_0260 | Ensure backup retention period is enabled for Azure PostgreSQL Server | Azure | Compliance Validation | HIGH |
