Batch - oWretch/policy GitHub Wiki
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Batch |
Azure Batch account should use customer-managed keys to encrypt data Use customer-managed keys to manage the encryption at rest of your Batch account's data. By default, customer data is encrypted with service-managed keys, but customer-managed keys are commonly required to meet regulatory compliance standards. Customer-managed keys enable the data to be encrypted with an Azure Key Vault key created and owned by you. You have full control and responsibility for the key lifecycle, including rotation and management. Learn more at https://aka.ms/Batch-CMK. |
Deny Disabled Audit |
Deny Disabled Audit |
|||||||
| Batch |
Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts Private DNS records allow private connections to private endpoints. Private endpoint connections allow secure communication by enabling private connectivity to Batch accounts without a need for public IP addresses at the source or destination. For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity. |
DeployIfNotExists Disabled |
||||||||
| Batch |
Public network access should be disabled for Batch accounts Disabling public network access on a Batch account improves security by ensuring your Batch account can only be accessed from a private endpoint. Learn more about disabling public network access at https://docs.microsoft.com/azure/batch/private-connectivity. |
Deny Disabled Audit |
||||||||
| Batch |
Resource logs in Batch accounts should be enabled Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |
AuditIfNotExists Disabled |
| Category | Policy | Platform | Landing Zones | Production | Decommissioned | Management | Corp | Connectivity | Sandbox | Identity |
|---|---|---|---|---|---|---|---|---|---|---|
| Batch |
Deploy - Configure private DNS zones for private endpoints that connect to Batch accounts Private DNS records allow private connections to private endpoints. Private endpoint connections allow secure communication by enabling private connectivity to Batch accounts without a need for public IP addresses at the source or destination. For more information on private endpoints and DNS zones in Batch, see https://docs.microsoft.com/azure/batch/private-connectivity. |
azureBatchPrivateDnsZoneId = --DNSZonePrefix--privatelink.batch.azur...
|
||||||||
| Batch |
Resource logs in Batch accounts should be enabled Audit enabling of resource logs. This enables you to recreate activity trails to use for investigation purposes; when a security incident occurs or when your network is compromised |
diagnosticsLogsInBatchAccountRetentionDays = 1
|