discussion |
---|
What's changed since v0.18.0:
- New features:
- Added
Azure.GA_2020_12
baseline. #593- Includes rules released before or during December 2020 for Azure GA features.
- Marked baseline
Azure.GA_2020_09
as obsolete.
- Added
- New rules:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.19.3. #590
- Updated
- Azure Kubernetes Service:
- General improvements:
- Engineering:
- Bump PSRule dependency to v1.0.0. #588
What's changed since pre-release v0.19.0-B2012008:
- New features:
- Added
Azure.GA_2020_12
baseline. #593- Includes rules released before or during December 2020 for Azure GA features.
- Marked baseline
Azure.GA_2020_09
as obsolete.
- Added
What's changed since pre-release v0.19.0-B2011008:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.19.3. #590
- Updated
- Azure Kubernetes Service:
- Engineering:
- Bump PSRule dependency to v1.0.0. #588
What's changed since v0.18.0:
- New rules:
- General improvements:
What's changed since v0.17.0:
- New rules:
- Container Registry:
- Check registries use container image scanning. #558
- Check registries image scanning results are healthy. #558
- Check registries use content trust. #558
- Check registries are geo-replicated. #558
- Check registries uses storage space less than included storage. #558
- Check registries have a retention set of untagged manifests (preview). #558
- Check registries use image quarantine pattern (preview). #558
- Front Door:
- Check Front Door WAF policy name requirements. #552
- Container Registry:
- Bug fixes:
- Fixed HNS storage accounts so they are excluded from blob soft delete rule. #554
- Fixed reason typo on template parameter metadata. #567
- Fixed
Get-AzRuleTemplateLink
reports incorrect parameter with file path. #568 - Fixed variable property not resolved with copy peer. #571
- Fixed blob soft delete for FileStorage storage accounts. #573
- Fixed top level variable copy detected as unused variable.#569
- Fixed ResourceGroupName property cannot be found on this object. #561
What's changed since pre-release v0.18.0-B2011023:
- No additional changes.
What's changed since pre-release v0.18.0-B2011005:
- Bug fixes:
- Fixed reason typo on template parameter metadata. #567
- Fixed
Get-AzRuleTemplateLink
reports incorrect parameter with file path. #568 - Fixed variable property not resolved with copy peer. #571
- Fixed blob soft delete for FileStorage storage accounts. #573
- Fixed top level variable copy detected as unused variable.#569
What's changed since pre-release v0.18.0-B2010016:
- Bug fixes:
- Fixed ResourceGroupName property cannot be found on this object. #561
What's changed since v0.17.0:
- New rules:
- Container Registry:
- Check registries use container image scanning. #558
- Check registries image scanning results are healthy. #558
- Check registries use content trust. #558
- Check registries are geo-replicated. #558
- Check registries uses storage space less than included storage. #558
- Check registries have a retention set of untagged manifests (preview). #558
- Check registries use image quarantine pattern (preview). #558
- Front Door:
- Check Front Door WAF policy name requirements. #552
- Container Registry:
- Bug fixes:
- Fixed HNS storage accounts so they are excluded from blob soft delete rule. #554
What's changed since v0.16.0:
- New rules:
- Azure Cache for Redis:
- App Configuration:
- App Service:
- Check App Service apps use HTTP/2. #538
- Check App Service apps use managed identities. #537
- Check App Service apps use Always On. #521
- Check App Service apps have remote debugging disabled. #521
- Check App Service apps use newer .NET Framework versions. #521
- Check App Service apps use newer PHP runtime versions. #521
- Logic App:
- Check Logic App apps limit IP range for HTTP triggers. #526
- Updated rules:
- Storage:
- Azure Kubernetes Service:
- Promote
Azure.AKS.AzurePolicyAddOn
to GA rule set. #524
- Promote
- Removed rules:
- Azure Kubernetes Service:
- Remove
Azure.AKS.PodSecurityPolicy
as this AKS feature is replaced by Azure Policy. #523
- Remove
- Azure Kubernetes Service:
- General improvements:
- Bug fixes:
What's changed since pre-release v0.17.0-B2010028:
- No additional changes.
What's changed since pre-release v0.17.0-B2010022:
- New rules:
What's changed since pre-release v0.17.0-B2010017:
- Bug fixes:
- Fixed expansion of templates with multiple variables copy blocks. #541
What's changed since pre-release v0.17.0-B2010006:
- New rules:
- Updated rules:
- Bug fixes:
- Fixed App Service rule site config false positives in templates. #533
What's changed since pre-release v0.17.0-B2009009:
- New rules:
- App Configuration:
- App Service:
- Logic App:
- Check Logic App apps limit IP range for HTTP triggers. #526
- Updated rules:
- Azure Kubernetes Service:
- Promote
Azure.AKS.AzurePolicyAddOn
to GA rule set. #524
- Promote
- Azure Kubernetes Service:
- Removed rules:
- Azure Kubernetes Service:
- Remove
Azure.AKS.PodSecurityPolicy
as this AKS feature is replaced by Azure Policy. #523
- Remove
- Azure Kubernetes Service:
What's changed since v0.16.0:
- General improvements:
What's changed since v0.15.0:
- New features:
- Added
Azure.GA_2020_09
baseline. #488- Includes rules released before or during September 2020 for Azure GA features.
- Marked baseline
Azure.GA_2020_06
as obsolete.
- Added
- New rules:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.18.8. #504
- Updated
- Azure Kubernetes Service:
- General improvements:
- Engineering:
- Bump PSRule dependency to v0.20.0.
- Bug fixes:
What's changed since pre-release v0.16.0-B2009033:
- No additional changes.
What's changed since pre-release v0.16.0-B2009024:
- New features:
- Added
Azure.GA_2020_09
baseline. #488- Includes rules released before or during September 2020 for Azure GA features.
- Marked baseline
Azure.GA_2020_06
as obsolete.
- Added
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.18.8. #504
- Updated
- Azure Kubernetes Service:
- Engineering:
- Bump PSRule dependency to v0.20.0.
What's changed since pre-release v0.16.0-B2009019:
- Bug fixes:
- Fixed Data Factory version not detected with template. #498
What's changed since pre-release v0.16.0-B2009011:
- Bug fixes:
- Fixed parameter file detection with
2019-04-01
schema. #495
- Fixed parameter file detection with
What's changed since pre-release v0.16.0-B2009004:
- Bug fixes:
- Fixed deprecated
$Rule
properties. #491
- Fixed deprecated
What's changed since v0.15.0:
- New rules:
- General improvements:
What's changed since v0.14.1:
- New rules:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.17.9. #452
- Updated
- Azure Kubernetes Service:
- Engineering:
- Bump PSRule dependency to v0.19.0.
- Bug fixes:
What's changed since pre-release v0.15.0-B2008034:
- No additional changes.
What's changed since pre-release v0.15.0-B2008034:
- New rules:
- Bug fixes:
- Fixed use variables check when no variables are defined. #462
What's changed since pre-release v0.15.0-B2008026:
- Bug fixes:
What's changed since v0.14.1:
- New rules:
- All resources:
- Storage Account:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.17.9. #452
- Updated
- Azure Kubernetes Service:
What's changed since v0.14.0:
- Bug fixes:
- Fixed resource tags rule to exclude diagnostic settings. #448
What's changed since v0.13.0:
- New rules:
- API Management:
- Subscriptions:
- Check subscription is managed by PIM. #422
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.17.7. #427
- Updated
- Azure Kubernetes Service:
- General improvements:
- Updated rule reasons and logic. #424
- Bug fixes:
What's changed since pre-release v0.14.0-B2007031:
- No additional changes.
What's changed since pre-release v0.14.0-B2007020:
- New rules:
- Bug fixes:
What's changed since v0.13.0:
- New rules:
- Subscriptions:
- Check subscription is managed by PIM. #422
- Subscriptions:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.17.7. #427
- Updated
- Azure Kubernetes Service:
- General improvements:
- Updated rule reasons and logic. #424
What's changed since v0.12.1:
- New features:
- Added
Azure.GA_2020_06
baseline. #399- Includes rules released before or during June 2020 for Azure GA features.
- Added
- New rules:
- Azure Kubernetes Service:
- Public IP:
- Check Public IP domain name label requirements. #389
- Virtual Machines:
- Virtual Machine Scale Sets:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.16.9. #394
- Updated
- Azure Kubernetes Service:
- Bug fixes:
What's changed since pre-release v0.13.0-B2006032:
- Bug fixes:
- Fixed substring raises an exception processing sub expressions. #413
- New features:
- Added
Azure.GA_2020_06
baseline. #399- Includes rules released before or during June 2020 for Azure GA features.
- Added
- Bug fixes:
- Fixed exception message for object property that does not exist. #362
- New rules:
- Public IP:
- Check Public IP domain name label requirements. #389
- Virtual Machines:
- Virtual Machine Scale Sets:
- Public IP:
- New rules:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.16.9. #394
- Updated
- Azure Kubernetes Service:
- Bug fixes:
- Fixed module default culture. #390
What's changed since v0.12.0:
- Bug fixes:
- Fixed subnet name check for VNET with no subnets. #386
What's changed since v0.11.0:
- New rules:
- Azure Kubernetes Service:
- Container Registry:
- Check registry name requirements. #373
- Front Door:
- Check Front Door name requirements. #373
- Load Balancer:
- Check Load Balancer name requirements. #373
- Network Security Group:
- Check NSG name requirements. #373
- Public IP:
- Check Public IP name requirements. #373
- Policy:
- Check Policy definitions use descriptive fields. #364
- Resource Group:
- Check Resource Group name requirements. #373
- Route table
- Check Route table name requirements. #373
- SignalR Service:
- Check SignalR Service name requirements. #373
- SQL Database:
- Storage Account:
- Virtual Network:
- Virtual Network Gateway:
What's changed since pre-release v0.12.0-B2005026:
- No additional changes.
- New rules:
- Bug fixes:
- Fixed handling of subnet sub-resource name with slash. #381
- New rules:
- Azure Kubernetes Service:
- Container Registry:
- Check registry name requirements. #373
- Front Door:
- Check Front Door name requirements. #373
- Load Balancer:
- Check Load Balancer name requirements. #373
- Network Security Group:
- Check NSG name requirements. #373
- Public IP:
- Check Public IP name requirements. #373
- Resource Group:
- Check Resource Group name requirements. #373
- Route table
- Check Route table name requirements. #373
- SignalR Service:
- Check SignalR Service name requirements. #373
- Storage Account:
- Check Storage Account name requirements. #373
- Virtual Network:
- Virtual Network Gateway:
- New rules:
What's changed since v0.10.1:
- New rules:
- Azure Kubernetes Service:
- Check AKS nodes use a minimum number of pods. #274
- API Management:
- Azure Kubernetes Service:
- General improvements:
- Added name and type bindings for template files. #353
- Breaking change: Renamed configuration options to use a standard prefix. #327
- Configuration options use the
Azure_
prefix. - Update configuration settings to use the new name, old configuration names are ignored.
- Renamed
minAKSVersion
toAzure_AKSMinimumVersion
. - Renamed
azureAllowedRegions
toAzure_AllowedRegions
. - Added configuration option documentation. See about_PSRule_Azure_Configuration for details.
- Configuration options use the
What's changed since pre-release v0.11.0-B2004012:
- General improvements:
- Added name and type bindings for template files. #353
- New rules:
- Azure Kubernetes Service:
- Check AKS nodes use a minimum number of pods. #274
- Azure Kubernetes Service:
- General improvements:
- Breaking change: Renamed configuration options to use a standard prefix. #327
- Configuration options use the
Azure_
prefix. - Update configuration settings to use the new name, old configuration names are ignored.
- Renamed
minAKSVersion
toAzure_AKSMinimumVersion
. - Renamed
azureAllowedRegions
toAzure_AllowedRegions
. - Added configuration option documentation. See about_PSRule_Azure_Configuration for details.
- Configuration options use the
- Breaking change: Renamed configuration options to use a standard prefix. #327
- New rules:
What's changed since v0.10.0:
- Bug fixes:
What's changed since v0.9.0:
- New features:
- Added support for linking parameter and template files for analysis with metadata. #324
- Added
Get-AzRuleTemplateLink
cmdlet to get metadata link to template files. - See cmdlet help for usage.
- Added
- Added support for linking parameter and template files for analysis with metadata. #324
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.16.7. #330
- Updated
- Azure Kubernetes Service:
- General improvements:
- Bug fixes:
- Fixed unused VM resource false positives in templates. #312
- Fixed handling SKU for accelerated networking. #314
- Fixed detection of hybrid use benefit in templates. #313
- Fixed exception message when a template or parameter file is not found. #316
- Fixed detection of diagnostic logging for Front Door. #307
- Fixed Front Door WAF Policy export. #308
- Fixed union of object properties in templates. #303
What's changed since pre-release v0.10.0-B2003051:
- No additional changes.
- New features:
- Added support for linking parameter and template files for analysis with metadata. #324
- Added
Get-AzRuleTemplateLink
cmdlet to get metadata link to template files. - See cmdlet help for usage.
- Added
- Added support for linking parameter and template files for analysis with metadata. #324
- General improvements:
- Removed warning message for
azureAllowedRegions
option. #328
- Removed warning message for
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to 1.16.7. #330
- Updated
- Azure Kubernetes Service:
- Bug fixes:
- Bug fixes:
- General improvements:
- Improvements to verbose logging of
Export-AzRuleData
. #301
- Improvements to verbose logging of
- Bug fixes:
- Fixed union of object properties in templates. #303
What's changed since v0.8.0:
- New rules:
- Updated rules:
- Exclude cloud shell storage accounts from data rules. #278
Azure.Storage.UseReplication
andAzure.Storage.SoftDelete
ignore cloud shell storage accounts.
- Exclude cloud shell storage accounts from data rules. #278
- General improvements:
- Removed module dependency on
Az.Security
. #105
- Removed module dependency on
- Bug fixes:
What's changed since pre-release v0.9.0-B2002036:
- No additional changes.
- Exclude cloud shell storage accounts from data rules. #278
- Added new rule for Subscriptions:
- Check if service health alerts are configured. #290
- Added new rule for Key Vault:
- Check if diagnostic logs are configured. #288
- Added new rule for Front Door:
- Check if diagnostic logs are configured. #289
- Removed module dependency on
Az.Security
. #105
- Added new rules for Traffic Manager:
- Added new rules for Key Vault:
- Added new rule to check Azure Firewall threat intelligence is configured as deny. #266
- Added new rules for Front Door:
- Fixed incorrect string formatting in POSIX culture. #262
- Fixed
Azure.VNET.UseNSGs
to excludeAzureFirewallSubnet
. #261
What's changed since v0.7.0:
- New rules:
- Updated rules:
- General improvements:
- Improvements to rule help wording and usage of links section. #220 #224 #257
- Documentation and reasons messages are now available for all
en
cultures.
- Documentation and reasons messages are now available for all
- Various updates to rule implementation to take advantage of PSRule v0.12.0 language features. #220
- Breaking change: Shorten rule names to improve output display. #119
- Application Gateway rules have been renamed from
Azure.VirtualNetwork.*
toAzure.AppGW.*
. - Load balancer rules have been renamed from
Azure.VirtualNetwork.*
toAzure.LB.*
. - NSG rules have been renamed from
Azure.VirtualNetwork.*
toAzure.NSG.*
. - VNET rules have been renamed from
Azure.VirtualNetwork.*
toAzure.VNET.*
. - NIC rules have been renamed from
Azure.VirtualNetwork.*
toAzure.VM.*
. - Renamed storage account rule
Azure.Storage.SecureTransferRequired
toAzure.Storage.SecureTransfer
.
- Application Gateway rules have been renamed from
- Improvements to rule help wording and usage of links section. #220 #224 #257
- Bug fixes:
- Fix
Azure.Resource.UseTags
applying to template and parameter files. #230
- Fix
What's changed since pre-release v0.8.0-B2001029:
- Fixed
Azure.VNET.UseNSGs
not populating subnet name in reason message. #256 - Updated reason strings to use parent culture
en
. #257
- Updated
Azure.VNET.UseNSGs
to apply to subnet resources from templates. #246 - Updated
Azure.AKS.Version
to 1.15.7. #247 - Breaking change: Renamed
Azure.File.*
rules toAzure.Template.*
. #252
- Fixed
Azure.Resource.UseTags
applying to template and parameter files. #230 - Fixed ARM template and parameter schemas used to detect files. #234
- Added new rule to check API Management uses secure protocol versions. #237
- Added new rule to check API Management published APIs use HTTPS. #236
- Added new rule to check API Management backend connections use HTTPS. #238
- Added new rule to check API Management named values are encrypted. #239
- Added new rule to check Azure CDN connections use HTTPS. #242
- Updated documentation to use parent culture
en
. #224 - Added rules for ARM template and parameter file structure. #225
- Breaking change: Application Gateway rules have been renamed from
Azure.VirtualNetwork.*
toAzure.AppGW.*
. #119 - Breaking change: Load balancer rules have been renamed from
Azure.VirtualNetwork.*
toAzure.LB.*
. #119 - Breaking change: NSG rules have been renamed from
Azure.VirtualNetwork.*
toAzure.NSG.*
. #119 - Breaking change: VNET rules have been renamed from
Azure.VirtualNetwork.*
toAzure.VNET.*
. #119 - Breaking change: NIC rules have been renamed from
Azure.VirtualNetwork.*
toAzure.VM.*
. #119 - Breaking change: Renamed storage account rule
Azure.Storage.SecureTransferRequired
toAzure.Storage.SecureTransfer
. #119
- Fixed Automation account handling with no webhooks or variables. #219
- Rule improvements from PSRule v0.12.0. #220
- Updated
Azure.AKS.Version
to 1.15.5. #217
- Added new rule to check automation accounts use encrypted variables. #211
- Added new rule to check automation account webhook expiry interval. #212
What's changed since v0.6.0:
- New rules:
- Updated rules:
- Azure Kubernetes Service:
- Updated
Azure.AKS.Version
to check for node pool version. #191
- Updated
- Azure Kubernetes Service:
- General improvements:
- Added custom bindings for common resource properties. #202
- Added new baseline to include rules for preview features. #190
- Breaking change: Shorten rule names to improve output display. #119
- RBAC rules have been renamed from
Azure.Subscription.*
toAzure.RBAC.*
. - Security Center rules have been renamed from
Azure.Subscription.*
toAzure.SecureCenter.*
.
- RBAC rules have been renamed from
- Breaking change: Renamed default baseline from
Azure.SubscriptionDefault
toAzure.Default
. #190
- Bug fixes:
What's changed since pre-release v0.7.0-B1912024:
- No additional changes.
- Fixed handling of tags for sub-resources. #203
- Added custom bindings for common resource properties. #202
- Fixed missing cmdlet help. #196
- Fixed AKS templates without node pool orchestratorVersion fail. #198
- Fixed null reference without parameters file. #189
- Added new rule to check presence of classic Co-Administrators. #188
- Added new rule to check AKS node pool version matches cluster version. #186
- Added new rule to check AKS clusters use pod security policies. #142
- Added new rule to check AKS clusters use network policies. #143
- Added new rule to check AKS node pools use scale sets. #187
- Added new baseline to include rules for preview features. #190
- Updated
Azure.AKS.Version
to check for node pool version. #191 - Breaking change: RBAC rules have been renamed from
Azure.Subscription.*
toAzure.RBAC.*
. #119 - Breaking change: Security Center rules have been renamed from
Azure.Subscription.*
toAzure.SecureCenter.*
. #119 - Breaking change: Renamed default baseline from
Azure.SubscriptionDefault
toAzure.Default
. #190
What's changed since v0.5.0:
- New features:
- Added support for exporting rule data from templates. #145
- Added
Export-AzTemplateRuleData
cmdlet to export templates. See cmdlet help for limitations. - Template and parameters are merged, resolving functions, copy loops and conditions.
- Added
- Added support for exporting rule data from templates. #145
- Updated rules:
- Azure Kubernetes Services:
- Updated
Azure.AKS.Version
to 1.14.8. #140
- Updated
- Azure Kubernetes Services:
- General improvements:
- Updated rules to use type pre-conditions. #144
- Bug fixes:
- Fixed processing of
Azure.Resource.UseTags
to exclude*/providers/roleAssignments
. #155- Provider role assignments do not support tags.
- Fixed processing of
Azure.Resource.AllowedRegions
. #156- Exclude
*/providers/roleAssignments
,Microsoft.Authorization/*
andMicrosoft.Consumption/*
.
- Exclude
- Fixed processing of
Azure.VirtualNetwork.NSGAssociated
for templates. #150 - Fixed processing of
Azure.VirtualNetwork.LateralTraversal
whendestinationPortRanges
is used. #149
- Fixed processing of
What's changed since pre-release v0.6.0-B1911046:
- No additional changes.
- Improved template support of
Export-AzTemplateRuleData
cmdlet. #145- Added support for
deployment
function. - Fixed property copy loop.
- Added support for
- Fixed
Export-AzTemplateRuleData
does not return FileInfo objects. #162 - Fixed automatically name outputs from
Export-AzTemplateRuleData
. #163 - Fixed resource segmentation issue when ResourceType includes trailing slash. #165
- Fixed expand resource template property as null fails. #167
- Fixed case-sensitivity of variables, parameters and functions. #168
- Fixed out of order parameter and variables cross reference. #170
- Fixed expression parser race condition. #171
- Fixed handling of padding spaces in expressions. #173
- Fixed property of property is parsed incorrectly. #174
- Fixed root variable copy loop handling. #175
- Fixed processing of
Azure.Resource.UseTags
to exclude*/providers/roleAssignments
. #155- Provider role assignments do not support tags.
- Fixed processing of
Azure.Resource.AllowedRegions
. #156- Exclude
*/providers/roleAssignments
,Microsoft.Authorization/*
andMicrosoft.Consumption/*
.
- Exclude
- Fixed processing of
Azure.VirtualNetwork.NSGAssociated
for templates. #150 - Fixed processing of
Azure.VirtualNetwork.LateralTraversal
whendestinationPortRanges
is used. #149 - Improved template support of
Export-AzTemplateRuleData
cmdlet. #145- Added support for nested templates.
- Added support for
array
,createArray
,coalesce
,intersection
,dataUri
anddataUriToString
functions.
- Updated
Azure.AKS.Version
to 1.14.8. #140 - Updated rules to use type pre-conditions. #144
- Experimental: Added support for exporting rule data from templates. #145
- Added
Export-AzTemplateRuleData
cmdlet to export templates. See cmdlet help for limitations. - Template and parameters are merged, resolving functions, copy loops and conditions.
- Added
What's changed since v0.4.0:
- New rules:
- Updated rules:
- Azure Kubernetes Services:
- Updated
Azure.AKS.Version
to 1.14.6. #130
- Updated
- Azure Kubernetes Services:
- General improvements:
- Shorten rule names for virtual machined to
Azure.VM.*
to improve output display. #119- Breaking change: Rules have been renamed from
Azure.VirtualMachine.*
toAzure.VM.*
.
- Breaking change: Rules have been renamed from
- Shorten rule names for virtual machined to
What's changed since pre-release v0.5.0-B1910004:
- No additional changes.
- Added rule to verify Windows automatic updates are enabled. #132
- Added rule to verify VM agent is automatically provisioned. #131
- Updated
Azure.AKS.Version
to 1.14.6. #130 - Breaking change: Renamed
Azure.VirtualMachine.*
rules toAzure.VM.*
. #119
What's changed since v0.3.0:
- New rules:
- General improvements:
What's changed since pre-release v0.4.0-B190902:
- Added default baseline to module. #126
- Added rule to verify connectivity of VNET peers. #120
- Added rule to check configuration of HTTP/ HTTPS load balancer probes. #121
- Added rule to verify Azure Disk Encryption. #122
- Added rule to check if public key is used for Linux. #123
- Removed dependency on Az.Storage module. #105
What's changed since v0.2.0:
- New rules:
- App Services:
- Enforce minimum TLS version for App Service. #99
- Resource clean up:
- Role assignment:
- Added subscription RBAC delegation rules. #107
- Check for number of subscription owners.
- Check for RBAC inheritance from management groups.
- Check for user RBAC assignments.
- Check for RBAC delegation on individual resources.
- Added subscription RBAC delegation rules. #107
- Virtual machines:
- Virtual networking:
- App Services:
- Updated rules:
- Bug fixes:
What's changed since pre-release v0.3.0-B190807:
- Fix export of additional properties for
Microsoft.Sql/servers
. #114
- Updated
Azure.AKS.Version
to 1.14.5. #109 - Added subscription RBAC delegation rules. #107
- Check for number of subscription owners.
- Check for RBAC inheritance from management groups.
- Check for user RBAC assignments.
- Check for RBAC delegation on individual resources.
- Excluded global services from Azure.Resource.AllowedRegions. #96
- Enforce minimum TLS version for App Service. #99
- Updated App Service site rules to include slots. #100
Azure.AppService.ARRAffinity
andAzure.AppService.UseHTTPS
now run against slots.
- Added rule to detect deny all inbound NSG rule. #94
- Added unused resource rules.
- Added NSG rule to check for lateral traversal security rules. #103
- Fix handling of empty DNS servers in
Azure.VirtualNetwork.LocalDNS
. #84 - Fix handling of no peering connections in
Azure.VirtualNetwork.LocalDNS
. #89 - Updated AKS version in
Azure.AKS.Version
to 1.13.7. #83 - Added VM SKU rules:
What's changed since v0.1.0:
- Fix rule
Azure.AKS.UseRBAC
returns null. #60 - Fix rule
Azure.Storage.SoftDelete
andAzure.Storage.SecureTransferRequired
returns null. #64 - Fix collection of ASR vault configuration for cmdlet deprecation. #63
- Updated rules to use
Recommend
keyword instead ofHint
alias. #71 - Added SQL firewall rule range check to determine an excessive number of permitted IP addresses. #3 #10 #54
- The rules
Azure.SQL.FirewallIPRange
,Azure.MySQL.FirewallIPRange
andAzure.PostgreSQL.FirewallIPRange
were added to check SQL, MySQL and PostgreSQL.
- The rules
- Added parameters to filter resource export by resource group and/ or tag. #59
- Added
-ResourceGroupName
and-Tag
parameters toExport-AzRuleData
cmdlet.
- Added
- Added support for Application Gateway v2. #75
- Added VNET rule to check for local DNS. #68
- Added WAF hardening rules for Application Gateway. #78
- Application Gateways use OWASP 3.x rules.
- Application Gateways have WAF enabled.
- Application Gateways have all OWASP rules enabled.
What's changed since pre-release v0.2.0-B190715:
- No additional changes.
- Added support for Application Gateway v2. #75
- Added VNET rule to check for local DNS. #68
- Added WAF hardening rules for Application Gateway. #78
- Application Gateways use OWASP 3.x rules.
- Application Gateways have WAF enabled.
- Application Gateways have all OWASP rules enabled.
- Fix rule
Azure.AKS.UseRBAC
returns null. #60 - Fix rule
Azure.Storage.SoftDelete
andAzure.Storage.SecureTransferRequired
returns null. #64 - Fix collection of ASR vault configuration for cmdlet deprecation. #63
- Added SQL firewall rule range check to determine an excessive number of permitted IP addresses. #3 #10 #54
- The rules
Azure.SQL.FirewallIPRange
,Azure.MySQL.FirewallIPRange
andAzure.PostgreSQL.FirewallIPRange
were added to check SQL, MySQL and PostgreSQL.
- The rules
- Updated rules to use
Recommend
keyword instead ofHint
alias. #71 - Added parameters to filter resource export by resource group and/ or tag. #59
- Added
-ResourceGroupName
and-Tag
parameters toExport-AzRuleData
cmdlet.
- Added
- Initial release.
What's changed since pre-release v0.1.0-B190624:
- No additional changes.
- Added rule to check if allow access to Azure services enabled for MySQL. #4
- Added rule to count the number of database server firewall rules for MySQL. #2
- Added rule to check if allow access to Azure services enabled for PostgreSQL. #50
- Added rule to count the number of database server firewall rules for PostgreSQL. #51
- Added rule to check if SSL is enforced for PostgreSQL. #49
- Added rule documentation. #40
- Fix exported resource data overwritten. #34
- Add units tests for
Export-AzRuleData
and update filters. #28 Export-AzRuleData
returns files generated by default. #27Export-AzRuleData
passes through objects resource objects to the pipeline. #25- Breaking change -
Export-AzRuleData
only exports data from current subscription context by default. #24- Data can be exported from all subscription contexts by using the
-All
switch, or specifying specific subscriptions with the-Subscription
or-Tenant
parameters.
- Data can be exported from all subscription contexts by using the
- Fix cannot find the type for custom attribute error. #21
- Initial pre-release.