Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security Review - Coggle Diagram
Security Review
AzureAD
RBAC
Identity Protection
MFA
Conditional Access
NSGs
Default Deny Rules
Subnet Application
Every subnet should have an nsg with default deny
Scope of Rules
StorageAccounts
Secure Access Only
Firewall Config
DataProtection
Checkpoint
Rules
Management Server Location
Security Controls
IPS
MFA
VNets
ServiceEndpoints
Vnet-Peering
Public IPs
Attached to?
Exists in which subscriptions?
Bastion
RBAC
Remove inheritance & create explicit group
Every bastion subnet should have NSGs
The NSGs should have a deny rule
SQLPaaS
Public IP Access Enabled?
Allowed client IPs?
RouteTables
Ensure Security Controls not bypassed
Applied subnets
Private Endpoints
Attached to?
RecoveryVaults
KeyVaults
DataFactory
Dome 9 Assessment
Azure Security Centre
Subscriptions
Legacy Application Permissions
Azure Policy