module/ConfigurationProvider/ControlConfigurations/Services/ClassicStorage.json
|
{
"FeatureName": "ClassicStorage", "Reference": "aka.ms/azsktcp/classicstorage", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_ClassicStorage_SI_Migrate_to_ARM_MCSB", "Description": "[MCSB] Storage accounts should be migrated to new Azure Resource Manager resources", "Id": "ClassicStorage100", "ControlSeverity": "High", "Automated": "Yes", "ControlScanSource": "MDC", "DisplayName": "[MCSB] Storage accounts should be migrated to new Azure Resource Manager resources", "Category": "Migrate from Classic to ARM model", "ControlRequirements": "Secure management and deployment models must be used", "Rationale": "Azure Resource Manager for storage accounts provide security enhancements such as: stronger access control (RBAC), better auditing, Azure Resource Manager based deployment and governance, access to managed identities, access to key vault for secrets, Azure AD-based authentication and support for tags and resource groups for easier security management.", "Recommendation": "To migrate storage account to new ARM resource, go to Azure Portal --> Your storage account --> Click on Migrate to ARM, under settings section and follow the instructions. Refer: https://learn.microsoft.com/en-us/azure/virtual-machines/migration-classic-resource-manager-overview#migration-of-storage-accounts", "Tags": [ "SDL", "Automated", "Baseline", "SI" ], "AssessmentProperties": { "AssessmentNames": [ "47bb383c-8e25-95f0-c2aa-437add1d87d3" ], "AssessmentStatusMappings": [ { "AssessmentStatusCode": "NotApplicable", "EffectiveVerificationResult": "Failed", "AssessmentStatusCausePatterns": "(.)*OffByPolicy|Exempt(.)*", "AppendMessageToStatusReason": "Disabling or exempting the policy from getting evaluated is not recommended. The Control will be marked as Failed." } ] }, "Enabled": false, "CustomTags": [ "Daily", "MCSB" ] } ] } |