Hi,

In this article, I would like to share with you, how you can use built-in Azure Policies for enabling:

Advanced Data Security (AKS):

• Advanced data security should be enabled on Azure SQL Database servers
• Advanced data security should be enabled on SQL servers on machines

Threat Protection:

• Advanced threat protection should be enabled on Storage accounts
• Advanced threat protection should be enabled on Azure Key Vault vaults
• Advanced threat protection should be enabled on App Service plans
• Advanced threat protection should be enabled on Azure Container Registry registries
• Advanced threat protection should be enabled on Azure Kubernetes Service clusters
• Advanced threat protection should be enabled on Virtual Machines

Example with Threat Protection should be enabled on Azure AKS

Click on: Advanced threat protection should be enabled on Azure Kubernetes Service clusters

• Define your scope, in this example my subscription Visual Studio Enterprise

• Policy enforcement should be defined with the value: Enabled

Effect: AuditifNotExists

Remediation, in this example we don’t have a Managed Identity.

Click on: Create

Maxime.