Hi,
In this article, I would like to share with you, how you can use built-in Azure Policies for enabling:
Advanced Data Security (AKS):
- Advanced data security should be enabled on Azure SQL Database servers
- Advanced data security should be enabled on SQL servers on machines
Threat Protection:
- Advanced threat protection should be enabled on Storage accounts
- Advanced threat protection should be enabled on Azure Key Vault vaults
- Advanced threat protection should be enabled on App Service plans
- Advanced threat protection should be enabled on Azure Container Registry registries
- Advanced threat protection should be enabled on Azure Kubernetes Service clusters
- Advanced threat protection should be enabled on Virtual Machines
Example with Threat Protection should be enabled on Azure AKS
Click on: Advanced threat protection should be enabled on Azure Kubernetes Service clusters
- Define your scope, in this example my subscription Visual Studio Enterprise
- Policy enforcement should be defined with the value: Enabled
![](https://zigmax.net/wp-content/uploads/2020/07/Screen-Shot-2020-07-02-at-11.25.17-PM-1024x913.png)
Effect: AuditifNotExists
![](https://zigmax.net/wp-content/uploads/2020/07/Screen-Shot-2020-07-02-at-11.10.33-PM-1024x331.png)
Remediation, in this example we don’t have a Managed Identity.
![](https://zigmax.net/wp-content/uploads/2020/07/Screen-Shot-2020-07-02-at-11.10.42-PM-1-1024x667.png)
Click on: Create
![](https://zigmax.net/wp-content/uploads/2020/07/Screen-Shot-2020-07-02-at-11.10.48-PM-1-1024x715.png)
Maxime.