Framework/Configurations/SVT/Services/TrafficManager.json
{
"FeatureName": "TrafficManager", "Reference": "aka.ms/azsktcp/trafficmanager", "IsMaintenanceMode": false, "Controls": [ { "ControlID": "Azure_TrafficManager_AuthZ_Grant_Min_RBAC_Access", "Description": "All Users/Identities must be granted minimum required permissions using Role Based Access Control (RBAC)", "Id": "TrafficManager110", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckRBACAccess", "Rationale": "Granting minimum access by leveraging RBAC feature ensures that users are granted just enough permissions to perform their tasks. This minimizes exposure of the resources in case of user/service account compromise.", "Recommendation": "Clean up any unauthorized users on the Traffic Manager Profile. Run command Remove-AzureRmRoleAssignment -SignInName '{signInName}' -Scope '{scope}}' -RoleDefinitionName {role definition name}'. Run 'Get-Help Remove-AzureRmRoleAssignment -full' to get the complete details about this command.", "Tags": [ "SDL", "TCP", "Automated", "AuthZ", "RBAC", "TrafficManager" ], "Enabled": true }, { "ControlID": "Azure_TrafficManager_DP_Enable_HTTPS", "Description": "Traffic Manager profile should use HTTPS protocol for endpoint monitoring", "Id": "TrafficManager120", "ControlSeverity": "Medium", "Automated": "Yes", "MethodName": "CheckTrafficManagerEndpointMonitorProtocol", "Rationale": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer man-in-the-middle, eavesdropping, session-hijacking attacks.", "Recommendation": "To enable HTTPS protocol for endpoint monitoring, go to Azure Portal --> your Traffic Manager Profile --> Configuration --> Select HTTPS --> Save.", "Tags": [ "SDL", "Best Practice", "Automated", "DP", "TrafficManager" ], "Enabled": true } ] } |