feat: Key Vault RBAC recommendation updates (#479)

Co-authored-by: Ed Knox <[email protected]> Co-authored-by: Zach Trocinski <[email protected]> Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>
Azure · Nov 13, 2024 · 9a92b1b · 9a92b1b
1 parent 3ea28ad
commit 9a92b1b
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 13 deletions.
diff --git a/azure-resources/KeyVault/vaults/recommendations.yaml b/azure-resources/KeyVault/vaults/recommendations.yaml
@@ -8,7 +8,7 @@
   longDescription: |
     Key Vault's soft-delete feature enables recovery of deleted vaults and objects like keys, secrets, and certificates. When enabled, marked resources are retained for 90 days, allowing for their recovery, essentially undoing deletion.
   potentialBenefits: Enables recovery of deleted items
-  pgVerified: false
+  pgVerified: true
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -25,7 +25,7 @@
   longDescription: |
     Purge protection secures against malicious deletions by enforcing a retention period for soft deleted key vaults, ensuring no one, not even insiders or Microsoft, can purge your key vaults during this period, preventing permanent data loss.
   potentialBenefits: Protects from insider attacks, avoids data loss
-  pgVerified: false
+  pgVerified: true
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -42,7 +42,7 @@
   longDescription: |
     Azure Private Link Service lets you securely and privately connect to Azure Key Vault via a Private Endpoint in your VNet, using a private IP and eliminating public Internet exposure.
   potentialBenefits: Secure Key Vault with Private Link
-  pgVerified: false
+  pgVerified: true
   automationAvailable: true
   tags: null
   learnMoreLink:
@@ -59,7 +59,7 @@
   longDescription: |
     Key vaults are security boundaries for secret storage. Grouping secrets together increases risk during a security event, as attacks could access multiple secrets.
   potentialBenefits: Enhanced security, Reduced risk
-  pgVerified: false
+  pgVerified: true
   automationAvailable: false
   tags: null
   learnMoreLink:
@@ -76,7 +76,7 @@
   longDescription: |
     Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users.
   potentialBenefits: Enhanced monitoring and security compliance
-  pgVerified: false
+  pgVerified: true
   automationAvailable: false
   tags: null
   learnMoreLink:

diff --git a/tools/data/recommendations.json b/tools/data/recommendations.json
@@ -1639,7 +1639,7 @@
     ],
     "recommendationControl": "Disaster Recovery",
     "longDescription": "Key Vault's soft-delete feature enables recovery of deleted vaults and objects like keys, secrets, and certificates. When enabled, marked resources are retained for 90 days, allowing for their recovery, essentially undoing deletion.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Key vaults should have soft delete enabled",
     "potentialBenefits": "Enables recovery of deleted items",
     "tags": null,
@@ -1660,7 +1660,7 @@
     ],
     "recommendationControl": "Disaster Recovery",
     "longDescription": "Purge protection secures against malicious deletions by enforcing a retention period for soft deleted key vaults, ensuring no one, not even insiders or Microsoft, can purge your key vaults during this period, preventing permanent data loss.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Key vaults should have purge protection enabled",
     "potentialBenefits": "Protects from insider attacks, avoids data loss",
     "tags": null,
@@ -1681,7 +1681,7 @@
     ],
     "recommendationControl": "Security",
     "longDescription": "Azure Private Link Service lets you securely and privately connect to Azure Key Vault via a Private Endpoint in your VNet, using a private IP and eliminating public Internet exposure.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Private endpoint should be configured for Key Vault",
     "potentialBenefits": "Secure Key Vault with Private Link",
     "tags": null,
@@ -1702,7 +1702,7 @@
     ],
     "recommendationControl": "Governance",
     "longDescription": "Key vaults are security boundaries for secret storage. Grouping secrets together increases risk during a security event, as attacks could access multiple secrets.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Use separate key vaults per application per environment",
     "potentialBenefits": "Enhanced security, Reduced risk",
     "tags": null,
@@ -1723,7 +1723,7 @@
     ],
     "recommendationControl": "Monitoring and Alerting",
     "longDescription": "Enable logs, set up alerts, and adhere to retention requirements for improved monitoring and security of Key Vault access, detailing the frequency and identity of users.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Diagnostic logs in Key Vault should be enabled",
     "potentialBenefits": "Enhanced monitoring and security compliance",
     "tags": null,
@@ -5545,7 +5545,7 @@
     ],
     "recommendationControl": "High Availability",
     "longDescription": "Azure Capacity Reservations ensure high availability for virtual machines by reserving compute capacity in advance within a specific region or availability zone. This guarantees that VMs will have the necessary resources during peak demand or maintenance events, enhancing reliability and uptime.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Reserve Compute Capacity for critical workloads",
     "potentialBenefits": "Guaranteed capacity in constrained regions/zones",
     "tags": null,
@@ -5566,12 +5566,12 @@
     ],
     "recommendationControl": "High Availability",
     "longDescription": "If you've installed the Azure Linux Agent or are using an endorsed distribution image, ensure your agent version is up-to-date. Some Linux distributions may disable auto-update or use older agent versions.\n",
-    "pgVerified": false,
+    "pgVerified": true,
     "description": "Update the Azure Linux VM Agent",
     "potentialBenefits": "Reduces complications with VM provisioning",
     "tags": null,
     "recommendationResourceType": "Microsoft.Compute/virtualMachines",
-    "recommendationImpact": "Low",
+    "recommendationImpact": "Medium",
     "automationAvailable": false,
     "query": "// under-development\n"
   },