Launch Week 11 announcements & demos →
← Changelog

Azure Compliance mod v2.1.0 - Added new Databricks, Key vault, Network and Storage Account controls to the All Azure Compliance Controls benchmark

Aug 11, 2025powerpipe

Dependencies

  • Azure plugin v1.6.0 or higher is now required.

Enhancements

  • Added the following controls to All Azure Compliance Controls: (#328)
    • databricks_workspace_diagnostic_log_delivery_configured
    • databricks_workspace_subnet_with_nsg_configured
    • keyvault_key_automatic_rotation_enabled
    • network_security_group_https_port_80_443_access_restricted
    • storage_account_blob_and_container_soft_delete_enabled
    • storage_account_file_share_smb_channel_encryption_aes_256_gcm
    • storage_account_file_share_smb_protocol_version_3_1_1
  • Added new automated query implementations for the following CIS controls: (#328)
    • cis_v400_10_1_2
    • cis_v400_10_1_3
    • cis_v400_3_1_7
    • cis_v400_6_2_1
    • cis_v400_7_1_1_7
    • cis_v400_9_3_9
  • Updated all top-level benchmark titles to include Azure for clearer cloud provider identification. (#334)

Bug fixes

  • Fixed several CIS controls to use the correct Azure service tags. (#328)