Introducing PSPM: Preventive Security Posture Management →

Changelog

Subscribe to Guardrails changelog via RSS or join #changelog on our Slack community to stay updated on everything we ship.

Guardrails changelog

What's new?

Added 7 new prevention examples covering Azure Defender, soft delete, NSG requirements, customer-managed keys, and location restrictions. Removed 16 deprecated prevention objectives and examples related to activity log alerts, Defender notifications, key rotation, resource logging, and soft delete.

Prevention Objectives

Removed

Enforce activity log alert for Azure NSG changes
Enforce activity log alert for Azure NSG deletion
Enforce activity log alert for Azure Policy assignment creation
Enforce activity log alert for Azure Policy assignment deletion
Enforce activity log alert for Azure SQL firewall rule changes
Enforce activity log alert for Azure SQL firewall rule deletion
Enforce activity log alert for Azure Service Health
Enforce activity log alert for Azure public IP changes
Enforce activity log alert for Azure public IP deletion
Enforce activity log alert for Azure security solution changes
Enforce activity log alert for Azure security solution deletion
Enforce alert severity notifications for Azure Defender
Enforce automatic key rotation for Azure Key Vault
Enforce resource logging for Azure services
Enforce security alert notifications for Azure subscription owners
Require security contact email for Azure Defender

Prevention Examples

Enforce Defender for Azure APIs
Enforce soft delete for Azure Storage blobs
Enforce soft delete for Azure Storage containers
Require NSG for Azure Network subnets
Require customer-managed keys for Azure Databricks DBFS root
Require customer-managed keys for Azure Databricks managed services
Restrict Azure resources to allowed locations

Removed

Enforce activity log alert for Azure NSG changes
Enforce activity log alert for Azure NSG deletion
Enforce activity log alert for Azure SQL firewall rule changes
Enforce activity log alert for Azure SQL firewall rule deletion
Enforce activity log alert for Azure Service Health
Enforce activity log alert for Azure policy assignment creation
Enforce activity log alert for Azure policy assignment deletion
Enforce activity log alert for Azure public IP changes
Enforce activity log alert for Azure public IP deletion
Enforce activity log alert for Azure security solution changes
Enforce activity log alert for Azure security solution deletion
Enforce alert severity notifications for Azure Defender
Enforce automatic key rotation for Azure Key Vault
Enforce resource logging for Azure services
Enforce security alert notifications for Azure subscription owners
Enforce soft delete for Azure Storage blobs
Enforce soft delete for Azure Storage containers
Require customer-managed keys for Azure Databricks DBFS root
Require customer-managed keys for Azure Databricks managed services
Require security contact email for Azure Defender