Introducing PSPM: Preventive Security Posture Management →
← Changelog

azure-prevention v5.1.0 - Added prevention examples and removed deprecated objectives

Mar 30, 2026GuardrailsMods

What's new?

  • Added 7 new prevention examples covering Azure Defender, soft delete, NSG requirements, customer-managed keys, and location restrictions. Removed 16 deprecated prevention objectives and examples related to activity log alerts, Defender notifications, key rotation, resource logging, and soft delete.

Prevention Objectives

Removed

  • Enforce activity log alert for Azure NSG changes
  • Enforce activity log alert for Azure NSG deletion
  • Enforce activity log alert for Azure Policy assignment creation
  • Enforce activity log alert for Azure Policy assignment deletion
  • Enforce activity log alert for Azure SQL firewall rule changes
  • Enforce activity log alert for Azure SQL firewall rule deletion
  • Enforce activity log alert for Azure Service Health
  • Enforce activity log alert for Azure public IP changes
  • Enforce activity log alert for Azure public IP deletion
  • Enforce activity log alert for Azure security solution changes
  • Enforce activity log alert for Azure security solution deletion
  • Enforce alert severity notifications for Azure Defender
  • Enforce automatic key rotation for Azure Key Vault
  • Enforce resource logging for Azure services
  • Enforce security alert notifications for Azure subscription owners
  • Require security contact email for Azure Defender

Prevention Examples

  • Enforce Defender for Azure APIs
  • Enforce soft delete for Azure Storage blobs
  • Enforce soft delete for Azure Storage containers
  • Require NSG for Azure Network subnets
  • Require customer-managed keys for Azure Databricks DBFS root
  • Require customer-managed keys for Azure Databricks managed services
  • Restrict Azure resources to allowed locations

Removed

  • Enforce activity log alert for Azure NSG changes
  • Enforce activity log alert for Azure NSG deletion
  • Enforce activity log alert for Azure SQL firewall rule changes
  • Enforce activity log alert for Azure SQL firewall rule deletion
  • Enforce activity log alert for Azure Service Health
  • Enforce activity log alert for Azure policy assignment creation
  • Enforce activity log alert for Azure policy assignment deletion
  • Enforce activity log alert for Azure public IP changes
  • Enforce activity log alert for Azure public IP deletion
  • Enforce activity log alert for Azure security solution changes
  • Enforce activity log alert for Azure security solution deletion
  • Enforce alert severity notifications for Azure Defender
  • Enforce automatic key rotation for Azure Key Vault
  • Enforce resource logging for Azure services
  • Enforce security alert notifications for Azure subscription owners
  • Enforce soft delete for Azure Storage blobs
  • Enforce soft delete for Azure Storage containers
  • Require customer-managed keys for Azure Databricks DBFS root
  • Require customer-managed keys for Azure Databricks managed services
  • Require security contact email for Azure Defender