Merge branch 'main' into 20241003---ExR-Direct-FastPath

azure-resources/ContainerService/managedClusters/kql/0611251f-e70f-4243-8ddd-cfe894bec2e7.kql

@@ -1,7 +1,6 @@
 // Azure Resource Graph Query
-// Returns all AKS clusters not running on the Standard tier
+// Returns all AKS clusters not running on the Standard tier or the Premium tier.
 resources
-| where type == "microsoft.containerservice/managedclusters"
-| where sku.tier != "Standard"
-| project recommendationId="0611251f-e70f-4243-8ddd-cfe894bec2e7", id, name, tags, param1=strcat("skuName: ", sku.name), param2=strcat("skuTier: ", sku.tier)
-
+| where type =~ "Microsoft.ContainerService/managedClusters"
+| where sku.tier !in~ ("Standard", "Premium")
+| project recommendationId = "0611251f-e70f-4243-8ddd-cfe894bec2e7", id, name, tags, param1 = strcat("skuName: ", sku.name), param2 = strcat("skuTier: ", sku.tier)

azure-resources/ContainerService/managedClusters/recommendations.yaml

@@ -206,15 +206,15 @@
     - name: Azure Container Instances
       url: "https://learn.microsoft.com/azure/container-instances/container-instances-overview"
 
-- description: Update AKS tier to Standard
+- description: Update AKS tier to Standard or Premium
   aprlGuid: 0611251f-e70f-4243-8ddd-cfe894bec2e7
   recommendationTypeId: null
   recommendationControl: High Availability
   recommendationImpact: High
   recommendationResourceType: Microsoft.ContainerService/managedClusters
   recommendationMetadataState: Active
   longDescription: |
-    Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features.
+    Production AKS clusters require the Standard or Premium tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. Use the Premium tier for mission-critical workloads.
   potentialBenefits: SLA guarantee and better scalability
   pgVerified: true
   publishedToLearn: false

azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql

@@ -0,0 +1,11 @@
+// Azure Resource Graph Query
+// Provides a list of Service Bus Namespace resources that have the lower minimum TLS version.
+resources
+| where type =~ "Microsoft.ServiceBus/namespaces"
+| where properties.minimumTlsVersion in ("1.0", "1.1")
+| project
+    recommendationId = "f075a1bd-de9e-4819-9a1d-1ac41037a74f",
+    name,
+    id,
+    tags,
+    param1 = strcat("minimumTlsVersion: ", properties.minimumTlsVersion)

azure-resources/ServiceBus/namespaces/recommendations.yaml

@@ -37,3 +37,23 @@
   learnMoreLink:
     - name: Service Bus auto-scaling
       url: "https://learn.microsoft.com/azure/service-bus-messaging/automate-update-messaging-units"
+
+- description: Configure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higher
+  aprlGuid: f075a1bd-de9e-4819-9a1d-1ac41037a74f
+  recommendationTypeId: null
+  recommendationControl: Service Upgrade and Retirement
+  recommendationImpact: High
+  recommendationResourceType: Microsoft.ServiceBus/namespaces
+  recommendationMetadataState: Active
+  longDescription: |
+    As of 31 October 2024, TLS 1.0 and TLS 1.1 will no longer be supported on Azure including Service Bus to enhance security and provide best-in-class encryption for your data. Change the minimum TLS version for your Service Bus namespace to TLS v1.2 or higher.
+  potentialBenefits: Avoids service disruption
+  pgVerified: false
+  publishedToLearn: false
+  automationAvailable: true
+  tags: null
+  learnMoreLink:
+    - name: Azure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024
+      url: "https://azure.microsoft.com/updates/azure-support-tls-will-end-by-31-october-2024-2/"
+    - name: Configure the minimum TLS version for a Service Bus namespace
+      url: "https://learn.microsoft.com/azure/service-bus-messaging/transport-layer-security-configure-minimum-version"

docs/content/contributing/create-content/create-recommendations/_index.md

@@ -72,7 +72,7 @@ The YAML structure for adding new recommendations consists of several key-value
 | recommendationTypeId | 3464854d-6f75-4922-95e4-a2a308b53ce6 | String | `null` until updated by the Azure Advisor team | The unique identifier for the recommendation in the context of Advisor. |
 | recommendationControl | Monitoring and Alerting | String | [High Availability, Business Continuity, Disaster Recovery, Scalability, Monitoring and Alerting, Service Upgrade and Retirement, Other Best Practices, Personalized, Governance, Security](#recommendation-categories) | Resiliency category associated with the recommendation |
 | recommendationImpact | Medium | String | Low, Medium, High | Importance of adopting the recommendation and/or the risk of choosing not to adopt |
-| recommendationResourceType | Storage Account | String | Align with the resource type | Friendly name to identity resource type |
+| recommendationResourceType | Microsoft.Storage/storageAccounts | String | Align with the resource type | Friendly name to identity resource type |
 | recommendationMetadataState | Active | String | Active, Disabled | Indicates whether the recommendation is visible |
 | longDescription | To enable Cross-region disaster recovery and business continuity, ensure that the appropriate quotas are set for all user subscription Batch accounts. | String | The length should be less than 300 characters | Detailed description of the recommendation and its implications |
 | potentialBenefits | Enhanced data redundancy and boosts availability | String | The length should be less than 60 characters | The potential benefits of implementing the recommendation |