diff --git a/azure-resources/ContainerService/managedClusters/kql/0611251f-e70f-4243-8ddd-cfe894bec2e7.kql b/azure-resources/ContainerService/managedClusters/kql/0611251f-e70f-4243-8ddd-cfe894bec2e7.kql index 05e2ed78..a8f51821 100644 --- a/azure-resources/ContainerService/managedClusters/kql/0611251f-e70f-4243-8ddd-cfe894bec2e7.kql +++ b/azure-resources/ContainerService/managedClusters/kql/0611251f-e70f-4243-8ddd-cfe894bec2e7.kql @@ -1,7 +1,6 @@ // Azure Resource Graph Query -// Returns all AKS clusters not running on the Standard tier +// Returns all AKS clusters not running on the Standard tier or the Premium tier. resources -| where type == "microsoft.containerservice/managedclusters" -| where sku.tier != "Standard" -| project recommendationId="0611251f-e70f-4243-8ddd-cfe894bec2e7", id, name, tags, param1=strcat("skuName: ", sku.name), param2=strcat("skuTier: ", sku.tier) - +| where type =~ "Microsoft.ContainerService/managedClusters" +| where sku.tier !in~ ("Standard", "Premium") +| project recommendationId = "0611251f-e70f-4243-8ddd-cfe894bec2e7", id, name, tags, param1 = strcat("skuName: ", sku.name), param2 = strcat("skuTier: ", sku.tier) diff --git a/azure-resources/ContainerService/managedClusters/recommendations.yaml b/azure-resources/ContainerService/managedClusters/recommendations.yaml index 37ae3f70..1bf1e40f 100644 --- a/azure-resources/ContainerService/managedClusters/recommendations.yaml +++ b/azure-resources/ContainerService/managedClusters/recommendations.yaml @@ -206,7 +206,7 @@ - name: Azure Container Instances url: "https://learn.microsoft.com/azure/container-instances/container-instances-overview" -- description: Update AKS tier to Standard +- description: Update AKS tier to Standard or Premium aprlGuid: 0611251f-e70f-4243-8ddd-cfe894bec2e7 recommendationTypeId: null recommendationControl: High Availability @@ -214,7 +214,7 @@ recommendationResourceType: Microsoft.ContainerService/managedClusters recommendationMetadataState: Active longDescription: | - Production AKS clusters require the Standard tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. + Production AKS clusters require the Standard or Premium tier for a financially backed SLA and enhanced node scalability, as the free service lacks these features. Use the Premium tier for mission-critical workloads. potentialBenefits: SLA guarantee and better scalability pgVerified: true publishedToLearn: false diff --git a/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql b/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql new file mode 100644 index 00000000..6c18e8f1 --- /dev/null +++ b/azure-resources/ServiceBus/namespaces/kql/f075a1bd-de9e-4819-9a1d-1ac41037a74f.kql @@ -0,0 +1,11 @@ +// Azure Resource Graph Query +// Provides a list of Service Bus Namespace resources that have the lower minimum TLS version. +resources +| where type =~ "Microsoft.ServiceBus/namespaces" +| where properties.minimumTlsVersion in ("1.0", "1.1") +| project + recommendationId = "f075a1bd-de9e-4819-9a1d-1ac41037a74f", + name, + id, + tags, + param1 = strcat("minimumTlsVersion: ", properties.minimumTlsVersion) diff --git a/azure-resources/ServiceBus/namespaces/recommendations.yaml b/azure-resources/ServiceBus/namespaces/recommendations.yaml index 31f38e06..13e886ad 100644 --- a/azure-resources/ServiceBus/namespaces/recommendations.yaml +++ b/azure-resources/ServiceBus/namespaces/recommendations.yaml @@ -37,3 +37,23 @@ learnMoreLink: - name: Service Bus auto-scaling url: "https://learn.microsoft.com/azure/service-bus-messaging/automate-update-messaging-units" + +- description: Configure the minimum TLS version for Service Bus namespaces to TLS v1.2 or higher + aprlGuid: f075a1bd-de9e-4819-9a1d-1ac41037a74f + recommendationTypeId: null + recommendationControl: Service Upgrade and Retirement + recommendationImpact: High + recommendationResourceType: Microsoft.ServiceBus/namespaces + recommendationMetadataState: Active + longDescription: | + As of 31 October 2024, TLS 1.0 and TLS 1.1 will no longer be supported on Azure including Service Bus to enhance security and provide best-in-class encryption for your data. Change the minimum TLS version for your Service Bus namespace to TLS v1.2 or higher. + potentialBenefits: Avoids service disruption + pgVerified: false + publishedToLearn: false + automationAvailable: true + tags: null + learnMoreLink: + - name: Azure support for TLS 1.0 and TLS 1.1 will end by 31 October 2024 + url: "https://azure.microsoft.com/updates/azure-support-tls-will-end-by-31-october-2024-2/" + - name: Configure the minimum TLS version for a Service Bus namespace + url: "https://learn.microsoft.com/azure/service-bus-messaging/transport-layer-security-configure-minimum-version" diff --git a/docs/content/contributing/create-content/create-recommendations/_index.md b/docs/content/contributing/create-content/create-recommendations/_index.md index 3e382d92..29593123 100644 --- a/docs/content/contributing/create-content/create-recommendations/_index.md +++ b/docs/content/contributing/create-content/create-recommendations/_index.md @@ -72,7 +72,7 @@ The YAML structure for adding new recommendations consists of several key-value | recommendationTypeId | 3464854d-6f75-4922-95e4-a2a308b53ce6 | String | `null` until updated by the Azure Advisor team | The unique identifier for the recommendation in the context of Advisor. | | recommendationControl | Monitoring and Alerting | String | [High Availability, Business Continuity, Disaster Recovery, Scalability, Monitoring and Alerting, Service Upgrade and Retirement, Other Best Practices, Personalized, Governance, Security](#recommendation-categories) | Resiliency category associated with the recommendation | | recommendationImpact | Medium | String | Low, Medium, High | Importance of adopting the recommendation and/or the risk of choosing not to adopt | -| recommendationResourceType | Storage Account | String | Align with the resource type | Friendly name to identity resource type | +| recommendationResourceType | Microsoft.Storage/storageAccounts | String | Align with the resource type | Friendly name to identity resource type | | recommendationMetadataState | Active | String | Active, Disabled | Indicates whether the recommendation is visible | | longDescription | To enable Cross-region disaster recovery and business continuity, ensure that the appropriate quotas are set for all user subscription Batch accounts. | String | The length should be less than 300 characters | Detailed description of the recommendation and its implications | | potentialBenefits | Enhanced data redundancy and boosts availability | String | The length should be less than 60 characters | The potential benefits of implementing the recommendation |