AzTS

1.0.2

module/ConfigurationProvider/ControlConfigurations/Services/TrafficManager.json

                                {

    "FeatureName": "TrafficManager",

    "Reference": "aka.ms/azsktcp/trafficmanager",

    "IsMaintenanceMode": false,

    "Controls": [

        {

            "ControlID": "Azure_TrafficManager_AuthZ_Grant_Min_RBAC_Access",

            "Description": "All Users/Identities must be granted minimum required permissions using Role Based Access Control (RBAC)",

            "Id": "TrafficManager110",

            "ControlSeverity": "Medium",

            "Automated": "Yes",

            "MethodName": "CheckRBACAccess",

            "Rationale": "Granting minimum access by leveraging RBAC feature ensures that users are granted just enough permissions to perform their tasks. This minimizes exposure of the resources in case of user/service account compromise.",

            "Recommendation": "Clean up any unauthorized users on the Traffic Manager Profile. Run command Remove-AzRoleAssignment -SignInName '{signInName}' -Scope '{scope}}' -RoleDefinitionName {role definition name}'. Run 'Get-Help Remove-AzRoleAssignment -full' to get the complete details about this command.",

            "Tags": [

                "SDL",

                "TCP",

                "Automated",

                "AuthZ",

                "RBAC",

                "TrafficManager"

            ],

            "Enabled": false,

            "CustomTags": []

        },

        {

            "ControlID": "Azure_TrafficManager_DP_Enable_HTTPS",

            "Description": "Traffic Manager profile should use HTTPS protocol for endpoint monitoring",

            "Id": "TrafficManager120",

            "ControlSeverity": "Medium",

            "Automated": "Yes",

            "MethodName": "CheckTrafficManagerEndpointMonitorProtocol",

            "DisplayName": "Traffic Manager profile should use HTTPS protocol for endpoint monitoring",

            "Category": "Encrypt data in transit",

            "ControlRequirements": "Data must be encrypted in transit and at rest",

            "Rationale": "Use of HTTPS ensures server/service authentication and protects data in transit from network layer man-in-the-middle, eavesdropping, session-hijacking attacks.",

            "Recommendation": "To enable HTTPS protocol for endpoint monitoring, go to Azure Portal --> your Traffic Manager Profile --> Configuration --> Select HTTPS --> Save.",

            "Tags": [

                "SDL",

                "Best Practice",

                "Automated",

                "DP",

                "TrafficManager",

                "Baseline",

                "Weekly",

                "CSEOPilotSub"

            ],

            "Enabled": true,

            "CustomTags": [

                "CSEOPilot",

                "CSEOBaseline"

            ]

        }

    ]

}