-
Notifications
You must be signed in to change notification settings - Fork 327
/
Copy pathazure_arc_checklist.en.json
530 lines (530 loc) · 27.5 KB
/
azure_arc_checklist.en.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
{
"items": [
{
"category": "Foundation",
"subcategory": "Capacity Planning",
"waf": "Operations",
"text": "One or more resource groups is required for onboarding servers into Azure",
"description": "Define a resource group structure for placement of Azure Arc-enabled servers resources",
"guid": "585e1112-9bd7-4ba0-82f7-b94ef6e043d2",
"severity": "High"
},
{
"category": "Foundation",
"subcategory": "Capacity Planning",
"waf": "Performance",
"text": "Take Azure Active Directory object limitations into account",
"guid": "aa359271-8e6e-4205-8725-769e46691e88",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#azure-subscription-and-service-limits"
},
{
"category": "Foundation",
"subcategory": "General",
"waf": "Operations",
"text": "Has the Resource providers required been registered in all subscriptions",
"description": "The following resource providers needs to be registered: Microsoft.HybridCompute, Microsoft.GuestConfiguration, Microsoft.HybridConnectivity",
"guid": "deace4bb-1deb-44c6-9fc3-fc14eeaa3692",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#azure-resource-providers"
},
{
"category": "Foundation",
"subcategory": "General",
"waf": "Cost",
"text": "Has a tagging strategy for Azure Arc-enabled servers been defined",
"description": "Aligning with an existing or creating an Azure tagging strategy is recommended. Resource tags allow you to quickly locate it, automate operational tasks amd more. ",
"guid": "c6d37331-65c7-4acb-b44b-be609d79f2e8",
"severity": "Low",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/decision-guides/resource-tagging/"
},
{
"category": "Foundation",
"subcategory": "General",
"waf": "Operations",
"text": "What operating systems need to be Azure Arc-enabled",
"description": "Installation of the connected machine agent is supported on most newer Windows and Linux operative systems, review the link to se the latest list",
"guid": "7778424c-5167-475c-9fa9-5b96ad88408e",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#supported-operating-systems"
},
{
"category": "Foundation",
"subcategory": "General",
"waf": "Operations",
"text": "Are required software installed on Windows and Linux servers to support the installation",
"description": "There are software requirements to the agent installation. Some might require a system reboot after installation, review to link",
"guid": "372734b8-76ba-428f-8145-901365d38e53",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#software-requirements"
},
{
"category": "Foundation",
"subcategory": "General",
"waf": "Reliability",
"text": "Make sure to use a supported Azure region",
"guid": "d44c7c89-19ca-41f6-b521-5ae514ba34d4",
"severity": "High",
"link": "https://azure.microsoft.com/explore/global-infrastructure/products-by-region/?products=azure-arc®ions=all"
},
{
"category": "Foundation",
"subcategory": "Organization",
"waf": "Performance",
"text": "Define the structure for Azure management of resources",
"description": "The scope include organization into management groups, subscriptions, and resource groups.",
"guid": "f9ccbd86-8266-4abc-a264-f9a19bf39d95",
"severity": "Low",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/organize-inventory-servers#organize-resources-with-built-in-azure-hierarchies"
},
{
"category": "Identity",
"subcategory": "Access",
"waf": "Security",
"text": "Assign RBAC rights to Azure AD user/group access for managing Azure Arc-enabled servers",
"description": "Define RBAC rules to the servers / resource groups as required for servers management, the 'Azure Connected Machine Resource Administrator' or 'Hybrid Server Resource Administrator' role would be sufficient for management of the Azure Arc-enabled servers resources in Azure",
"guid": "9bf39d95-d44c-47c8-a19c-a1f6d5215ae5",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#identity-and-access-control"
},
{
"category": "Identity",
"subcategory": "Access",
"waf": "Security",
"text": "Consider using managed identities for applications to access Azure resources like Key Vault example in link",
"guid": "14ba34d4-585e-4111-89bd-7ba012f7b94e",
"severity": "Low",
"link": "https://learn.microsoft.com/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-nonaad"
},
{
"category": "Identity",
"subcategory": "Requirements",
"waf": "Operations",
"text": "An Azure Active Directory tenant must be available with at least one subscription",
"description": "An Azure subscription must be parented to the same Azure AD tenant",
"guid": "35ac9322-23e1-4380-8523-081a94174158",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#azure-subscription-and-service-limits"
},
{
"category": "Identity",
"subcategory": "Requirements",
"waf": "Security",
"text": "Define which users (AAD user/groups) has access to onboard Azure Arc-enabled servers",
"description": "Users (or SPs) need the 'Azure Connected Machine Onboarding' or 'Contributor' role to onboarding of servers",
"guid": "33ee7ad6-c6d3-4733-865c-7acbe44bbe60",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#required-permissions"
},
{
"category": "Identity",
"subcategory": "Security",
"waf": "Security",
"text": "Use the principle of least privileged",
"description": "Ensure to only add the rights to users or groups that is required to perform their role",
"guid": "9d79f2e8-7778-4424-a516-775c6fa95b96",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale"
},
{
"category": "Identity",
"subcategory": "Security",
"waf": "Security",
"text": "How many Service Principals are needed for onboarding Arc-enabled servers into Azure",
"description": "A service principle with the 'Azure Connected Machine Onboarding' role is required for at-scale onboarding of servers, consider more SP's if onboarding is done by different teams/decentralized management",
"guid": "ad88408e-3727-434b-a76b-a28f21459013",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/onboard-service-principal#create-a-service-principal-for-onboarding-at-scale"
},
{
"category": "Identity",
"subcategory": "Security",
"waf": "Security",
"text": "Limit the rights to onboard Azure Arc-enabled servers to the desired resource groups",
"description": "Consider assigning the rights for the 'Azure Connected Machine Onboarding' role at the resource group level, to control the resource creation",
"guid": "65d38e53-f9cc-4bd8-9826-6abca264f9a1",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/prerequisites#required-permissions"
},
{
"category": "Management and Monitoring",
"subcategory": "Management",
"waf": "Operations",
"text": "Define a strategy for agent provisioning",
"description": "Plan for agent deployments at scale",
"guid": "6ee79d6b-5c2a-4364-a4b6-9bad38aad53c",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment"
},
{
"category": "Management and Monitoring",
"subcategory": "Management",
"waf": "Operations",
"text": "Define a strategy for agent updates",
"description": "Use Microsoft Update to ensure that the connected machine agent is always up-to-date",
"guid": "c78e1d76-6673-457c-9496-74c5ed85b859",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-agent#upgrade-the-agent"
},
{
"category": "Management and Monitoring",
"subcategory": "Management",
"waf": "Operations",
"text": "Define a strategy for extension installation",
"description": "Recommendation is to use Azure Policy, or another automation tool like Azure DevOps - important is to avoid configuration drift.",
"guid": "c7733be2-a1a2-47b7-95a9-1be1f388ff39",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-vm-extensions"
},
{
"category": "Management and Monitoring",
"subcategory": "Management",
"waf": "Operations",
"text": "Define a strategy for extension updates",
"description": "Use automatic upgrades where available and define an update strategy for all extensions not supporting automatic upgrades.",
"guid": "4c2bd463-cbbb-4c86-a195-abb91a4ed90d",
"severity": "High",
"graph": "resources | where type =~ 'microsoft.hybridcompute/machines/extensions'| extend compliant = (properties.enableAutomaticUpgrade == 'true') | distinct id, compliant",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-automatic-vm-extension-upgrade?tabs=azure-portal"
},
{
"category": "Management and Monitoring",
"subcategory": "Management",
"waf": "Operations",
"text": "Consider using Azure Machine Configuration to control settings and avoid configuration drift on servers",
"description": "Azure Machine Configuration to help implement Microsoft best-practices for servers management in Azure",
"guid": "7a927c39-74d1-4102-aac6-aae01e6a84de",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/machine-configuration/overview"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Monitor for unresponsive agents",
"guid": "37b6b780-cbaf-4e6c-9658-9d457a927c39",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment#phase-3-manage-and-operate"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Design a monitoring strategy to send metrics and logs to an Log Analytics workspace",
"guid": "74d1102c-ac6a-4ae0-8e6a-84de5df47d2d",
"severity": "Medium",
"graph": "resources | where type =~ 'microsoft.hybridcompute/machines' | project id, arcMachineName = name | join kind=leftouter (resources | where type == 'microsoft.hybridcompute/machines/extensions' | where name contains 'azuremonitor' | extend baseIdParts = split(id, '/extensions/') | extend extensionMachineId = tostring(baseIdParts[0]) | project extensionMachineId, extensionId = id) on $left.id == $right.extensionMachineId | extend compliant = isnotempty(extensionMachineId) | project id, compliant",
"link": "https://learn.microsoft.com/azure/azure-monitor/agents/log-analytics-agent#data-collected"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Use notification in Activity logs to receive notification on unexpected changes to the resources",
"guid": "92881b1c-d5d1-4e54-a296-59e3958fd782",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/service-health/resource-health-alert-monitor-guide"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Use Azure Monitor for compliance and operational monitoring",
"guid": "89c93555-6d02-4bfe-9564-b0d834a34872",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/learn/tutorial-enable-vm-insights"
},
{
"category": "Management and Monitoring",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Create an alert to identify Azure Arc-enabled servers that aren't using the latest version of the Azure connected machine agent",
"guid": "5df47d2d-9288-41b1-ad5d-1e54a29659e3",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/plan-at-scale-deployment#phase-3-manage-and-operate"
},
{
"category": "Management and Monitoring",
"subcategory": "Security",
"waf": "Operations",
"text": "Use Azure Arc-enabled servers to control software updates deployments to servers",
"description": "Use Azure Update Manager to manage and schedule updates at scale across your Azure Arc-enabled servers",
"guid": "ae2cc84c-37b6-4b78-8cba-fe6c46589d45",
"severity": "Low",
"graph": "resources | where type =~ 'microsoft.hybridcompute/machines' | project id = tolower(id), arcMachineName = name | join kind=leftouter (maintenanceresources | extend baseIdParts = split(tolower(id), '/providers/microsoft.maintenance/') | extend maintenanceMachineId = tostring(baseIdParts[0]) | project maintenanceMachineId, maintenanceId = id) on $left.id == $right.maintenanceMachineId | extend compliant = iif(maintenanceMachineId == '', 'No', 'Yes') | project id, compliant",
"link": "https://learn.microsoft.com/azure/update-manager/scheduled-patching?tabs=schedule-updates-single-machine%2Cschedule-updates-scale-overview%2Cwindows-maintenance"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Operations",
"text": "Define a connectivity method from the server to Azure",
"description": "The Connected Machine Agent will by default communicate with Azure services over public Internet connectivity using HTTPS (TCP port 443)",
"guid": "f6e043d2-aa35-4927-88e6-e2050725769e",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/network-requirements?tabs=azure-cloud#details"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Operations",
"text": "Is a proxy server a required for communication over the Public Internet",
"description": "The Connected Machine Agent can be configured to use a proxy server, it is recommended to define the proxy server address using 'azcmagent config set proxy.url' command on the local system.",
"guid": "46691e88-35ac-4932-823e-13800523081a",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/manage-agent#update-or-remove-proxy-settings"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Operations",
"text": "Is a private (not public Internet) connection required?",
"description": "The Connected Machine Agent can use a Private Link for communication with Azure Services over an existing ExpressRoute or VPN connection",
"guid": "94174158-33ee-47ad-9c6d-3733165c7acb",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/private-link-security"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Security",
"text": "Will Firewall configurations be needed in order to ensure communication with Azure Services?",
"description": "Firewall configuration might be required for the agent to communicate with Azure, use the link to see ServiceTags and/or URL's required",
"guid": "e44bbe60-9d79-4f2e-a777-8424c516775c",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/network-requirements?tabs=azure-cloud#service-tags"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Security",
"text": "Can the Firewall or Proxy rules be automated updated if Service Tags or IP addresses change",
"description": "Use available automation tool for the system in question to regularly update the Azure endpoints",
"guid": "6fa95b96-ad88-4408-b372-734b876ba28f",
"severity": "Low",
"link": "https://www.microsoft.com/download/details.aspx?id=56519"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Security",
"text": "Always use secure communication for Azure where possible",
"description": "Configure Servers to use Transport Layer Security (TLS) version 1.2",
"guid": "21459013-65d3-48e5-9f9c-cbd868266abc",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/network-requirements?tabs=azure-cloud#transport-layer-security-12-protocol"
},
{
"category": "Networking",
"subcategory": "Networking",
"waf": "Security",
"text": "Include communication for Azure Arc-enabled Servers extensions in the design (firewall/proxy/private link)",
"description": "All extensions (like log analytics etc.) have separate network requirements, be sure to include all in the network design.",
"guid": "a264f9a1-9bf3-49d9-9d44-c7c8919ca1f6",
"severity": "Low",
"link": "https://learn.microsoft.com/azure/cloud-adoption-framework/scenarios/hybrid/arc-enabled-servers/eslz-arc-servers-connectivity#define-extensions-connectivity-method"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Management",
"waf": "Security",
"text": "Use Azure Policy to implement a governance model for hybrid connected servers",
"guid": "ac6aae01-e6a8-44de-9df4-7d2d92881b1c",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/policy/"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Management",
"waf": "Operations",
"text": "Consider using Machine configurations for in guest OS configurations",
"guid": "5c2a3649-4b69-4bad-98aa-d53cc78e1d76",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/machine-configuration/overview"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Management",
"waf": "Operations",
"text": "Evaluate the need for custom Guest Configuration policies",
"guid": "667357c4-4967-44c5-bd85-b859c7733be2",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/governance/machine-configuration/machine-configuration-create"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Monitoring",
"waf": "Operations",
"text": "Consider using change tracking for tracking changes made on the servers",
"guid": "49674c5e-d85b-4859-a773-3be2a1a27b77",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/automation/change-tracking/overview"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Requirements",
"waf": "Security",
"text": "Make sure to use an Azure region for storing the metadata approved by the organization",
"guid": "d5d1e54a-2965-49e3-a58f-d78289c93555",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/data-residency"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Secrets",
"waf": "Security",
"text": "Use Azure Key Vault for certificate management on servers",
"guid": "195abb91-a4ed-490d-ae2c-c84c37b6b780",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/key-vault/general/basic-concepts"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Secrets",
"waf": "Security",
"text": "What is the acceptable life time of the secret used by SP's",
"description": "Consider using a short-lived Azure AD service principal client secrets.",
"guid": "6d02bfe4-564b-40d8-94a3-48726ee79d6b",
"severity": "High",
"link": "https://learn.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal#option-2-create-a-new-application-secret"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Secrets",
"waf": "Security",
"text": "Secure the public key for Azure Arc-enabled Servers",
"description": "A private key is saved to the disk, ensure this is protected using disk encryption",
"guid": "a1a27b77-5a91-4be1-b388-ff394c2bd463",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#using-disk-encryption"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Ensure there is local administrator access for executing the agent installation",
"description": "Local administrator is required to install the Connected Machine Agent on Windows and Linux systems",
"guid": "29659e39-58fd-4782-a9c9-35556d02bfe4",
"severity": "High",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/onboard-portal#install-manually"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Limit the amount of users with local administrator rights to the servers",
"description": "Members of the local administrator group on Windows and users with root privileges on Linux, have permissions to manage the agent via command line.",
"guid": "564b0d83-4a34-4872-9ee7-9d6b5c2a3649",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#agent-security-and-permissions"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Consider using and restricting access to managed identities for applications.",
"guid": "4b69bad3-8aad-453c-a78e-1d76667357c4",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/managed-identity-authentication"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Enable Defender for Servers for all servers to secure hybrid workloads from threats",
"description": "Use Defender for Endpoint or another AV and EDR solution to protect endpoints",
"guid": "5a91be1f-388f-4f39-9c2b-d463cbbbc868",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/security-center/security-center-get-started"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Define controls to detect security misconfigurations and track compliance",
"guid": "cbafe6c4-6589-4d45-9a92-7c3974d1102c",
"severity": "Medium"
},
{
"category": "Security, Governance and Compliance",
"subcategory": "Security",
"waf": "Security",
"text": "Use allow- or block-lists to control what extensions can be installed on the Azure Arc-enabled servers",
"guid": "cbbbc868-195a-4bb9-8a4e-d90dae2cc84c",
"severity": "Medium",
"link": "https://learn.microsoft.com/azure/azure-arc/servers/security-overview#extension-allowlists-and-blocklists"
}
],
"categories": [
{
"name": "Foundation"
},
{
"name": "Identity"
},
{
"name": "Networking"
},
{
"name": "Security, Governance and Compliance"
},
{
"name": "Management and Monitoring"
}
],
"waf": [
{
"name": "Reliability"
},
{
"name": "Security"
},
{
"name": "Cost"
},
{
"name": "Operations"
},
{
"name": "Performance"
}
],
"status": [
{
"name": "Not verified",
"description": "This check has not been looked at yet"
},
{
"name": "Open",
"description": "There is an action item associated to this check"
},
{
"name": "Fulfilled",
"description": "This check has been verified, and there are no further action items associated to it"
},
{
"name": "Not required",
"description": "Recommendation understood, but not needed by current requirements"
},
{
"name": "N/A",
"description": "Not applicable for current design"
}
],
"severities": [
{
"name": "High"
},
{
"name": "Medium"
},
{
"name": "Low"
}
],
"metadata": {
"name": "Azure Arc Review",
"state": "Preview",
"timestamp": "October 23, 2024"
}
}