Azure Virtual Machine instance has administrative privileges over resources

azure

Set up the azure integration.

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

This rule ensures that none of your Virtual Machines have administrative roles with root management group scope attached to them.

Rationale

Administrative Azure role assignments at the root scope have permissions on every Azure resource within a tenant, including all child management groups and subscriptions. This is the widest possible scope and is rarely needed. A role with these privileges could potentially, whether unknowingly or purposefully, cause security issues or data leaks. Roles with these levels of access may also be targeted by an adversary to compromise resources across the entire Azure tenant.

Remediation

Datadog recommends reducing the permissions and scope of a role assignment to the minimum necessary.

PREVIEWING: drodriguezhdez/add_public_docs_log_summarization