Download MonitorControl For Mac 3.1.1

Posted : admin On 1/24/2022

Nov 16, 2021 Download the latest version of Drive Genius for Mac for free. Read 283 user reviews and compare with similar apps on MacUpdate. Download Blurb BookSmart 3.1.1 for Mac for free, without any viruses, from Uptodown. Try the latest version of Blurb BookSmart for Mac. Hudson 3.1.2 is available for early testing. This release is a small bugfix release addressing some high priority issues encountered in 3.1.1. The release candidate can be obtained from the downloads page. Hudson 3.1.1 Available for Download. The Hudson Team are pleased to announce the availability of the 3.1.1 release. Globalprotect 3.1 1 Download Mac Os Mac Globalprotect Uninstall GlobalProtect for Android connects to a GlobalProtect gateway on a Palo Alto Networks next-generation firewall allowing mobile users to benefit from the protection of enterprise security.

-->

The following article details how the Azure Policy Regulatory Compliance built-in initiativedefinition maps to compliance domains and controls in NIST SP 800-171 R2.For more information about this compliance standard, seeNIST SP 800-171 R2. To understandOwnership, see Azure Policy policy definition andShared responsibility in the cloud.

The following mappings are to the NIST SP 800-171 R2 controls. Use thenavigation on the right to jump directly to a specific compliance domain. Many of the controlsare implemented with an Azure Policy initiative definition. To review the completeinitiative definition, open Policy in the Azure portal and select the Definitions page.Then, find and select the NIST SP 800-171 R2 Regulatory Compliance built-ininitiative definition.

Important

Each control below is associated with one or more Azure Policy definitions.These policies may help you assess compliance with thecontrol; however, there often is not a one-to-one or complete match between a control and one ormore policies. As such, Compliant in Azure Policy refers only to the policy definitionsthemselves; this doesn't ensure you're fully compliant with all requirements of a control. Inaddition, the compliance standard includes controls that aren't addressed by any Azure Policydefinitions at this time. Therefore, compliance in Azure Policy is only a partial view of youroverall compliance status. The associations between compliance domains, controls, and Azure Policydefinitions for this compliance standard may change over time. To view the change history, see theGitHub Commit History.

Access Control

Limit system access to authorized users, processes acting on behalf of authorized users, and devices (including other systems).

ID: NIST SP 800-171 R2 3.1.1Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Linux machines that allow remote connections from accounts without passwordsRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that allow remote connections from accounts without passwordsAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Deprecated accounts should be removed from your subscriptionDeprecated accounts should be removed from your subscriptions. Deprecated accounts are accounts that have been blocked from signing in.AuditIfNotExists, Disabled3.0.0
Deprecated accounts with owner permissions should be removed from your subscriptionDeprecated accounts with owner permissions should be removed from your subscription. Deprecated accounts are accounts that have been blocked from signing in.AuditIfNotExists, Disabled3.0.0
External accounts with owner permissions should be removed from your subscriptionExternal accounts with owner permissions should be removed from your subscription in order to prevent unmonitored access.AuditIfNotExists, Disabled3.0.0
External accounts with read permissions should be removed from your subscriptionExternal accounts with read privileges should be removed from your subscription in order to prevent unmonitored access.AuditIfNotExists, Disabled3.0.0
External accounts with write permissions should be removed from your subscriptionExternal accounts with write privileges should be removed from your subscription in order to prevent unmonitored access.AuditIfNotExists, Disabled3.0.0
Remote debugging should be turned off for API AppsRemote debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Remote debugging should be turned off for Function AppsRemote debugging requires inbound ports to be opened on function apps. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Remote debugging should be turned off for Web ApplicationsRemote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Storage accounts should restrict network accessNetwork access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address rangesAudit, Deny, Disabled1.1.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Control the flow of CUI in accordance with approved authorizations.

ID: NIST SP 800-171 R2 3.1.3Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
CORS should not allow every resource to access your Web ApplicationsCross-Origin Resource Sharing (CORS) should not allow all domains to access your web application. Allow only required domains to interact with your web app.AuditIfNotExists, Disabled1.0.0

Separate the duties of individuals to reduce the risk of malevolent activity without collusion.

ID: NIST SP 800-171 R2 3.1.4Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
A maximum of 3 owners should be designated for your subscriptionIt is recommended to designate up to 3 subscription owners in order to reduce the potential for breach by a compromised owner.AuditIfNotExists, Disabled3.0.0
Audit Windows machines missing any of specified members in the Administrators groupRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group does not contain one or more members that are listed in the policy parameter.auditIfNotExists1.0.0
Audit Windows machines that have the specified members in the Administrators groupRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if the local Administrators group contains one or more of the members listed in the policy parameter.auditIfNotExists1.0.0
There should be more than one owner assigned to your subscriptionIt is recommended to designate more than one subscription owner in order to have administrator access redundancy.AuditIfNotExists, Disabled3.0.0

Monitor and control remote access sessions.

ID: NIST SP 800-171 R2 3.1.12Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Linux machines that allow remote connections from accounts without passwordsRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that allow remote connections from accounts without passwordsAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Remote debugging should be turned off for API AppsRemote debugging requires inbound ports to be opened on API apps. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Remote debugging should be turned off for Function AppsRemote debugging requires inbound ports to be opened on function apps. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Remote debugging should be turned off for Web ApplicationsRemote debugging requires inbound ports to be opened on a web application. Remote debugging should be turned off.AuditIfNotExists, Disabled1.0.0
Storage accounts should restrict network accessNetwork access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address rangesAudit, Deny, Disabled1.1.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Audit and Accountability

Create and retain system audit logs and records to the extent needed to enable the monitoring, analysis, investigation, and reporting of unlawful or unauthorized system activity.

ID: NIST SP 800-171 R2 3.3.1Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Audit diagnostic settingAudit diagnostic setting for selected resource typesAuditIfNotExists1.0.0
Auditing on SQL server should be enabledAuditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log.AuditIfNotExists, Disabled2.0.0
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2
Log Analytics Agent should be enabled for listed virtual machine imagesReports virtual machines as non-compliant if the virtual machine image is not in the list defined and the agent is not installed.AuditIfNotExists, Disabled2.0.0-preview
Log Analytics agent should be enabled in virtual machine scale sets for listed virtual machine imagesReports virtual machine scale sets as non-compliant if the virtual machine image is not in the list defined and the agent is not installed.AuditIfNotExists, Disabled2.0.0
The Log Analytics agent should be installed on Virtual Machine Scale SetsThis policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics agent is not installed.AuditIfNotExists, Disabled1.0.0
The Log Analytics agent should be installed on virtual machinesThis policy audits any Windows/Linux virtual machines if the Log Analytics agent is not installed.AuditIfNotExists, Disabled1.0.0
Virtual machines should be connected to a specified workspaceReports virtual machines as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment.AuditIfNotExists, Disabled1.1.0

Ensure that the actions of individual system users can be uniquely traced to those users, so they can be held accountable for their actions.

ID: NIST SP 800-171 R2 3.3.2Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Audit diagnostic settingAudit diagnostic setting for selected resource typesAuditIfNotExists1.0.0
Auditing on SQL server should be enabledAuditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log.AuditIfNotExists, Disabled2.0.0
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2
Log Analytics Agent should be enabled for listed virtual machine imagesReports virtual machines as non-compliant if the virtual machine image is not in the list defined and the agent is not installed.AuditIfNotExists, Disabled2.0.0-preview
Log Analytics agent should be enabled in virtual machine scale sets for listed virtual machine imagesReports virtual machine scale sets as non-compliant if the virtual machine image is not in the list defined and the agent is not installed.AuditIfNotExists, Disabled2.0.0
The Log Analytics agent should be installed on Virtual Machine Scale SetsThis policy audits any Windows/Linux Virtual Machine Scale Sets if the Log Analytics agent is not installed.AuditIfNotExists, Disabled1.0.0
The Log Analytics agent should be installed on virtual machinesThis policy audits any Windows/Linux virtual machines if the Log Analytics agent is not installed.AuditIfNotExists, Disabled1.0.0
Virtual machines should be connected to a specified workspaceReports virtual machines as non-compliant if they aren't logging to the Log Analytics workspace specified in the policy/initiative assignment.AuditIfNotExists, Disabled1.1.0

Alert in the event of an audit logging process failure.

ID: NIST SP 800-171 R2 3.3.4Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Audit diagnostic settingAudit diagnostic setting for selected resource typesAuditIfNotExists1.0.0
Auditing on SQL server should be enabledAuditing on your SQL Server should be enabled to track database activities across all databases on the server and save them in an audit log.AuditIfNotExists, Disabled2.0.0
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2

Configuration Management

Restrict, disable, or prevent the use of nonessential programs, functions, ports, protocols, and services.

ID: NIST SP 800-171 R2 3.4.7Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machinesEnable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications.AuditIfNotExists, Disabled3.0.0

Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

ID: NIST SP 800-171 R2 3.4.8Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machinesEnable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications.AuditIfNotExists, Disabled3.0.0

Control and monitor user-installed software.

ID: NIST SP 800-171 R2 3.4.9Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Adaptive application controls for defining safe applications should be enabled on your machinesEnable application controls to define the list of known-safe applications running on your machines, and alert you when other applications run. This helps harden your machines against malware. To simplify the process of configuring and maintaining your rules, Security Center uses machine learning to analyze the applications running on each machine and suggest the list of known-safe applications.AuditIfNotExists, Disabled3.0.0

Identification and Authentication

Identify system users, processes acting on behalf of users, and devices.

ID: NIST SP 800-171 R2 3.5.1Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
MFA should be enabled accounts with write permissions on your subscriptionMulti-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.AuditIfNotExists, Disabled3.0.0
MFA should be enabled on accounts with owner permissions on your subscriptionMulti-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.AuditIfNotExists, Disabled3.0.0

Authenticate (or verify) the identities of users, processes, or devices, as a prerequisite to allowing access to organizational systems.

ID: NIST SP 800-171 R2 3.5.2Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Linux machines that have accounts without passwordsRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that have accounts without passwordsAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Use multifactor authentication for local and network access to privileged accounts and for network access to non-privileged accounts.

ID: NIST SP 800-171 R2 3.5.3Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
MFA should be enabled accounts with write permissions on your subscriptionMulti-Factor Authentication (MFA) should be enabled for all subscription accounts with write privileges to prevent a breach of accounts or resources.AuditIfNotExists, Disabled3.0.0
MFA should be enabled on accounts with owner permissions on your subscriptionMulti-Factor Authentication (MFA) should be enabled for all subscription accounts with owner permissions to prevent a breach of accounts or resources.AuditIfNotExists, Disabled3.0.0
MFA should be enabled on accounts with read permissions on your subscriptionMulti-Factor Authentication (MFA) should be enabled for all subscription accounts with read privileges to prevent a breach of accounts or resources.AuditIfNotExists, Disabled3.0.0
Download MonitorControl For Mac 3.1.1

Enforce a minimum password complexity and change of characters when new passwords are created.

ID: NIST SP 800-171 R2 3.5.7Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Linux machines that have accounts without passwordsRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that have accounts without passwordsAuditIfNotExists, Disabled1.0.0
Audit Windows machines that do not have the password complexity setting enabledRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not have the password complexity setting enabledAuditIfNotExists, Disabled1.0.0
Audit Windows machines that do not restrict the minimum password length to 14 charactersRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not restrict the minimum password length to 14 charactersAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Prohibit password reuse for a specified number of generations.

ID: NIST SP 800-171 R2 3.5.8Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Windows machines that allow re-use of the previous 24 passwordsRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that allow re-use of the previous 24 passwordsAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Store and transmit only cryptographically-protected passwords.

Download the app

ID: NIST SP 800-171 R2 3.5.10Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Add system-assigned managed identity to enable Guest Configuration assignments on virtual machines with no identitiesThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration but do not have any managed identities. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Add system-assigned managed identity to enable Guest Configuration assignments on VMs with a user-assigned identityThis policy adds a system-assigned managed identity to virtual machines hosted in Azure that are supported by Guest Configuration and have at least one user-assigned identity but do not have a system-assigned managed identity. A system-assigned managed identity is a prerequisite for all Guest Configuration assignments and must be added to machines before using any Guest Configuration policy definitions. For more information on Guest Configuration, visit https://aka.ms/gcpol.modify1.0.0
Audit Linux machines that do not have the passwd file permissions set to 0644Requires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Linux machines that do not have the passwd file permissions set to 0644AuditIfNotExists, Disabled1.0.0
Audit Windows machines that do not store passwords using reversible encryptionRequires that prerequisites are deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol. Machines are non-compliant if Windows machines that do not store passwords using reversible encryptionAuditIfNotExists, Disabled1.0.0
Deploy the Windows Guest Configuration extension to enable Guest Configuration assignments on Windows VMsThis policy deploys the Windows Guest Configuration extension to Windows virtual machines hosted in Azure that are supported by Guest Configuration. The Windows Guest Configuration extension is a prerequisite for all Windows Guest Configuration assignments and must be deployed to machines before using any Windows Guest Configuration policy definition. For more information on Guest Configuration, visit https://aka.ms/gcpol.deployIfNotExists1.0.1
Windows machines should meet requirements for 'Security Options - Network Security'Windows machines should have the specified Group Policy settings in the category 'Security Options - Network Security' for including Local System behavior, PKU2U, LAN Manager, LDAP client, and NTLM SSP. This policy requires that the Guest Configuration prerequisites have been deployed to the policy assignment scope. For details, visit https://aka.ms/gcpol.AuditIfNotExists, Disabled2.0.0

Risk Assessment

Scan for vulnerabilities in organizational systems and applications periodically and when new vulnerabilities affecting those systems and applications are identified.

ID: NIST SP 800-171 R2 3.11.2Ownership: Shared

Download MonitorControl For Mac 3.1.1
Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
A vulnerability assessment solution should be enabled on your virtual machinesAudits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.AuditIfNotExists, Disabled3.0.0
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2
SQL databases should have vulnerability findings resolvedMonitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities.AuditIfNotExists, Disabled4.0.0
Vulnerabilities in container security configurations should be remediatedAudit vulnerabilities in security configuration on machines with Docker installed and display as recommendations in Azure Security Center.AuditIfNotExists, Disabled3.0.0
Vulnerabilities in security configuration on your machines should be remediatedServers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendationsAuditIfNotExists, Disabled3.0.0
Vulnerabilities in security configuration on your virtual machine scale sets should be remediatedAudit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks.AuditIfNotExists, Disabled3.0.0

System and Communications Protection

Monitor, control, and protect communications (i.e., information transmitted or received by organizational systems) at the external boundaries and key internal boundaries of organizational systems.

ID: NIST SP 800-171 R2 3.13.1Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Adaptive network hardening recommendations should be applied on internet facing virtual machinesAzure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surfaceAuditIfNotExists, Disabled3.0.0
All network ports should be restricted on network security groups associated to your virtual machineAzure Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your resources.AuditIfNotExists, Disabled3.0.0
API App should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Function App should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Latest TLS version should be used in your API AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
Latest TLS version should be used in your Function AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
Latest TLS version should be used in your Web AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
Only secure connections to your Azure Cache for Redis should be enabledAudit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijackingAudit, Deny, Disabled1.0.0
Secure transfer to storage accounts should be enabledAudit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijackingAudit, Deny, Disabled2.0.0
Storage accounts should restrict network accessNetwork access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address rangesAudit, Deny, Disabled1.1.1
Web Application should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Windows web servers should be configured to use secure communication protocolsTo protect the privacy of information communicated over the Internet, your web servers should use the latest version of the industry-standard cryptographic protocol, Transport Layer Security (TLS). TLS secures communications over a network by using security certificates to encrypt a connection between machines.AuditIfNotExists, Disabled3.0.0

Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.

ID: NIST SP 800-171 R2 3.13.5Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Adaptive network hardening recommendations should be applied on internet facing virtual machinesAzure Security Center analyzes the traffic patterns of Internet facing virtual machines and provides Network Security Group rule recommendations that reduce the potential attack surfaceAuditIfNotExists, Disabled3.0.0
All network ports should be restricted on network security groups associated to your virtual machineAzure Security Center has identified some of your network security groups' inbound rules to be too permissive. Inbound rules should not allow access from 'Any' or 'Internet' ranges. This can potentially enable attackers to target your resources.AuditIfNotExists, Disabled3.0.0
Internet-facing virtual machines should be protected with network security groupsProtect your virtual machines from potential threats by restricting access to them with network security groups (NSG). Learn more about controlling traffic with NSGs at https://aka.ms/nsg-docAuditIfNotExists, Disabled3.0.0
Storage accounts should restrict network accessNetwork access to storage accounts should be restricted. Configure network rules so only applications from allowed networks can access the storage account. To allow connections from specific internet or on-premises clients, access can be granted to traffic from specific Azure virtual networks or to public internet IP address rangesAudit, Deny, Disabled1.1.1

Implement cryptographic mechanisms to prevent unauthorized disclosure of CUI during transmission unless otherwise protected by alternative physical safeguards.

ID: NIST SP 800-171 R2 3.13.8Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
API App should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Function App should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Only secure connections to your Azure Cache for Redis should be enabledAudit enabling of only connections via SSL to Azure Cache for Redis. Use of secure connections ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijackingAudit, Deny, Disabled1.0.0
Secure transfer to storage accounts should be enabledAudit requirement of Secure transfer in your storage account. Secure transfer is an option that forces your storage account to accept requests only from secure connections (HTTPS). Use of HTTPS ensures authentication between the server and the service and protects data in transit from network layer attacks such as man-in-the-middle, eavesdropping, and session-hijackingAudit, Deny, Disabled2.0.0
Web Application should only be accessible over HTTPSUse of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.Audit, Disabled1.0.0
Windows web servers should be configured to use secure communication protocolsTo protect the privacy of information communicated over the Internet, your web servers should use the latest version of the industry-standard cryptographic protocol, Transport Layer Security (TLS). TLS secures communications over a network by using security certificates to encrypt a connection between machines.AuditIfNotExists, Disabled3.0.0

Protect the confidentiality of CUI at rest.

ID: NIST SP 800-171 R2 3.13.16Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2
Transparent Data Encryption on SQL databases should be enabledTransparent data encryption should be enabled to protectt encrypted. Disregard this recommendation if: 1. using encryption-at-host, or 2. server-side encryption on Managed Disks meets your security requirements. Learn more in Server-side encryption of Azure Disk Storage and Different disk encryption offerings.AuditIfNotExists, Disabled2.0.2

System and Information Integrity

Identify, report, and correct system flaws in a timely manner.

ID: NIST SP 800-171 R2 3.14.1Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
A vulnerability assessment solution should be enabled on your virtual machinesAudits virtual machines to detect whether they are running a supported vulnerability assessment solution. A core component of every cyber risk and security program is the identification and analysis of vulnerabilities. Azure Security Center's standard pricing tier includes vulnerability scanning for your virtual machines at no extra cost. Additionally, Security Center can automatically deploy this tool for you.AuditIfNotExists, Disabled3.0.0
Ensure that 'HTTP Version' is the latest, if used to run the API appPeriodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'HTTP Version' is the latest, if used to run the Function appPeriodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'HTTP Version' is the latest, if used to run the Web appPeriodically, newer versions are released for HTTP either due to security flaws or to include additional functionality. Using the latest HTTP version for web apps to take advantage of security fixes, if any, and/or new functionalities of the newer version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'Java version' is the latest, if used as a part of the API appPeriodically, newer versions are released for Java either due to security flaws or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'Java version' is the latest, if used as a part of the Function appPeriodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'Java version' is the latest, if used as a part of the Web appPeriodically, newer versions are released for Java software either due to security flaws or to include additional functionality. Using the latest Java version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.0.0
Ensure that 'PHP version' is the latest, if used as a part of the API appPeriodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.1.0
Ensure that 'PHP version' is the latest, if used as a part of the WEB appPeriodically, newer versions are released for PHP software either due to security flaws or to include additional functionality. Using the latest PHP version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled2.1.0
Ensure that 'Python version' is the latest, if used as a part of the API appPeriodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for API apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled3.0.0
Ensure that 'Python version' is the latest, if used as a part of the Function appPeriodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for Function apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled3.0.0
Ensure that 'Python version' is the latest, if used as a part of the Web appPeriodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. Currently, this policy only applies to Linux web apps.AuditIfNotExists, Disabled3.0.0
Kubernetes Services should be upgraded to a non-vulnerable Kubernetes versionUpgrade your Kubernetes service cluster to a later Kubernetes version to protect against known vulnerabilities in your current Kubernetes version. Vulnerability CVE-2019-9946 has been patched in Kubernetes versions 1.11.9+, 1.12.7+, 1.13.5+, and 1.14.0+Audit, Disabled1.0.2
Latest TLS version should be used in your API AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
Latest TLS version should be used in your Function AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
Latest TLS version should be used in your Web AppUpgrade to the latest TLS versionAuditIfNotExists, Disabled1.0.0
SQL databases should have vulnerability findings resolvedMonitor vulnerability assessment scan results and recommendations for how to remediate database vulnerabilities.AuditIfNotExists, Disabled4.0.0
System updates on virtual machine scale sets should be installedAudit whether there are any missing system security updates and critical updates that should be installed to ensure that your Windows and Linux virtual machine scale sets are secure.AuditIfNotExists, Disabled3.0.0
System updates should be installed on your machinesMissing security system updates on your servers will be monitored by Azure Security Center as recommendationsAuditIfNotExists, Disabled4.0.0
Vulnerabilities in security configuration on your machines should be remediatedServers which do not satisfy the configured baseline will be monitored by Azure Security Center as recommendationsAuditIfNotExists, Disabled3.0.0
Vulnerabilities in security configuration on your virtual machine scale sets should be remediatedAudit the OS vulnerabilities on your virtual machine scale sets to protect them from attacks.AuditIfNotExists, Disabled3.0.0

Provide protection from malicious code at designated locations within organizational systems.

ID: NIST SP 800-171 R2 3.14.2Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Endpoint protection solution should be installed on virtual machine scale setsAudit the existence and health of an endpoint protection solution on your virtual machines scale sets, to protect them from threats and vulnerabilities.AuditIfNotExists, Disabled3.0.0
Microsoft IaaSAntimalware extension should be deployed on Windows serversThis policy audits any Windows server VM without Microsoft IaaSAntimalware extension deployed.AuditIfNotExists, Disabled1.0.0
Monitor missing Endpoint Protection in Azure Security CenterServers without an installed Endpoint Protection agent will be monitored by Azure Security Center as recommendationsAuditIfNotExists, Disabled3.0.0

Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.

ID: NIST SP 800-171 R2 3.14.6Ownership: Shared

Name
(Azure portal)
DescriptionEffect(s)Version
(GitHub)
Azure Defender for SQL should be enabled for unprotected Azure SQL serversAudit SQL servers without Advanced Data SecurityAuditIfNotExists, Disabled2.0.1
Azure Defender for SQL should be enabled for unprotected SQL Managed InstancesAudit each SQL Managed Instance without advanced data security.AuditIfNotExists, Disabled1.0.2
Email notification to subscription owner for high severity alerts should be enabledTo ensure your subscription owners are notified when there is a potential security breach in their subscription, set email notifications to subscription owners for high severity alerts in Security Center.AuditIfNotExists, Disabled2.0.0
Network Watcher should be enabledNetwork Watcher is a regional service that enables you to monitor and diagnose conditions at a network scenario level in, to, and from Azure. Scenario level monitoring enables you to diagnose problems at an end to end network level view. It is required to have a network watcher resource group to be created in every region where a virtual network is present. An alert is enabled if a network watcher resource group is not available in a particular region.AuditIfNotExists, Disabled3.0.0
Subscriptions should have a contact email address for security issuesTo ensure the relevant people in your organization are notified when there is a potential security breach in one of your subscriptions, set a security contact to receive email notifications from Security Center.AuditIfNotExists, Disabled1.0.1

Next steps

Additional articles about Azure Policy:

  • Regulatory Compliance overview.
  • See the initiative definition structure.
  • Review other examples at Azure Policy samples.
  • Review Understanding policy effects.
  • Learn how to remediate non-compliant resources.

List, download and convert any Spotify song or playlist to MP3 then save them to your PC with this simple and straightforward app

We all know that Spotify is a widespread platform for music playing. Its huge database contains almost all contemporary songs, albums, artists, etc. Although it's free, certain features are available only for the paid version. One of those features is the possibility to download music directly to your PC. Ondesoft Spotify Converter can help you download from the platform without creating a premium account.

Mac Control Monitor Volume

Clean but unresizable interface

The interface is enjoyable and intuitive as it consists of one large display/list window and several control buttons. At center-top you can also notice the 'Output' field where you select your path for the downloaded or converted files.

Download MonitorControl For Mac 3.1.1

One downside of this program is the impossibility to resize the interface. Right after the installation, the GUI is fixed an can only be moved or minimized but not resized. This can bother with small monitor or screenshots activities.

Supports several formats and also batch conversion

You can easily drag&drop as many songs or playlists you want to convert to the Spotify interface. Spotify converter will load all songs in the playlist automatically. You can also copy&paste the link of the song/playlist. There are four formats available for conversion: MP3, M4A, WAV, and FLAC.After conversion all ID3 tags preserved, so you will never lose the title, artist, album, and artwork, etc. of each song.

Cached

5x conversion speed and rate selection

You can also choose to pick the 5x conversion speed so that you can play them on any music player freely. Ondesoft Spotify allows you to set bitrate, sample rate for output DRM-free Spotify music according to your preferences.

Handy music downloader

To sum it up, Ondesoft Spotify Converter is an excellent and easy-to-use tool that lets you download any song from Spotify and convert it into one of the four available formats. It can be used by both novice and technical people due to its simplicity and intuitive feeling.

Filed under

Download Hubs

Ondesoft Spotify Converter is part of these download collections: Spotify Music Downloaders

Ondesoft Spotify Converter was reviewed by Cristian Sarasanu
3.5/5
LIMITATIONS IN THE UNREGISTERED VERSION
  • You can convert only 3 minutes of each song
SYSTEM REQUIREMENTS
Load comments
This enables Disqus, Inc. to process some of your data. Disqus privacy policy

Ondesoft Spotify Converter 3.1.1

add to watchlist

Www.abus.com › Eng › Home-SecurityABUS ABUS CMS Software (Windows) (TVSW11001)

send us an update
4 screenshots:
runs on:
Windows 10 32/64 bit
Windows 8 32/64 bit
Windows 7 32/64 bit
file size:
47 MB
filename:
odspconverter.exe
main category:
Multimedia
developer:
visit homepage

top alternatives FREE

@waydabber

top alternatives PAID