diff --git a/docs/content/en/docs/Rules/_index.md b/docs/content/en/docs/Rules/_index.md
index 2151f29e..d094b988 100644
--- a/docs/content/en/docs/Rules/_index.md
+++ b/docs/content/en/docs/Rules/_index.md
@@ -114,201 +114,203 @@ Azure Quick Review uses the following rules to identify Azure resources that may
 104 | cosmos-005 | Reliability | SKU | CosmosDB SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/cosmos-db/autoscale-provisioned/)
 105 | cosmos-006 | Operational Excellence | Naming Convention (CAF) | CosmosDB Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
 106 | cosmos-007 | Operational Excellence | Tags | CosmosDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-107 | cr-001 | Reliability | Diagnostic Logs | ContainerRegistry should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/monitor-service)
-108 | cr-002 | Reliability | Availability Zones | ContainerRegistry should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/zone-redundancy)
-109 | cr-003 | Reliability | SLA | ContainerRegistry should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/container-registry/)
-110 | cr-004 | Security | Private Endpoint | ContainerRegistry should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-private-link)
-111 | cr-005 | Reliability | SKU | ContainerRegistry SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-skus)
-112 | cr-006 | Operational Excellence | Naming Convention (CAF) | ContainerRegistry Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-113 | cr-007 | Security | Identity and Access Control | ContainerRegistry should have anonymous pull access disabled | Medium | [Learn](https://learn.microsoft.com/azure/container-registry/anonymous-pull-access#configure-anonymous-pull-access)
-114 | cr-008 | Security | Identity and Access Control | ContainerRegistry should have the Administrator account disabled | Medium | [Learn](https://learn.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity)
-115 | cr-009 | Operational Excellence | Tags | ContainerRegistry should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-116 | cr-010 | Operational Excellence | Retention Policies | ContainerRegistry should use retention policies | Medium | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy)
-117 | dec-001 | Reliability | Diagnostic Logs | Azure Data Explorer should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/using-diagnostic-logs)
-118 | dec-002 | Reliability | SLA | Azure Data Explorer SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services)
-119 | dec-003 | Reliability | SKU | Azure Data Explorer Production Cluster should not use Dev SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/manage-cluster-choose-sku)
-120 | dec-004 | Operational Excellence | Naming Convention (CAF) | Azure Data Explorer Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-121 | dec-005 | Operational Excellence | Tags | Azure Data Explorer should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-122 | dec-008 | Security | Disk Encryption | Azure Data Explorer should use Disk Encryption | High | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/cluster-encryption-overview)
-123 | dec-009 | Security | Identity and Access Control | Azure Data Explorer should use Managed Identities | Low | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/configure-managed-identities-cluster?tabs=portal)
-124 | evgd-001 | Reliability | Diagnostic Logs | Event Grid Domain should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/diagnostic-logs)
-125 | evgd-003 | Reliability | SLA | Event Grid Domain should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/event-grid/)
-126 | evgd-004 | Security | Private Endpoint | Event Grid Domain should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints)
-127 | evgd-005 | Reliability | SKU | Event Grid Domain SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/event-grid/)
-128 | evgd-006 | Operational Excellence | Naming Convention (CAF) | Event Grid Domain Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-129 | evgd-007 | Operational Excellence | Tags | Event Grid Domain should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-130 | evgd-008 | Security | Identity and Access Control | Event Grid Domain should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/authenticate-with-access-keys-shared-access-signatures)
-131 | evh-001 | Reliability | Diagnostic Logs | Event Hub Namespace should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/monitor-event-hubs#collection-and-routing)
-132 | evh-002 | Reliability | Availability Zones | Event Hub Namespace should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-premium-overview#high-availability-with-availability-zones)
-133 | evh-003 | Reliability | SLA | Event Hub Namespace should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/event-hubs/)
-134 | evh-004 | Security | Private Endpoint | Event Hub Namespace should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/network-security)
-135 | evh-005 | Reliability | SKU | Event Hub Namespace SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/compare-tiers)
-136 | evh-006 | Operational Excellence | Naming Convention (CAF) | Event Hub Namespace Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-137 | evh-007 | Operational Excellence | Tags | Event Hub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-138 | evh-008 | Security | Identity and Access Control | Event Hub should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/authorize-access-event-hubs#shared-access-signatures)
-139 | kv-001 | Reliability | Diagnostic Logs | Key Vault should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault)
-140 | kv-003 | Reliability | SLA | Key Vault should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/key-vault/)
-141 | kv-004 | Security | Private Endpoint | Key Vault should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service)
-142 | kv-005 | Reliability | SKU | Key Vault SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/key-vault/)
-143 | kv-006 | Operational Excellence | Naming Convention (CAF) | Key Vault Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-144 | kv-007 | Operational Excellence | Tags | Key Vault should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-145 | kv-008 | Reliability | Reliability | Key Vault should have soft delete enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview)
-146 | kv-009 | Reliability | Reliability | Key Vault should have purge protection enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview#purge-protection)
-147 | lb-001 | Reliability | Diagnostic Logs | Load Balancer should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/monitor-load-balancer#creating-a-diagnostic-setting)
-148 | lb-002 | Reliability | Availability Zones | Load Balancer should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant)
-149 | lb-003 | Reliability | SLA | Load Balancer should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/skus)
-150 | lb-005 | Reliability | SKU | Load Balancer SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/skus)
-151 | lb-006 | Operational Excellence | Naming Convention (CAF) | Load Balancer Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-152 | lb-007 | Operational Excellence | Tags | Load Balancer should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-153 | logic-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
-154 | logic-003 | Reliability | SLA | Logic App should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-155 | logic-004 | Security | Firewall | Logic App should limit access to Http Triggers | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#restrict-access-by-ip-address-range)
-156 | logic-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-157 | logic-007 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-158 | maria-001 | Reliability | Diagnostic Logs | MariaDB should have diagnostic settings enabled | Medium | [Learn]()
-159 | maria-002 | Security | Private Endpoint | MariaDB should have private endpoints enabled | High | [Learn]()
-160 | maria-003 | Operational Excellence | Naming Convention (CAF) | MariaDB server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-161 | maria-004 | Reliability | SLA | MariaDB server should have a SLA | High | [Learn]()
-162 | maria-005 | Operational Excellence | Tags | MariaDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-163 | maria-006 | Security | TLS | MariaDB should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/mariadb/howto-tls-configurations)
-164 | mysqlf-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-query-performance-insights#set-up-diagnostics)
-165 | mysqlf-002 | Reliability | Availability Zones | Azure Database for MySQL - Flexible Server should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-configure-high-availability-cli)
-166 | mysqlf-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](hhttps://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-167 | mysqlf-004 | Security | Private IP Address | Azure Database for MySQL - Flexible Server should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-manage-virtual-network-cli)
-168 | mysqlf-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-service-tiers-storage)
-169 | mysqlf-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-170 | mysqlf-007 | Operational Excellence | Tags | Azure Database for MySQL - Flexible Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-171 | mysql-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-monitoring#server-logs)
-172 | mysql-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/mysql/)
-173 | mysql-004 | Security | Private Endpoint | Azure Database for MySQL - Flexible Server should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-data-access-security-private-link)
-174 | mysql-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-pricing-tiers)
-175 | mysql-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-176 | mysql-007 | Reliability | SKU | Azure Database for MySQL - Single Server is on the retirement path | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server)
-177 | mysql-008 | Operational Excellence | Tags | Azure Database for MySQL - Single Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-178 | app-001 | Reliability | Diagnostic Logs | App Service should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#send-logs-to-azure-monitor)
-179 | app-004 | Security | Private Endpoint | App Service should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint)
-180 | app-006 | Operational Excellence | Naming Convention (CAF) | App Service Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-181 | app-007 | Security | HTTPS Only | App Service should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-182 | app-008 | Operational Excellence | Tags | App Service should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-183 | app-009 | Security | Networking | App Service should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-184 | app-010 | Security | Networking | App Service should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-185 | app-011 | Security | TLS | App Service should use TLS 1.2 | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
-186 | app-012 | Security | Security | App Service remote debugging should be disabled | High | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
-187 | app-013 | Security | Security | App Service should not allow insecure FTP | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal)
-188 | app-014 | Security | Security | App Service should have Always On enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal)
-189 | app-015 | Reliability | Reliability | App Service should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
-190 | app-016 | Security | Identity and Access Control | App Service should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
-191 | asp-001 | Reliability | Diagnostic Logs | Plan should have diagnostic settings enabled | Medium | [Learn]()
-192 | asp-002 | Reliability | Availability Zones | Plan should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service)
-193 | asp-003 | Reliability | SLA | Plan should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/app-service/)
-194 | asp-005 | Reliability | SKU | Plan SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans)
-195 | asp-006 | Operational Excellence | Naming Convention (CAF) | Plan Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-196 | asp-007 | Operational Excellence | Tags | Plan should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-197 | func-001 | Reliability | Diagnostic Logs | Function should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-monitor-log-analytics?tabs=csharp)
-198 | func-004 | Security | Private Endpoint | Function should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet)
-199 | func-006 | Operational Excellence | Naming Convention (CAF) | Function Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-200 | func-007 | Security | HTTPS Only | Function should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-201 | func-008 | Operational Excellence | Tags | Function should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-202 | func-009 | Security | Networking | Function should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-203 | func-010 | Security | Networking | Function should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-204 | func-011 | Security | TLS | Function should use TLS 1.2 | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
-205 | func-012 | Security | Security | Function remote debugging should be disabled | Medium | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
-206 | func-013 | Reliability | Reliability | Function should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
-207 | func-014 | Security | Identity and Access Control | Function should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
-208 | logics-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
-209 | logics-004 | Security | Private Endpoint | Logic App should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint)
-210 | logics-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-211 | logics-007 | Security | HTTPS Only | Logic App should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-212 | logics-008 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-213 | logics-009 | Security | Networking | Logic App should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-214 | logics-010 | Security | Networking | Logic App should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
-215 | logics-011 | Security | TLS | Logic App should use TLS 1.2 | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
-216 | logics-012 | Security | Security | Logic App remote debugging should be disabled | Medium | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
-217 | logics-013 | Reliability | Reliability | Logic App should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
-218 | logics-014 | Security | Identity and Access Control | Logic App should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
-219 | psqlf-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-and-access-logs)
-220 | psqlf-002 | Reliability | Availability Zones | PostgreSQL should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview#architecture-and-high-availability)
-221 | psqlf-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compare-single-server-flexible-server)
-222 | psqlf-004 | Security | Private IP Address | PostgreSQL should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking#private-access-vnet-integration)
-223 | psqlf-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/postgresql/flexible-server/)
-224 | psqlf-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-225 | psqlf-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-226 | psql-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-server-logs#resource-logs)
-227 | psql-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/postgresql/)
-228 | psql-004 | Security | Private Endpoint | PostgreSQL should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-data-access-and-security-private-link)
-229 | psql-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-pricing-tiers)
-230 | psql-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-231 | psql-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-232 | psql-008 | Security | SSL | PostgreSQL should enforce SSL | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security#enforcing-tls-connections)
-233 | psql-009 | Security | TLS | PostgreSQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-tls-configurations)
-234 | redis-001 | Reliability | Diagnostic Logs | Redis should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-monitor-diagnostic-settings)
-235 | redis-002 | Reliability | Availability Zones | Redis should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability)
-236 | redis-003 | Reliability | SLA | Redis should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-237 | redis-004 | Security | Private Endpoint | Redis should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-private-link)
-238 | redis-005 | Reliability | SKU | Redis SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/cache/)
-239 | redis-006 | Operational Excellence | Naming Convention (CAF) | Redis Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-240 | redis-007 | Operational Excellence | Tags | Redis should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-241 | redis-008 | Security | SSL | Redis should not enable non SSL ports | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#access-ports)
-242 | redis-009 | Security | TLS | Redis should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11)
-243 | sb-001 | Reliability | Diagnostic Logs | Service Bus should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus#collection-and-routing)
-244 | sb-002 | Reliability | Availability Zones | Service Bus should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters#availability-zones)
-245 | sb-003 | Reliability | SLA | Service Bus should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/service-bus/)
-246 | sb-004 | Security | Private Endpoint | Service Bus should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/network-security)
-247 | sb-005 | Reliability | SKU | Service Bus SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/service-bus/)
-248 | sb-006 | Operational Excellence | Naming Convention (CAF) | Service Bus Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-249 | sb-007 | Operational Excellence | Tags | Service Bus should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-250 | sb-008 | Security | Identity and Access Control | Service Bus should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas)
-251 | sigr-001 | Reliability | Diagnostic Logs | SignalR should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-diagnostic-logs)
-252 | sigr-002 | Reliability | Availability Zones | SignalR should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/availability-zones)
-253 | sigr-003 | Reliability | SLA | SignalR should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/signalr-service/)
-254 | sigr-004 | Security | Private Endpoint | SignalR should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/howto-private-endpoints)
-255 | sigr-005 | Reliability | SKU | SignalR SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/signalr-service/)
-256 | sigr-006 | Operational Excellence | Naming Convention (CAF) | SignalR Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-257 | sigr-007 | Operational Excellence | Tags | SignalR should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-258 | sql-001 | Reliability | Diagnostic Logs | SQL should have diagnostic settings enabled | Medium | [Learn]()
-259 | sql-004 | Security | Private Endpoint | SQL should have private endpoints enabled | High | [Learn]()
-260 | sql-006 | Operational Excellence | Naming Convention (CAF) | SQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-261 | sql-007 | Operational Excellence | Tags | SQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-262 | sql-008 | Security | TLS | SQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version)
-263 | sqldb-001 | Reliability | Diagnostic Logs | SQL Database should have diagnostic settings enabled | Medium | [Learn]()
-264 | sqldb-002 | Reliability | Availability Zones | SQL Database should have availability zones enabled | High | [Learn]()
-265 | sqldb-003 | Reliability | SLA | SQL Database should have a SLA | High | [Learn]()
-266 | sqldb-005 | Reliability | SKU | SQL Database SKU | High | [Learn](https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-vcore?tabs=azure-portal)
-267 | sqldb-006 | Operational Excellence | Naming Convention (CAF) | SQL Database Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-268 | sqldb-007 | Operational Excellence | Tags | SQL Database should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-269 | traf-001 | Reliability | Diagnostic Logs | Traffic Manager should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-diagnostic-logs)
-270 | traf-002 | Reliability | Availability Zones | Traffic Manager should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/high-availability/reference-architecture-traffic-manager-application-gateway)
-271 | traf-003 | Reliability | SLA | Traffic Manager should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/traffic-manager/)
-272 | traf-006 | Operational Excellence | Naming Convention (CAF) | Traffic Manager Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-273 | traf-007 | Operational Excellence | Tags | Traffic Manager should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-274 | traf-008 | Reliability | Reliability | Traffic Manager should use at least 2 endpoints | High | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-endpoint-types)
-275 | traf-009 | Security | HTTPS Only | Traffic Manager: HTTP endpoints should be monitored using HTTPS | High | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring)
-276 | st-001 | Reliability | Diagnostic Logs | Storage should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage)
-277 | st-002 | Reliability | Availability Zones | Storage should have availability zones enabled | High | [Learn](https://learn.microsoft.com/EN-US/azure/reliability/migrate-storage)
-278 | st-003 | Reliability | SLA | Storage should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/storage/)
-279 | st-004 | Security | Private Endpoint | Storage should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints)
-280 | st-005 | Reliability | SKU | Storage SKU | High | [Learn](https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types)
-281 | st-006 | Operational Excellence | Naming Convention (CAF) | Storage Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-282 | st-007 | Security | HTTPS Only | Storage Account should use HTTPS only | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer)
-283 | st-008 | Operational Excellence | Tags | Storage Account should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-284 | st-009 | Security | TLS | Storage Account should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal)
-285 | vm-001 | Reliability | Diagnostic Logs | Virtual Machine should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install)
-286 | vm-002 | Reliability | Availability Zones | Virtual Machine should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
-287 | vm-003 | Reliability | SLA | Virtual Machine should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-288 | vm-006 | Operational Excellence | Naming Convention (CAF) | Virtual Machine Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-289 | vm-007 | Operational Excellence | Tags | Virtual Machine should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-290 | vm-008 | Reliability | Reliability | Virtual Machine should use managed disks | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
-291 | vm-009 | Reliability | Reliability | Virtual Machine should host application or database data on a data disk | Low | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
-292 | vnet-001 | Reliability | Diagnostic Logs | Virtual Network should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
-293 | vnet-002 | Reliability | Availability Zones | Virtual Network should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
-294 | vnet-006 | Operational Excellence | Naming Convention (CAF) | Virtual Network Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-295 | vnet-007 | Operational Excellence | Tags | Virtual Network should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-296 | vnet-008 | Security | Networking | Virtual Network: All Subnets should have a Network Security Group associated | High | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
-297 | vnet-009 | Reliability | Reliability | Virtual NetworK should have at least two DNS servers assigned | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
-298 | wps-001 | Reliability | Diagnostic Logs | Web Pub Sub should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
-299 | wps-002 | Reliability | Availability Zones | Web Pub Sub should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
-300 | wps-003 | Reliability | SLA | Web Pub Sub should have a SLA | High | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
-301 | wps-004 | Security | Private Endpoint | Web Pub Sub should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
-302 | wps-005 | Reliability | SKU | Web Pub Sub SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
-303 | wps-006 | Operational Excellence | Naming Convention (CAF) | Web Pub Sub Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-304 | wps-007 | Operational Excellence | Tags | Web Pub Sub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+107 | cosmos-008 | Security | Security | CosmosDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#disable-local-auth)
+108 | cosmos-009 | Security | Security | CosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keys | Low | [Learn](https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control#set-via-arm-template)
+109 | cr-001 | Reliability | Diagnostic Logs | ContainerRegistry should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/monitor-service)
+110 | cr-002 | Reliability | Availability Zones | ContainerRegistry should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/zone-redundancy)
+111 | cr-003 | Reliability | SLA | ContainerRegistry should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/container-registry/)
+112 | cr-004 | Security | Private Endpoint | ContainerRegistry should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-private-link)
+113 | cr-005 | Reliability | SKU | ContainerRegistry SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-skus)
+114 | cr-006 | Operational Excellence | Naming Convention (CAF) | ContainerRegistry Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+115 | cr-007 | Security | Identity and Access Control | ContainerRegistry should have anonymous pull access disabled | Medium | [Learn](https://learn.microsoft.com/azure/container-registry/anonymous-pull-access#configure-anonymous-pull-access)
+116 | cr-008 | Security | Identity and Access Control | ContainerRegistry should have the Administrator account disabled | Medium | [Learn](https://learn.microsoft.com/azure/container-registry/container-registry-authentication-managed-identity)
+117 | cr-009 | Operational Excellence | Tags | ContainerRegistry should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+118 | cr-010 | Operational Excellence | Retention Policies | ContainerRegistry should use retention policies | Medium | [Learn](https://learn.microsoft.com/en-us/azure/container-registry/container-registry-retention-policy)
+119 | dec-001 | Reliability | Diagnostic Logs | Azure Data Explorer should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/using-diagnostic-logs)
+120 | dec-002 | Reliability | SLA | Azure Data Explorer SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services)
+121 | dec-003 | Reliability | SKU | Azure Data Explorer Production Cluster should not use Dev SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/manage-cluster-choose-sku)
+122 | dec-004 | Operational Excellence | Naming Convention (CAF) | Azure Data Explorer Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+123 | dec-005 | Operational Excellence | Tags | Azure Data Explorer should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+124 | dec-008 | Security | Disk Encryption | Azure Data Explorer should use Disk Encryption | High | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/cluster-encryption-overview)
+125 | dec-009 | Security | Identity and Access Control | Azure Data Explorer should use Managed Identities | Low | [Learn](https://learn.microsoft.com/en-us/azure/data-explorer/configure-managed-identities-cluster?tabs=portal)
+126 | evgd-001 | Reliability | Diagnostic Logs | Event Grid Domain should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/diagnostic-logs)
+127 | evgd-003 | Reliability | SLA | Event Grid Domain should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/event-grid/)
+128 | evgd-004 | Security | Private Endpoint | Event Grid Domain should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/configure-private-endpoints)
+129 | evgd-005 | Reliability | SKU | Event Grid Domain SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/event-grid/)
+130 | evgd-006 | Operational Excellence | Naming Convention (CAF) | Event Grid Domain Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+131 | evgd-007 | Operational Excellence | Tags | Event Grid Domain should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+132 | evgd-008 | Security | Identity and Access Control | Event Grid Domain should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-grid/authenticate-with-access-keys-shared-access-signatures)
+133 | evh-001 | Reliability | Diagnostic Logs | Event Hub Namespace should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/monitor-event-hubs#collection-and-routing)
+134 | evh-002 | Reliability | Availability Zones | Event Hub Namespace should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-premium-overview#high-availability-with-availability-zones)
+135 | evh-003 | Reliability | SLA | Event Hub Namespace should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/event-hubs/)
+136 | evh-004 | Security | Private Endpoint | Event Hub Namespace should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/network-security)
+137 | evh-005 | Reliability | SKU | Event Hub Namespace SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/compare-tiers)
+138 | evh-006 | Operational Excellence | Naming Convention (CAF) | Event Hub Namespace Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+139 | evh-007 | Operational Excellence | Tags | Event Hub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+140 | evh-008 | Security | Identity and Access Control | Event Hub should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/event-hubs/authorize-access-event-hubs#shared-access-signatures)
+141 | kv-001 | Reliability | Diagnostic Logs | Key Vault should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/monitor-key-vault)
+142 | kv-003 | Reliability | SLA | Key Vault should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/key-vault/)
+143 | kv-004 | Security | Private Endpoint | Key Vault should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/private-link-service)
+144 | kv-005 | Reliability | SKU | Key Vault SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/key-vault/)
+145 | kv-006 | Operational Excellence | Naming Convention (CAF) | Key Vault Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+146 | kv-007 | Operational Excellence | Tags | Key Vault should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+147 | kv-008 | Reliability | Reliability | Key Vault should have soft delete enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview)
+148 | kv-009 | Reliability | Reliability | Key Vault should have purge protection enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/key-vault/general/soft-delete-overview#purge-protection)
+149 | lb-001 | Reliability | Diagnostic Logs | Load Balancer should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/monitor-load-balancer#creating-a-diagnostic-setting)
+150 | lb-002 | Reliability | Availability Zones | Load Balancer should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/load-balancer-standard-availability-zones#zone-redundant)
+151 | lb-003 | Reliability | SLA | Load Balancer should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/skus)
+152 | lb-005 | Reliability | SKU | Load Balancer SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/load-balancer/skus)
+153 | lb-006 | Operational Excellence | Naming Convention (CAF) | Load Balancer Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+154 | lb-007 | Operational Excellence | Tags | Load Balancer should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+155 | logic-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
+156 | logic-003 | Reliability | SLA | Logic App should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+157 | logic-004 | Security | Firewall | Logic App should limit access to Http Triggers | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#restrict-access-by-ip-address-range)
+158 | logic-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+159 | logic-007 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+160 | maria-001 | Reliability | Diagnostic Logs | MariaDB should have diagnostic settings enabled | Medium | [Learn]()
+161 | maria-002 | Security | Private Endpoint | MariaDB should have private endpoints enabled | High | [Learn]()
+162 | maria-003 | Operational Excellence | Naming Convention (CAF) | MariaDB server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+163 | maria-004 | Reliability | SLA | MariaDB server should have a SLA | High | [Learn]()
+164 | maria-005 | Operational Excellence | Tags | MariaDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+165 | maria-006 | Security | TLS | MariaDB should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/mariadb/howto-tls-configurations)
+166 | mysqlf-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-query-performance-insights#set-up-diagnostics)
+167 | mysqlf-002 | Reliability | Availability Zones | Azure Database for MySQL - Flexible Server should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-configure-high-availability-cli)
+168 | mysqlf-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](hhttps://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+169 | mysqlf-004 | Security | Private IP Address | Azure Database for MySQL - Flexible Server should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-manage-virtual-network-cli)
+170 | mysqlf-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-service-tiers-storage)
+171 | mysqlf-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+172 | mysqlf-007 | Operational Excellence | Tags | Azure Database for MySQL - Flexible Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+173 | mysql-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-monitoring#server-logs)
+174 | mysql-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/mysql/)
+175 | mysql-004 | Security | Private Endpoint | Azure Database for MySQL - Flexible Server should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-data-access-security-private-link)
+176 | mysql-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-pricing-tiers)
+177 | mysql-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+178 | mysql-007 | Reliability | SKU | Azure Database for MySQL - Single Server is on the retirement path | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server)
+179 | mysql-008 | Operational Excellence | Tags | Azure Database for MySQL - Single Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+180 | app-001 | Reliability | Diagnostic Logs | App Service should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#send-logs-to-azure-monitor)
+181 | app-004 | Security | Private Endpoint | App Service should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint)
+182 | app-006 | Operational Excellence | Naming Convention (CAF) | App Service Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+183 | app-007 | Security | HTTPS Only | App Service should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+184 | app-008 | Operational Excellence | Tags | App Service should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+185 | app-009 | Security | Networking | App Service should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+186 | app-010 | Security | Networking | App Service should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+187 | app-011 | Security | TLS | App Service should use TLS 1.2 | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
+188 | app-012 | Security | Security | App Service remote debugging should be disabled | High | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
+189 | app-013 | Security | Security | App Service should not allow insecure FTP | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal)
+190 | app-014 | Security | Security | App Service should have Always On enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/configure-common?tabs=portal)
+191 | app-015 | Reliability | Reliability | App Service should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
+192 | app-016 | Security | Identity and Access Control | App Service should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
+193 | asp-001 | Reliability | Diagnostic Logs | Plan should have diagnostic settings enabled | Medium | [Learn]()
+194 | asp-002 | Reliability | Availability Zones | Plan should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service)
+195 | asp-003 | Reliability | SLA | Plan should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/app-service/)
+196 | asp-005 | Reliability | SKU | Plan SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans)
+197 | asp-006 | Operational Excellence | Naming Convention (CAF) | Plan Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+198 | asp-007 | Operational Excellence | Tags | Plan should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+199 | func-001 | Reliability | Diagnostic Logs | Function should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-monitor-log-analytics?tabs=csharp)
+200 | func-004 | Security | Private Endpoint | Function should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet)
+201 | func-006 | Operational Excellence | Naming Convention (CAF) | Function Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+202 | func-007 | Security | HTTPS Only | Function should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+203 | func-008 | Operational Excellence | Tags | Function should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+204 | func-009 | Security | Networking | Function should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+205 | func-010 | Security | Networking | Function should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+206 | func-011 | Security | TLS | Function should use TLS 1.2 | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
+207 | func-012 | Security | Security | Function remote debugging should be disabled | Medium | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
+208 | func-013 | Reliability | Reliability | Function should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
+209 | func-014 | Security | Identity and Access Control | Function should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
+210 | logics-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
+211 | logics-004 | Security | Private Endpoint | Logic App should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint)
+212 | logics-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+213 | logics-007 | Security | HTTPS Only | Logic App should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+214 | logics-008 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+215 | logics-009 | Security | Networking | Logic App should use VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+216 | logics-010 | Security | Networking | Logic App should have VNET Route all enabled for VNET integration | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-vnet-integration)
+217 | logics-011 | Security | TLS | Logic App should use TLS 1.2 | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-tls)
+218 | logics-012 | Security | Security | Logic App remote debugging should be disabled | Medium | [Learn](https://learn.microsoft.com/en-us/visualstudio/debugger/remote-debugging-azure-app-service?view=vs-2022#enable-remote-debugging)
+219 | logics-013 | Reliability | Reliability | Logic App should avoid using Client Affinity | Medium | [Learn](https://learn.microsoft.com/en-us/azure/well-architected/service-guides/azure-app-service/reliability#checklist)
+220 | logics-014 | Security | Identity and Access Control | Logic App should use Managed Identities | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
+221 | psqlf-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-and-access-logs)
+222 | psqlf-002 | Reliability | Availability Zones | PostgreSQL should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview#architecture-and-high-availability)
+223 | psqlf-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compare-single-server-flexible-server)
+224 | psqlf-004 | Security | Private IP Address | PostgreSQL should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking#private-access-vnet-integration)
+225 | psqlf-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/postgresql/flexible-server/)
+226 | psqlf-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+227 | psqlf-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+228 | psql-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-server-logs#resource-logs)
+229 | psql-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/postgresql/)
+230 | psql-004 | Security | Private Endpoint | PostgreSQL should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-data-access-and-security-private-link)
+231 | psql-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-pricing-tiers)
+232 | psql-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+233 | psql-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+234 | psql-008 | Security | SSL | PostgreSQL should enforce SSL | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security#enforcing-tls-connections)
+235 | psql-009 | Security | TLS | PostgreSQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-tls-configurations)
+236 | redis-001 | Reliability | Diagnostic Logs | Redis should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-monitor-diagnostic-settings)
+237 | redis-002 | Reliability | Availability Zones | Redis should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability)
+238 | redis-003 | Reliability | SLA | Redis should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+239 | redis-004 | Security | Private Endpoint | Redis should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-private-link)
+240 | redis-005 | Reliability | SKU | Redis SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/cache/)
+241 | redis-006 | Operational Excellence | Naming Convention (CAF) | Redis Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+242 | redis-007 | Operational Excellence | Tags | Redis should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+243 | redis-008 | Security | SSL | Redis should not enable non SSL ports | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#access-ports)
+244 | redis-009 | Security | TLS | Redis should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11)
+245 | sb-001 | Reliability | Diagnostic Logs | Service Bus should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus#collection-and-routing)
+246 | sb-002 | Reliability | Availability Zones | Service Bus should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters#availability-zones)
+247 | sb-003 | Reliability | SLA | Service Bus should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/service-bus/)
+248 | sb-004 | Security | Private Endpoint | Service Bus should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/network-security)
+249 | sb-005 | Reliability | SKU | Service Bus SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/service-bus/)
+250 | sb-006 | Operational Excellence | Naming Convention (CAF) | Service Bus Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+251 | sb-007 | Operational Excellence | Tags | Service Bus should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+252 | sb-008 | Security | Identity and Access Control | Service Bus should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas)
+253 | sigr-001 | Reliability | Diagnostic Logs | SignalR should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-diagnostic-logs)
+254 | sigr-002 | Reliability | Availability Zones | SignalR should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/availability-zones)
+255 | sigr-003 | Reliability | SLA | SignalR should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/signalr-service/)
+256 | sigr-004 | Security | Private Endpoint | SignalR should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/howto-private-endpoints)
+257 | sigr-005 | Reliability | SKU | SignalR SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/signalr-service/)
+258 | sigr-006 | Operational Excellence | Naming Convention (CAF) | SignalR Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+259 | sigr-007 | Operational Excellence | Tags | SignalR should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+260 | sql-001 | Reliability | Diagnostic Logs | SQL should have diagnostic settings enabled | Medium | [Learn]()
+261 | sql-004 | Security | Private Endpoint | SQL should have private endpoints enabled | High | [Learn]()
+262 | sql-006 | Operational Excellence | Naming Convention (CAF) | SQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+263 | sql-007 | Operational Excellence | Tags | SQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+264 | sql-008 | Security | TLS | SQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version)
+265 | sqldb-001 | Reliability | Diagnostic Logs | SQL Database should have diagnostic settings enabled | Medium | [Learn]()
+266 | sqldb-002 | Reliability | Availability Zones | SQL Database should have availability zones enabled | High | [Learn]()
+267 | sqldb-003 | Reliability | SLA | SQL Database should have a SLA | High | [Learn]()
+268 | sqldb-005 | Reliability | SKU | SQL Database SKU | High | [Learn](https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-vcore?tabs=azure-portal)
+269 | sqldb-006 | Operational Excellence | Naming Convention (CAF) | SQL Database Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+270 | sqldb-007 | Operational Excellence | Tags | SQL Database should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+271 | traf-001 | Reliability | Diagnostic Logs | Traffic Manager should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-diagnostic-logs)
+272 | traf-002 | Reliability | Availability Zones | Traffic Manager should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/high-availability/reference-architecture-traffic-manager-application-gateway)
+273 | traf-003 | Reliability | SLA | Traffic Manager should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/traffic-manager/)
+274 | traf-006 | Operational Excellence | Naming Convention (CAF) | Traffic Manager Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+275 | traf-007 | Operational Excellence | Tags | Traffic Manager should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+276 | traf-008 | Reliability | Reliability | Traffic Manager should use at least 2 endpoints | High | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-endpoint-types)
+277 | traf-009 | Security | HTTPS Only | Traffic Manager: HTTP endpoints should be monitored using HTTPS | High | [Learn](https://learn.microsoft.com/en-us/azure/traffic-manager/traffic-manager-monitoring)
+278 | st-001 | Reliability | Diagnostic Logs | Storage should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage)
+279 | st-002 | Reliability | Availability Zones | Storage should have availability zones enabled | High | [Learn](https://learn.microsoft.com/EN-US/azure/reliability/migrate-storage)
+280 | st-003 | Reliability | SLA | Storage should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/storage/)
+281 | st-004 | Security | Private Endpoint | Storage should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints)
+282 | st-005 | Reliability | SKU | Storage SKU | High | [Learn](https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types)
+283 | st-006 | Operational Excellence | Naming Convention (CAF) | Storage Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+284 | st-007 | Security | HTTPS Only | Storage Account should use HTTPS only | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer)
+285 | st-008 | Operational Excellence | Tags | Storage Account should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+286 | st-009 | Security | TLS | Storage Account should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal)
+287 | vm-001 | Reliability | Diagnostic Logs | Virtual Machine should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install)
+288 | vm-002 | Reliability | Availability Zones | Virtual Machine should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
+289 | vm-003 | Reliability | SLA | Virtual Machine should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+290 | vm-006 | Operational Excellence | Naming Convention (CAF) | Virtual Machine Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+291 | vm-007 | Operational Excellence | Tags | Virtual Machine should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+292 | vm-008 | Reliability | Reliability | Virtual Machine should use managed disks | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
+293 | vm-009 | Reliability | Reliability | Virtual Machine should host application or database data on a data disk | Low | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
+294 | vnet-001 | Reliability | Diagnostic Logs | Virtual Network should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
+295 | vnet-002 | Reliability | Availability Zones | Virtual Network should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
+296 | vnet-006 | Operational Excellence | Naming Convention (CAF) | Virtual Network Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+297 | vnet-007 | Operational Excellence | Tags | Virtual Network should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+298 | vnet-008 | Security | Networking | Virtual Network: All Subnets should have a Network Security Group associated | High | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
+299 | vnet-009 | Reliability | Reliability | Virtual NetworK should have at least two DNS servers assigned | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
+300 | wps-001 | Reliability | Diagnostic Logs | Web Pub Sub should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
+301 | wps-002 | Reliability | Availability Zones | Web Pub Sub should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
+302 | wps-003 | Reliability | SLA | Web Pub Sub should have a SLA | High | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
+303 | wps-004 | Security | Private Endpoint | Web Pub Sub should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
+304 | wps-005 | Reliability | SKU | Web Pub Sub SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
+305 | wps-006 | Operational Excellence | Naming Convention (CAF) | Web Pub Sub Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+306 | wps-007 | Operational Excellence | Tags | Web Pub Sub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
diff --git a/internal/scanners/cosmos/rules.go b/internal/scanners/cosmos/rules.go
index fcf29a35..0990e3d0 100644
--- a/internal/scanners/cosmos/rules.go
+++ b/internal/scanners/cosmos/rules.go
@@ -137,5 +137,31 @@ func (a *CosmosDBScanner) GetRules() map[string]scanners.AzureRule {
 			},
 			Url: "https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json",
 		},
+		"cosmos-008": {
+			Id:          "cosmos-008",
+			Category:    scanners.RulesCategorySecurity,
+			Subcategory: scanners.RulesSubcategorySecurity,
+			Description: "CosmosDB should have local authentication disabled",
+			Severity:    scanners.SeverityHigh,
+			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
+				c := target.(*armcosmos.DatabaseAccountGetResults)
+				localAuth := c.Properties.DisableLocalAuth != nil && *c.Properties.DisableLocalAuth
+				return !localAuth, ""
+			},
+			Url: "https://learn.microsoft.com/en-us/azure/cosmos-db/how-to-setup-rbac#disable-local-auth",
+		},
+		"cosmos-009": {
+			Id:          "cosmos-009",
+			Category:    scanners.RulesCategorySecurity,
+			Subcategory: scanners.RulesSubcategorySecurity,
+			Description: "CosmosDB: disable write operations on metadata resources (databases, containers, throughput) via account keys",
+			Severity:    scanners.SeverityHigh,
+			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
+				c := target.(*armcosmos.DatabaseAccountGetResults)
+				disabled := c.Properties.DisableKeyBasedMetadataWriteAccess != nil && *c.Properties.DisableKeyBasedMetadataWriteAccess
+				return !disabled, ""
+			},
+			Url: "https://learn.microsoft.com/en-us/azure/cosmos-db/role-based-access-control#set-via-arm-template",
+		},
 	}
 }
diff --git a/internal/scanners/cosmos/rules_test.go b/internal/scanners/cosmos/rules_test.go
index 27a84b29..423e7747 100644
--- a/internal/scanners/cosmos/rules_test.go
+++ b/internal/scanners/cosmos/rules_test.go
@@ -175,6 +175,38 @@ func TestCosmosDBScanner_Rules(t *testing.T) {
 				result: "",
 			},
 		},
+		{
+			name: "CosmosDBScanner DisableLocalAuth",
+			fields: fields{
+				rule: "cosmos-008",
+				target: &armcosmos.DatabaseAccountGetResults{
+					Properties: &armcosmos.DatabaseAccountGetProperties{
+						DisableLocalAuth: ref.Of(true),
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: false,
+				result: "",
+			},
+		},
+		{
+			name: "CosmosDBScanner DisableKeyBasedMetadataWriteAccess",
+			fields: fields{
+				rule: "cosmos-009",
+				target: &armcosmos.DatabaseAccountGetResults{
+					Properties: &armcosmos.DatabaseAccountGetProperties{
+						DisableKeyBasedMetadataWriteAccess: ref.Of(true),
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: false,
+				result: "",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {