Azure Virtual Machine instance has administrative privileges over resources

Set up the azure integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

This rule ensures that none of your Virtual Machines have administrative roles with root management group scope attached to them.

Rationale

Administrative Azure role assignments at the root scope have permissions on every Azure resource within a tenant, including all child management groups and subscriptions. This is the widest possible scope and is rarely needed. A role with these privileges could potentially, whether unknowingly or purposefully, cause security issues or data leaks. Roles with these levels of access may also be targeted by an adversary to compromise resources across the entire Azure tenant.

Remediation

Datadog recommends reducing the permissions and scope of a role assignment to the minimum necessary.