> ## Documentation Index
> Fetch the complete documentation index at: https://help.dsalta.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Microsoft Azure
> How DSALTA integrates with Microsoft Azure — data collected, setup guide, and automated compliance checks.
## Overview
DSALTA connects to Microsoft Azure using read-only API access to collect compliance evidence automatically. Data syncs every 24 hours and feeds into your Data Library modules.
**Read-only access.** DSALTA never modifies, creates, or deletes resources in your Microsoft Azure environment.
## How to Connect
1. Go to **Integrations** in the DSALTA sidebar.
2. Find **Microsoft Azure** and click **Connect**.
3. Authenticate with admin-level access.
4. Select the scope (accounts, projects, or resources to monitor).
5. DSALTA performs an initial sync (5-15 minutes). Checks activate after sync completes.
## Automated Compliance Checks
Each check below runs automatically every 24 hours. Click any check for step-by-step remediation guidance.
| Check | Description |
| ------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------------------------------------------------------- |
| [Infrastructure entities should be classified](/integrations/azure/infrastructure-entities-should-be-classified) | Checks that all Azure infrastructure entities are classified by criticality. |
| [Azure should be on HTTPS](/integrations/azure/azure-should-be-on-https) | Checks that Azure resources are accessible over HTTPS. |
| [Azure should redirect HTTP to HTTPS](/integrations/azure/azure-should-redirect-http-to-https) | Checks that Azure redirects HTTP traffic to HTTPS. |
| [Azure activity logs should be archived](/integrations/azure/azure-activity-logs-should-be-archived) | Checks that Azure activity logs are archived for audit purposes. |
| [Azure Defender should be enabled](/integrations/azure/azure-defender-should-be-enabled) | Checks that Microsoft Defender for Cloud is enabled on the Azure subscription. |
| [Reported incidents should be closed in Microsoft Defender](/integrations/azure/reported-incidents-should-be-closed-in-microsoft-defender) | Checks that incidents detected in Microsoft Defender are closed and resolved. |
| [Azure flow logs should be captured](/integrations/azure/azure-flow-logs-should-be-captured) | Checks that Azure NSG flow logs are captured. |
| [Azure virtual network flow logs should be captured](/integrations/azure/azure-virtual-network-flow-logs-should-be-captured) | Checks that Azure Virtual Network flow logs are captured. |
| [Azure Cosmos DB should be encrypted](/integrations/azure/azure-cosmos-db-should-be-encrypted) | Checks that Azure Cosmos DB is encrypted at rest. |
| [Azure Cosmos DB backup should be enabled](/integrations/azure/azure-cosmos-db-backup-should-be-enabled) | Checks that Azure Cosmos DB backups are enabled. |
| [Azure Cosmos DB latency should be monitored](/integrations/azure/azure-cosmos-db-latency-should-be-monitored) | Checks that Azure Cosmos DB latency is being monitored. |
| [Azure Cosmos DB should be protected from direct internet traffic](/integrations/azure/azure-cosmos-db-no-public-access) | Checks that Azure Cosmos DB is not directly exposed to the internet. |
| [Azure VMs should be protected from direct internet traffic](/integrations/azure/azure-vms-should-be-protected-from-direct-internet-traffic) | Checks that Azure VMs are not directly exposed to the internet. |
| [Azure SQL databases should be encrypted](/integrations/azure/azure-sql-databases-should-be-encrypted) | Checks that Azure SQL databases are encrypted at rest. |
| [Azure SQL databases should be protected from direct internet traffic](/integrations/azure/azure-sql-no-public-access) | Checks that Azure SQL databases are not directly exposed to the internet. |
| [Azure SQL database backup should be enabled](/integrations/azure/azure-sql-database-backup-should-be-enabled) | Checks that Azure SQL database backups are enabled. |
| [Azure SQL database memory utilization should be monitored](/integrations/azure/azure-sql-database-memory-utilization-should-be-monitored) | Checks that Azure SQL database memory utilization is being monitored. |
| [Azure SQL database CPU utilization should be monitored](/integrations/azure/azure-sql-database-cpu-utilization-should-be-monitored) | Checks that Azure SQL database CPU utilization is being monitored. |
| [Azure SQL database IO utilization should be monitored](/integrations/azure/azure-sql-database-io-utilization-should-be-monitored) | Checks that Azure SQL database I/O utilization is being monitored. |
| [Azure storage accounts should be encrypted](/integrations/azure/azure-storage-accounts-should-be-encrypted) | Checks that Azure storage accounts are encrypted at rest. |
| [Azure storage account public network access should be disabled](/integrations/azure/azure-storage-no-public-network) | Checks that Azure storage account public network access is disabled. |
| [Azure storage account minimum TLS version should be 1.2](/integrations/azure/azure-storage-account-minimum-tls-version-should-be-12) | Checks that Azure storage accounts enforce a minimum TLS version of 1.2. |
| [Azure storage account secure transfer should be enabled](/integrations/azure/azure-storage-account-secure-transfer-should-be-enabled) | Checks that secure transfer (HTTPS) is required for Azure storage accounts. |
| [Azure storage account default network access rule should be set to deny](/integrations/azure/azure-storage-default-deny) | Checks that the default network access rule for Azure storage accounts is set to deny. |
| [Azure storage account cross-tenant replication should not be enabled](/integrations/azure/azure-storage-no-cross-tenant) | Checks that cross-tenant replication is disabled for Azure storage accounts. |
| [Azure storage account anonymous blob access should be disabled](/integrations/azure/azure-storage-no-anon-blob) | Checks that anonymous blob access is disabled on Azure storage accounts. |
| [Azure Web App should use the latest TLS version](/integrations/azure/azure-web-app-should-use-the-latest-tls-version) | Checks that Azure Web Apps are using the latest TLS version. |
| [Azure Web App should redirect HTTP to HTTPS](/integrations/azure/azure-web-app-should-redirect-http-to-https) | Checks that Azure App Service redirects all HTTP traffic to HTTPS. |
| [Azure RBAC Key Vault keys should have expiration dates](/integrations/azure/azure-rbac-key-vault-keys-should-have-expiration-dates) | Checks that expiration dates are set for all keys in RBAC-enabled Azure Key Vaults. |
| [Azure non-RBAC Key Vault keys should have expiration dates](/integrations/azure/azure-non-rbac-key-vault-keys-should-have-expiration-dates) | Checks that expiration dates are set for all keys in non-RBAC Azure Key Vaults. |
| [Azure Key Vault should be recoverable](/integrations/azure/azure-key-vault-should-be-recoverable) | Checks that Azure Key Vaults are configured to be recoverable (soft delete enabled). |
| [Azure VM CPU utilization should be monitored](/integrations/azure/azure-vm-cpu-utilization-should-be-monitored) | Checks that Azure VM CPU utilization is being monitored. |
| [Azure PostgreSQL should enforce SSL connections](/integrations/azure/azure-postgresql-should-enforce-ssl-connections) | Checks that Azure PostgreSQL servers enforce SSL connections. |
| [Azure PostgreSQL should have infrastructure double encryption enabled](/integrations/azure/azure-pg-double-encryption) | Checks that Azure PostgreSQL servers have infrastructure double encryption enabled. |
| [Azure Cache for Redis CPU utilization should be monitored](/integrations/azure/azure-cache-for-redis-cpu-utilization-should-be-monitored) | Checks that Azure Cache for Redis CPU utilization is being monitored. |
| [Azure Cache for Redis freeable memory should be monitored](/integrations/azure/azure-cache-for-redis-freeable-memory-should-be-monitored) | Checks that Azure Cache for Redis freeable memory is being monitored. |
| [Azure Cache for Redis client connections should be monitored](/integrations/azure/azure-cache-for-redis-client-connections-should-be-monitored) | Checks that Azure Cache for Redis client connections are being monitored. |
| [Azure Databricks workspaces should be encrypted](/integrations/azure/azure-databricks-workspaces-should-be-encrypted) | Checks that Azure Databricks workspaces are encrypted at rest. |
| [Azure disks should be encrypted](/integrations/azure/azure-disks-should-be-encrypted) | Checks that Azure managed disks are encrypted at rest. |
| [Azure Load Balancer health probe status should be monitored](/integrations/azure/azure-load-balancer-health-probe-status-should-be-monitored) | Checks that Azure Load Balancer health probe status is being monitored. |
| [Azure Application Gateway healthy host count should be monitored](/integrations/azure/azure-appgw-healthy-host-monitoring) | Checks that Azure Application Gateway healthy host count is being monitored. |
| [Azure Front Door origin health should be monitored](/integrations/azure/azure-front-door-origin-health-should-be-monitored) | Checks that Azure Front Door origin health is being monitored. |
| [Azure AKS node CPU utilization should be monitored](/integrations/azure/azure-aks-node-cpu-utilization-should-be-monitored) | Checks that Azure AKS node CPU utilization is being monitored. |
| [Azure AKS node memory working set usage should be monitored](/integrations/azure/azure-aks-node-memory-working-set-usage-should-be-monitored) | Checks that Azure AKS node memory working set usage is being monitored. |
| [Azure disk backup should be enabled](/integrations/azure/azure-disk-backup-should-be-enabled) | Checks that Azure disk backups are enabled. |
| [Azure Databricks health should be monitored](/integrations/azure/azure-databricks-health-should-be-monitored) | Checks that Azure Databricks cluster health is being monitored. |
| [Azure Databricks CPU utilization should be monitored](/integrations/azure/azure-databricks-cpu-utilization-should-be-monitored) | Checks that Azure Databricks CPU utilization is being monitored. |
| [Azure access should be removed for offboarded users](/integrations/azure/azure-access-should-be-removed-for-offboarded-users) | Checks that Azure access is revoked for offboarded users. |
| [Azure Databricks workspace backup should be enabled](/integrations/azure/azure-databricks-workspace-backup-should-be-enabled) | Checks that Azure Databricks workspace backups are enabled. |
## Troubleshooting
Re-authenticate from **Integrations → Microsoft Azure → Reconnect**. This usually happens when API tokens expire.
Verify the connected account has admin permissions. Try a manual sync from the integration settings.