v1.39.0-B0009

What's changed since v1.38.0:

• New rules:
  • App Service:
    • Verify that app service plans have availability zones configured by @BenjaminEngeset.
      #2964
  • App Service Environment:
    • Verify that app service environments have availability zones configured by @BenjaminEngeset.
      #2964
  • Azure SQL Database:
    • Verify that Azure SQL databases have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2956
  • Azure SQL Managed Instance:
    • Verify that Azure SQL Managed Instances have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2979
  • Service Bus:
    • Verify that service bus namespaces have geo-replication configured by @BenjaminEngeset.
      #2988
• Engineering:
  • Bump xunit to v2.9.0.
    #2982
  • Bump xunit.runner.visualstudio to v2.8.2.
    #2982

See change log.

v1.38.0

What's changed since v1.37.0:

• New features:
  • Added March 2024 baselines Azure.GA_2024_06 and Azure.Preview_2024_06 by @BernieWhite.
    #2961
    • Includes rules released before or during June 2024.
    • Marked Azure.GA_2024_03 and Azure.Preview_2024_03 baselines as obsolete.
• New rules:
  • Azure Database for MySQL:
    • Verify that Azure Database for MySQL servers have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2916
    • Verify that servers have zone-redundant high availability (HA) configured by @BenjaminEngeset.
      #2914
  • Azure Database for PostgreSQL:
    • Verify that Azure Database for PostgreSQL servers have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2927
    • Verify that servers have zone-redundant high availability (HA) configured by @BenjaminEngeset.
      #2932
  • Azure Firewall:
    • Verify that firewalls have availability zones configured by @BenjaminEngeset.
      #2909
  • Azure Kubernetes Service:
    • Added check to automatically upgrade AKS cluster node image by @sharmilamusunuru.
      #2445
  • Azure Virtual Desktop:
    • Added check for scheduled agent updates on host pools by @BernieWhite.
      #2946
  • Cosmos DB:
    • Verify that Cosmos DB accounts have continuous backup configured by @BenjaminEngeset.
      #2954
  • Virtual Network Gateway:
    • Verify that VPN/ExpressRoute gateways have a customer-controlled maintenance configuration configured by @BenjaminEngeset.
      #2910
  • Virtual Machine Scale Sets:
    • Verify that virtual machine scale sets have best-effort zone balance configured by @BenjaminEngeset.
      #2901
    • Verify that virtual machine scale sets have availability zones configured by @BenjaminEngeset.
      #2902
• Updated rules:
  • Azure Kubernetes Service:
    • Updated Azure.AKS.Version to use 1.28.9 as the minimum version by @BernieWhite.
      #2930
  • Virtual Machine:
    • Updated Azure.VM.MaintenanceConfig to align to the reliability pillar by @BernieWhite.
      #2925
      • Promoted to GA and bumped rule set to 2024_06.
• Engineering:
  • Quality updates to rule documentation by @BernieWhite.
    #2570
  • Bump Pester to v5.6.0.
    #2934
  • Bump PSScriptAnalyzer to v1.22.0.
    #2934
• Bug fixes:
  • Fixed handling of multi-line descriptions for policy definition and assignment exports by @BernieWhite.
    #2973
  • Fixed support for references function by @BernieWhite.
    #2922
  • Fixed group by subscription casing when exporting in-flight resources by @BernieWhite.
    #2957
  • Fixed install Az.Resources warning by @BernieWhite.
    #2887
    • Added new configuration option set by environment variable to suppress the warning.
    • Set PSRULE_AZURE_RESOURCE_MODULE_NOWARN to true to suppress the warning.
  • Fixed filter on unknown runtime property by @BernieWhite.
    #2966
  • Fixed failed to expand with direct outputs reference by @BernieWhite.
    #2935
  • Fixed identification of list* function false positive with resource by @BernieWhite.
    #2919
  • Fixed documentation bugs for container apps by @BernieWhite.
    #2876

What's changed since pre-release v1.38.0-B0068:

• No additional changes.

See change log.

v1.38.0-B0106

What's changed since pre-release v1.38.0-B0068:

• New rules:
  • Cosmos DB:
    • Verify that Cosmos DB accounts have continuous backup configured by @BenjaminEngeset.
      #2954
• Bug fixes:
  • Rollback Az.Resources to v6.7.0 by @BernieWhite.
    #2970
  • Fixed handling of multi-line descriptions for policy definition and assignment exports by @BernieWhite.
    #2973

See change log.

v1.38.0-B0068

What's changed since pre-release v1.38.0-B0034:

• New features:
  • Added March 2024 baselines Azure.GA_2024_06 and Azure.Preview_2024_06 by @BernieWhite.
    #2961
    • Includes rules released before or during June 2024.
    • Marked Azure.GA_2024_03 and Azure.Preview_2024_03 baselines as obsolete.
• Engineering:
  • Quality updates to rule documentation by @BernieWhite.
    #2570
• Bug fixes:
  • Fixed support for references function by @BernieWhite.
    #2922
  • Fixed group by subscription casing when exporting in-flight resources by @BernieWhite.
    #2957
  • Fixed install Az.Resources warning by @BernieWhite.
    #2887
    • Added new configuration option set by environment variable to suppress the warning.
    • Set PSRULE_AZURE_RESOURCE_MODULE_NOWARN to true to suppress the warning.
  • Fixed filter on unknown runtime property by @BernieWhite.
    #2966

See change log.

v1.38.0-B0034

What's changed since pre-release v1.38.0-B0011:

• New rules:
  • Azure Kubernetes Service:
    • Added check to automatically upgrade AKS cluster node image by @sharmilamusunuru.
      #2445
  • Azure Virtual Desktop:
    • Added check for scheduled agent updates on host pools by @BernieWhite.
      #2946
  • Virtual Machine Scale Sets:
    • Verify that virtual machine scale sets have best-effort zone balance configured by @BenjaminEngeset.
      #2901
    • Verify that virtual machine scale sets have availability zones configured by @BenjaminEngeset.
      #2902
• Engineering:
  • Quality updates to rule documentation by @BernieWhite.
    #2570
• Bug fixes:
  • Fixed failed to expand with direct outputs reference by @BernieWhite.
    #2935
  • Fixed identification of list* function false positive with resource by @BernieWhite.
    #2919
  • Fixed documentation bugs for container apps by @BernieWhite.
    #2876

See change log.

v1.38.0-B0011

What's changed since v1.37.0:

• New rules:
  • Azure Database for MySQL:
    • Verify that Azure Database for MySQL servers have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2916
    • Verify that servers have zone-redundant high availability (HA) configured by @BenjaminEngeset.
      #2914
  • Azure Database for PostgreSQL:
    • Verify that Azure Database for PostgreSQL servers have a customer-controlled maintenance window configured by @BenjaminEngeset.
      #2927
    • Verify that servers have zone-redundant high availability (HA) configured by @BenjaminEngeset.
      #2932
  • Azure Firewall:
    • Verify that firewalls have availability zones configured by @BenjaminEngeset.
      #2909
  • Virtual Network Gateway:
    • Verify that VPN/ExpressRoute gateways have a customer-controlled maintenance configuration configured by @BenjaminEngeset.
      #2910
• Updated rules:
  • Virtual Machine:
    • Updated Azure.VM.MaintenanceConfig to align to the reliability pillar by @BernieWhite.
      #2925
      • Promoted to GA and bumped rule set to 2024_06.
  • Updated Azure.AKS.Version to use 1.28.9 as the minimum version by @BernieWhite.
    #2930
• Engineering:
  • Bump Pester to v5.6.0.
    #2934
  • Bump Az.Resources to v7.1.0.
    #2934
  • Bump PSScriptAnalyzer to v1.22.0.
    #2934

See change log.

v1.37.0

What's changed since v1.36.0:

• New features:
  • Added support for new Bicep language features introduced in v0.27.1 by @BernieWhite.
    #2860
    #2859
    • Added support for shallowMerge, groupBy, objectKeys, and mapValues.
    • Updated syntax for Bicep lambda usage of map, reduce, and filter which now support indices.
    • Added support for spread operator.
• New rules:
  • App Service:
    • Check that applications uses supported Node.js runtime versions by @BenjaminEngeset.
      #2879
  • Application Gateway:
    • Check that WAF v2 doesn't use legacy WAF configuration by @BenjaminEngeset.
      #2877
  • Azure Cache for Redis:
    • Verify that cache instances have Entra ID authentication enabled by @BenjaminEngeset.
      #2899
  • Azure Managed Grafana:
    • Check that Azure Managed Grafana workspaces uses Grafana version 10 by @BenjaminEngeset.
      #2878
  • Cosmos DB:
    • Check that database accounts use a paid tier by @BernieWhite.
      #2845
    • Check that database accounts have local authentication disabled by @BenjaminEngeset.
      #2846
    • Check that database accounts have public network access disabled by @BenjaminEngeset.
      #2702
  • Event Hub:
    • Check that access to the namespace endpoints is restricted to only allowed sources by @BenjaminEngeset.
      #2701
  • Log Analytics:
    • Check that workspaces have workspace replication enabled by @BenjaminEngeset.
      #2893
  • Virtual Machine Scale Sets:
    • Check that automatic instance repairs are enabled by @BenjaminEngeset.
      #2895
• Updated rules:
  • API Management:
    • Important change: Updated Azure.APIM.AvailabilityZone to improve accuracy with non-premium SKUs by @BenjaminEngeset.
      #2788
      • Removed the If Premium SKU.
      • Added check for Premium SKU.
      • Bumped rule set to 2024_06.
    • Important change: Updated Azure.APIM.MultiRegion to improve accuracy with non-premium SKUs by @BenjaminEngeset.
      #2787
      • Removed the If Premium SKU.
      • Added check for Premium SKU.
      • Bumped rule set to 2024_06.
  • Deployment:
    • Add additional exclusions for Azure.Deployment.SecureParameter by @BernieWhite.
      #2857
• General improvements:
  • Quality updates to documentation by @BernieWhite.
    #2570
  • Updated resource providers and policy aliases.
    #2880
  • Added support for split and concat functions during policy export by @BernieWhite.
    #2851
• Engineering:
  • Bump xunit to v2.8.1.
    #2892
  • Bump xunit.runner.visualstudio to v2.8.1.
    #2891
  • Bump System.Management.Automation to 7.3.12.
    #2868
  • Bump Microsoft.NET.Test.Sdk to v17.10.0.
    #2884
• Bug fixed:
  • Fixed union does not perform deep merge or keep property order by @BernieWhite.
    #2885
  • Fixed dependency ordering for cross scope deployments by @BernieWhite.
    #2850

What's changed since pre-release v1.37.0-B0071:

• No additional changes.

See change log.

v1.37.0-B0071

What's changed since pre-release v1.37.0-B0034:

• New rules:
  • App Service:
    • Check that applications uses supported Node.js runtime versions by @BenjaminEngeset.
      #2879
  • Azure Cache for Redis:
    • Verify that cache instances have Entra ID authentication enabled by @BenjaminEngeset.
      #2899
  • Log Analytics:
    • Check that workspaces have workspace replication enabled by @BenjaminEngeset.
      #2893
  • Virtual Machine Scale Sets:
    • Check that automatic instance repairs are enabled by @BenjaminEngeset.
      #2895
• Updated rules:
  • API Management:
    • Important change: Updated Azure.APIM.MultiRegion to improve accuracy with non-premium SKUs by @BenjaminEngeset.
      #2787
      • Removed the If Premium SKU.
      • Added check for Premium SKU.
      • Bumped rule set to 2024_06
• General improvements:
  • Added support for split and concat functions during policy export by @BernieWhite.
    #2851
• Engineering:
  • Bump xunit to v2.8.1.
    #2892
  • Bump xunit.runner.visualstudio to v2.8.1.
    #2891

See change log.

v1.37.0-B0034

What's changed since pre-release v1.37.0-B0009:

• New features:
  • Added support for new Bicep language features introduced in v0.27.1 by @BernieWhite.
    #2860
    #2859
    • Added support for shallowMerge, groupBy, objectKeys, and mapValues.
    • Updated syntax for Bicep lambda usage of map, reduce, and filter which now support indices.
    • Added support for spread operator.
• New rules:
  • Application Gateway:
    • Check that WAF v2 doesn't use legacy WAF configuration by @BenjaminEngeset.
      #2877
  • Azure Managed Grafana:
    • Check that Azure Managed Grafana workspaces uses Grafana version 10 by @BenjaminEngeset.
      #2878
  • Cosmos DB:
    • Check that database accounts have local authentication disabled by @BenjaminEngeset.
      #2846
    • Check that database accounts have public network access disabled by @BenjaminEngeset.
      #2702
  • Event Hub:
    • Check that access to the namespace endpoints is restricted to only allowed sources by @BenjaminEngeset.
      #2701
• Updated rules:
  • API Management:
    • Important change: Updated Azure.APIM.AvailabilityZone to improve accuracy with non-premium SKUs by @BenjaminEngeset.
      #2788
      • Removed the If Premium SKU.
      • Added check for Premium SKU.
      • Bumped rule set to 2024_06.
• General improvements:
  • Updated resource providers and policy aliases.
    #2880
• Engineering:
  • Bump xunit to v2.8.0.
    #2870
  • Bump xunit.runner.visualstudio to v2.8.0.
    #2871
  • Bump System.Management.Automation to 7.3.12.
    #2868
  • Bump Microsoft.NET.Test.Sdk to v17.10.0.
    #2884
• Bug fixed:
  • Fixed union does not perform deep merge or keep property order by @BernieWhite.
    #2885

See change log.

v1.37.0-B0009

What's changed since v1.36.0:

• New rules:
  • Cosmos DB:
    • Check that database accounts use a paid tier by @BernieWhite.
      #2845
• Updated rules:
  • Deployment:
    • Add additional exclusions for Azure.Deployment.SecureParameter by @BernieWhite.
      #2857
• General improvements:
  • Quality updates to documentation by @BernieWhite.
    #2570
• Bug fixes:
  • Fixed dependency ordering for cross scope deployments by @BernieWhite.
    #2850

See change log.