These are the top recommended policies for most customers.

  1. Enforce resource tagging
  2. Limit allowed locations
  3. Prohibit specific resources deployment (e.g. Public IP addresses)
  4. Require Secure Transfer for Storage Accounts
  5. Block Public Access to Storage Accounts
  6. Block Anonymous access to storage accounts
  7. Configure Cosmos DB accounts to disable public network access
  8. Configure Azure SQL accounts to disable public network access