March 19, 2026, Conformity—Upcoming Rule Updates
Release Date: March 26, 2026
The following rules will be updated to align with the latest industry recommendations.
These updates introduce stricter evaluation criteria, which may result in changes
to your compliance scores. It is recommended that you review the affected rules and
any newly flagged resources ahead of the effective date.
Azure
The following MFA rules are now scored and will affect your compliance scores:
- ActiveDirectory-001: Enable Multi-Factor Authentication for Privileged Users
- ActiveDirectory-002: Enable Multi-Factor Authentication for Non-Privileged Users
The following rules no longer evaluate on Function Apps:
- AppService-008: Check that the Azure App requests incoming client certificates
- AppService-010: Enable App Service Authentication
- AppService-011: Disable Remote Debugging
- AppService-013: Enable Automated Backups
- AppService-015: Enable Always On
- LogicApps-001: Disable Public Network Access to Azure Logic Apps