Skip to main content
← All benchmarks
CIS Azure Compute Benchmark

CIS Azure Compute Benchmark, continuously evidenced.

The CIS Microsoft Azure Compute Services Benchmark v2.0.0 defines 99 controls covering Azure Virtual Machines, Virtual Machine Scale Sets, Azure Disk Encryption, Azure Backup, Recovery Services Vaults, and Container Instances. It complements the Azure Foundations Benchmark by drilling into compute-specific configuration. CISGuard scans agentlessly via the Azure Resource Manager API.

CloudAgentlessPro+ tier
Quick Facts

Azure Compute benchmark at a glance.

Benchmark version
v2.0.0
Total controls
99
Scan type
Agentless
Available tier
Pro and above
Category
Cloud
Drift detection
Yes, between every scheduled scan
Coverage

What this benchmark actually covers.

  • Virtual Machine configuration (managed identities, JIT access, disk encryption)
  • Virtual Machine Scale Sets
  • Azure Disk Encryption + Customer Managed Keys
  • Azure Backup + Recovery Services
  • Container Instances
  • Boot Diagnostics + monitoring
Frequently Asked

Azure Compute questions, answered directly.

How does the Azure Compute benchmark differ from Azure Foundations?

Azure Foundations covers the subscription-wide configuration (IAM, logging, monitoring). Azure Compute drills into compute-specific controls: VM configuration, disk encryption, backup, container instances. Most Azure-heavy organizations run both benchmarks for complete coverage.

Does the benchmark cover both Linux and Windows VMs?

Yes. The Azure Compute Benchmark controls apply to both Linux and Windows VMs deployed on Azure. For OS-level hardening of the VM contents themselves, CISGuard applies the corresponding OS benchmark (CIS Windows 11/Server, CIS Ubuntu, CIS RHEL) via agent scanning.

Can CISGuard validate Azure Disk Encryption with customer-managed keys?

Yes. The benchmark requires Azure Disk Encryption to be enabled, ideally with customer-managed keys stored in Azure Key Vault. CISGuard validates the encryption status, key source (Microsoft-managed vs customer-managed), and Key Vault configuration for each VM in scope.

Related Benchmarks

Often deployed together with Azure Compute.

Cloud

Azure Foundations

155 controls · v5.0.0

Read more →
Container & Orchestration

Azure AKS

49 controls · v1.8.0

Read more →
Endpoint

Windows Server 2022

535 controls · v2.0.0

Read more →

Want a Azure Compute scan of your environment?

Our compliance engineers will scope your environment and quote within one business day of an initial briefing.

Request Executive Briefingsales@cisguard.ae →