Views:

November 04, 2025, Conformity: A summary of Trend Cloud One Conformity Updates for the week ending on 31 October 2025.

New Rules
Azure
  • AIServices-014: Check for AI Foundry Instances with [PersonType] Permissions: This rule ensures that your Azure AI Foundry instances are not configured with privileged administrative permissions.
  • AIServices-015: Enable [Organization] Defender for Azure AI Foundry: This rule ensures that Azure Defender for Cloud is enabled for your Azure AI Foundry resources.
  • StorageAccounts-031: Enable Soft Delete for Azure File Shares: This rule ensures that the Soft Delete protection feature is enabled for all your Azure File Shares.
  • Subscriptions-005: Restrict 'User Access Administrator Role Usage: This rule ensures that the use of the 'User Access Administrator' role is limited within your cloud account.
  • AIServices-012: Enable Dynamic Quota: This rule ensures that Dynamic Quota is enabled for your Azure AI Services instances.
  • AIServices-011: Disable Local Authentication in Azure AI Foundry: This rule ensures that local, key-based authentication is disabled for your Azure AI Foundry instances.
  • AIServices-013: Check for Unrestricted Outbound Network Access: This rule ensures that your Azure AI Services (AI Foundry) instances are not configured to allow unrestricted outbound network access in order to prevent data exfiltration and data loss, and unauthorized external communications.
  • AIServices-016: Use Managed Identities: This rule ensures that your Azure AI Services (AI Foundry) instances are using system-assigned and/or user-assigned managed identities.
GCP
  • CloudCDN-004: Configure SSL/TLS certificates for Cloud CDN backend bucket origins: Ensures that Google Cloud CDN backend bucket origins enforce HTTPS using SSL/TLS certificates in order to handle encrypted traffic.
  • VertexAI-012: Configure Private Service Connect Endpoints: Ensures that Private Service Connect (PSC) endpoints are configured for your Vertex AI notebook instances.
  • CloudVPC-022: Check for Unrestricted Redis Access: This rule ensures that [Organization] Cloud VPC network firewall rules do not allow unrestricted access (i.e. [IPAddress]/0) on TCP port 6379.
  • ApiGateway-001: Implement Least Privilege Access using Cloud IAM: This rule ensures that IAM roles with administrative permissions are not assigned to IAM identities (users, groups, and service accounts) managing API Gateway resources.
  • CloudVPC-021: Check for Unrestricted Memcached Access: This rule ensures that [Organization] Cloud VPC network firewall rules do not allow unrestricted access (i.e. [IPAddress]/0) on TCP and/or UDP port 11211.
AWS
  • SageMaker-012: Enable Network Isolation for SageMaker Models: Ensure that network isolation is enabled for your SageMaker models to prevent unauthorized access.
  • SageMaker-010: Enable Data Capture for SageMaker Endpoints: This rule ensures that the Data Capture feature is enabled for your SageMaker endpoints in order to allow your Amazon Sagemaker to store prediction request and response data from your endpoints at a designated location.
  • SageMaker-011: Enable Network Isolation for SageMaker Training Jobs: This rule ensures that network isolation is enabled for your AWS SageMaker training jobs in order to prevent external network access to your training or inference containers.
  • SageMaker-013: Enable Inter-Container Traffic Encryption: This rule ensures that inter-container traffic encryption is enabled for your AWS SageMaker training jobs.