Updated documentation to use parent culture #224 (#226)

.azure-pipelines/azure-pipelines.yaml

@@ -100,17 +100,17 @@ stages:
       condition: succeededOrFailed()
 
     # PSRule results
-    # - task: PublishTestResults@2
+    - task: PublishTestResults@2
-    #   displayName: 'Publish PSRule results'
+      displayName: 'Publish PSRule results'
-    #   inputs:
+      inputs:
-    #     testRunTitle: 'PSRule on $(imageName)'
+        testRunTitle: 'PSRule on $(imageName)'
-    #     testRunner: NUnit
+        testRunner: NUnit
-    #     testResultsFiles: 'reports/rule.report.xml'
+        testResultsFiles: 'reports/ps-rule*.xml'
-    #     mergeTestResults: true
+        mergeTestResults: true
-    #     platform: $(imageName)
+        platform: $(imageName)
-    #     configuration: $(buildConfiguration)
+        configuration: $(buildConfiguration)
-    #     publishRunAttachments: true
+        publishRunAttachments: true
-    #   condition: succeededOrFailed()
+      condition: succeededOrFailed()
 
     # Generate Code Coverage report
     - task: Palmmedia.reportgenerator.reportgenerator-build-release-task.reportgenerator@4
@@ -153,11 +153,11 @@ stages:
     steps:
 
     # Download module from build
-    - task: DownloadPipelineArtifact@1
+    - task: DownloadPipelineArtifact@2
       displayName: 'Download module'
       inputs:
-        artifactName: PSRule.Rules.Azure
+        artifact: PSRule.Rules.Azure
-        downloadPath: $(Build.SourcesDirectory)/out/modules/PSRule.Rules.Azure
+        path: $(Build.SourcesDirectory)/out/modules/PSRule.Rules.Azure
 
     # Install pipeline dependencies
     - powershell: ./.azure-pipelines/pipeline-deps.ps1

CHANGELOG.md

@@ -2,6 +2,8 @@
 
 ## Unreleased
 
+- Updated documentation to use parent culture `en`. [#224](https://github.com/BernieWhite/PSRule.Rules.Azure/issues/224)
+
 ## v0.8.0-B1912026 (pre-release)
 
 - Fixed Automation account handling with no webhooks or variables. [#219](https://github.com/BernieWhite/PSRule.Rules.Azure/issues/219)

README.md

@@ -161,9 +161,9 @@ For walk through examples of `PSRule.Rules.Azure` module usage see:
 
 ## Rule reference
 
-The following rules are included in the `PSRule.Rules.Azure` module:
+For a list of rules included in the `PSRule.Rules.Azure` module see:
 
-- [PSRule.Rules.Azure](docs/rules/en-US/Azure.md)
+- [Module rule reference](docs/rules/en/module.md)
 
 ## Language reference
 

RuleHelp.Doc.ps1

@@ -16,7 +16,7 @@ Document 'RuleHelp' {
     }
 
     if (!$annotations.Contains('online version')) {
-        $annotations['online version'] = "https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/$($rule.Name).md";
+        $annotations['online version'] = "https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/$($rule.Name).md";
     }
 
     Metadata $annotations;

RuleToc.Doc.ps1

@@ -1,11 +1,31 @@
 
-Document 'Azure' {
+Document 'module' {
-    Title 'Azure rules'
+    Title 'Module rule reference'
 
     Import-Module .\out\modules\PSRule.Rules.Azure
-    Get-PSRule -Module PSRule.Rules.Azure -WarningAction SilentlyContinue | Table -Property @{ Name = 'RuleName'; Expression = {
+    $rules = Get-PSRule -Module PSRule.Rules.Azure -Baseline Azure.All -WarningAction SilentlyContinue |
-        "[$($_.RuleName)]($($_.RuleName).md)"
+        Add-Member -MemberType ScriptProperty -Name Category -Value { $this.Info.Annotations.category } -PassThru |
-    }}, Description, @{ Name = 'Category'; Expression = {
+        Sort-Object -Property Category;
-        $_.Info.Annotations.category
+
-    }}
+    Section 'Baselines' {
+        # 'The following baselines are included within `PSRule.Rules.Azure`.'
+    }
+
+    Section 'Rules' {
+        'The following rules are included within `PSRule.Rules.Azure`.'
+
+        $categories = $rules | Group-Object -Property Category;
+
+        foreach ($category in $categories) {
+            Section "$($category.Name)" {
+                $category.Group |
+                    Sort-Object -Property RuleName |
+                    Table -Property @{ Name = 'Name'; Expression = {
+                        "[$($_.RuleName)]($($_.RuleName).md)"
+                    }}, Synopsis, @{ Name = 'Severity'; Expression = {
+                        $_.Info.Annotations.severity
+                    }}
+            }
+        }
+    }
 }

docs/rules/en/Azure.ACR.AdminUser.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.ACR.AdminUser.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.ACR.AdminUser.md
 ms-content-id: bbf194a7-6ca3-4b1d-9170-6217eb26620d
 ---
 

docs/rules/en/Azure.ACR.MinSku.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.ACR.MinSku.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.ACR.MinSku.md
 ms-content-id: a70d16d4-3717-4eef-b588-8a0204860d6e
 ---
 

docs/rules/en/Azure.AKS.MinNodeCount.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.MinNodeCount.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.MinNodeCount.md
 ms-content-id: 320afea5-5c19-45ad-b9a5-c1a63ae6e114
 ---
 

docs/rules/en/Azure.AKS.NetworkPolicy.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.NetworkPolicy.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.NetworkPolicy.md
 ---
 
 # AKS clusters use Azure Network Policies

docs/rules/en/Azure.AKS.PodSecurityPolicy.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.PodSecurityPolicy.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.PodSecurityPolicy.md
 ---
 
 # AKS cluster use Pod Security Policies

docs/rules/en/Azure.AKS.PoolScaleSet.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Scalability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.PoolScaleSet.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.PoolScaleSet.md
 ---
 
 # AKS clusters use VM scale sets

docs/rules/en/Azure.AKS.PoolVersion.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.PoolVersion.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.PoolVersion.md
 ---
 
 # Upgrade AKS node pool version

docs/rules/en/Azure.AKS.UseRBAC.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.UseRBAC.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.UseRBAC.md
 ms-content-id: 61ff3a23-9bfd-4e91-8959-798b43237775
 ---
 

docs/rules/en/Azure.AKS.Version.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AKS.Version.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AKS.Version.md
 ms-content-id: b0bd4e66-af2f-4d0a-82ae-e4738418bb7e
 ---
 

docs/rules/en/Azure.AppService.ARRAffinity.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AppService.ARRAffinity.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AppService.ARRAffinity.md
 ms-content-id: 3f07def6-6e5e-4f87-8b5d-3a0baf6631e5
 ---
 

docs/rules/en/Azure.AppService.MinPlan.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AppService.MinPlan.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AppService.MinPlan.md
 ms-content-id: 97b58cfa-7b7e-4630-ac13-4596defe1795
 ---
 

docs/rules/en/Azure.AppService.MinTLS.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AppService.MinTLS.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AppService.MinTLS.md
 ms-content-id: e19fbe7e-da05-47d4-8de1-2fdf52ada662
 ---
 

docs/rules/en/Azure.AppService.PlanInstanceCount.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AppService.PlanInstanceCount.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AppService.PlanInstanceCount.md
 ms-content-id: 6f3eff05-1bd0-4c82-a5a5-573fc8e0beda
 ---
 

docs/rules/en/Azure.AppService.UseHTTPS.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.AppService.UseHTTPS.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.AppService.UseHTTPS.md
 ms-content-id: b26053bc-db4a-487a-8fb1-11c438c8d493
 ---
 

docs/rules/en/Azure.Automation.EncryptVariables.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Automation.EncryptVariables.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Automation.EncryptVariables.md
 ms-content-id: 3c74b891-bf52-44a8-8b71-f7219f83c2ce
 ---
 

docs/rules/en/Azure.Automation.WebHookExpiry.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Automation.WebHookExpiry.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Automation.WebHookExpiry.md
 ms-content-id: 7b8aa617-6278-42e4-b8ae-d9da6e3d8ade
 ---
 

docs/rules/en/Azure.DataFactory.Version.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.DataFactory.Version.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.DataFactory.Version.md
 ---
 
 # Azure.DataFactory.Version

docs/rules/en/Azure.MySQL.AllowAzureAccess.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.MySQL.AllowAzureAccess.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.MySQL.AllowAzureAccess.md
 ms-content-id: 8a159312-1dcd-4c64-91a8-4dd17f97efdb
 ---
 

docs/rules/en/Azure.MySQL.FirewallIPRange.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.MySQL.FirewallIPRange.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.MySQL.FirewallIPRange.md
 ms-content-id: d8bf9741-541c-4229-86cb-2e2dad32d9a9
 ---
 

docs/rules/en/Azure.MySQL.FirewallRuleCount.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.MySQL.FirewallRuleCount.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.MySQL.FirewallRuleCount.md
 ms-content-id: 9debdffb-0da1-4b8d-8a17-3f480f1015ec
 ---
 

docs/rules/en/Azure.MySQL.UseSSL.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.MySQL.UseSSL.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.MySQL.UseSSL.md
 ms-content-id: 2569c452-b0d4-45ca-a6df-72ff7e911be3
 ---
 

docs/rules/en/Azure.PostgreSQL.AllowAzureAccess.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.PostgreSQL.AllowAzureAccess.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.PostgreSQL.AllowAzureAccess.md
 ms-content-id: 07659a25-0a40-4979-99cd-cae83a5e3145
 ---
 

docs/rules/en/Azure.PostgreSQL.FirewallIPRange.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.PostgreSQL.FirewallIPRange.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.PostgreSQL.FirewallIPRange.md
 ms-content-id: fc3b5764-5b4a-4915-9311-75ec6a0d0d55
 ---
 

docs/rules/en/Azure.PostgreSQL.FirewallRuleCount.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.PostgreSQL.FirewallRuleCount.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.PostgreSQL.FirewallRuleCount.md
 ms-content-id: 7113d8e6-5629-4505-a19b-9c1ff9e17a3b
 ---
 

docs/rules/en/Azure.PostgreSQL.UseSSL.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.PostgreSQL.UseSSL.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.PostgreSQL.UseSSL.md
 ms-content-id: 80d34e65-8ab5-4cf3-a0dd-3b5e56e06f40
 ---
 

docs/rules/en/Azure.PublicIP.IsAttached.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.PublicIP.IsAttached.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.PublicIP.IsAttached.md
 ms-content-id: 9222ec9f-7eea-4301-bee6-3022c9008874
 ---
 

docs/rules/en/Azure.RBAC.CoAdministrator.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.RBAC.CoAdministrator.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.RBAC.CoAdministrator.md
 ---
 
 # Use role-based access control

docs/rules/en/Azure.RBAC.LimitMGDelegation.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.RBAC.LimitMGDelegation.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.RBAC.LimitMGDelegation.md
 ms-content-id: 0f0a1cc8-9528-46b7-8f31-b9fe76cc0d66
 ---
 

docs/rules/en/Azure.RBAC.LimitOwner.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.RBAC.LimitOwner.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.RBAC.LimitOwner.md
 ms-content-id: 43075204-e28b-46a0-90a0-ea5c3b74e9ab
 ---
 
@@ -13,9 +13,11 @@ Limit the number of subscription Owners.
 
 ## DESCRIPTION
 
-Azure provides a flexible delegation model using Role-Base Access Control (RBAC) that allows administrators to grant fine grained permissions using roles to Azure resources. Over 100 built-in roles exist, and custom roles can be created to perform specific tasks. Permissions can be scoped to management group, subscription, resource group or individual resources.
+Azure provides a flexible delegation model using Role-Base Access Control (RBAC) that allows administrators to grant fine grained permissions using roles to Azure resources. Over 100 built-in roles exist, and custom roles can be created to perform specific tasks.
+Permissions can be scoped to management group, subscription, resource group or individual resources.
 
-The Owner role provides the ability to create, delete, update and configure permissions for any resource. When assigned at the subscription scope, these permissions apply to the whole subscription and all resources in the subscription.
+The Owner role provides the ability to create, delete, update and configure permissions for any resource.
+When assigned at the subscription scope, these permissions apply to the whole subscription and all resources in the subscription.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.RBAC.UseGroups.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.RBAC.UseGroups.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.RBAC.UseGroups.md
 ms-content-id: 818cc242-5912-44b6-b3dc-461822079522
 ---
 

docs/rules/en/Azure.RBAC.UseRGDelegation.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.RBAC.UseRGDelegation.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.RBAC.UseRGDelegation.md
 ms-content-id: b31d32cc-1e9f-4ab8-93ab-1cd98354ad15
 ---
 
@@ -13,7 +13,8 @@ Use RBAC assignments on resource groups instead of individual resources.
 
 ## DESCRIPTION
 
-Azure provides a flexible delegation model using RBAC that allows administrators to grant fine grained permissions using roles to Azure resources. Permissions can be scoped to management group, subscription, resource group or individual resources.
+Azure provides a flexible delegation model using RBAC that allows administrators to grant fine grained permissions using roles to Azure resources.
+Permissions can be scoped to management group, subscription, resource group or individual resources.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.Redis.MinTLS.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Redis.MinTLS.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Redis.MinTLS.md
 ms-content-id: 31240bca-b04f-4267-9c31-cfca4e91cfbf
 ---
 

docs/rules/en/Azure.Redis.NonSslPort.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Redis.NonSslPort.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Redis.NonSslPort.md
 ms-content-id: cf433410-8a30-4b74-b046-0b8c7c708368
 ---
 
@@ -13,7 +13,8 @@ Redis Cache should only accept secure connections.
 
 ## DESCRIPTION
 
-Azure Redis Cache is configured to accept unencrypted connections using a non-SSL port. Unencrypted connections are disabled by default.
+Azure Redis Cache is configured to accept unencrypted connections using a non-SSL port.
+Unencrypted connections are disabled by default.
 
 Unencrypted communication to Redis Cache could allow disclosure of information to an untrusted party.
 
@@ -21,7 +22,8 @@ Unencrypted communication to Redis Cache could allow disclosure of information t
 
 Azure Redis Cache should be configured to only accept secure connections.
 
-When the non-SSL port is enabled, encrypted and unencrypted connections are permitted. To prevent unencrypted connections, disable the non-SSL port.
+When the non-SSL port is enabled, encrypted and unencrypted connections are permitted.
+To prevent unencrypted connections, disable the non-SSL port.
 
 Unless explicitly required, consider disabling the non-SSL port.
 

docs/rules/en/Azure.Resource.AllowedRegions.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Resource.AllowedRegions.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Resource.AllowedRegions.md
 ---
 
 # Azure.Resource.AllowedRegions

docs/rules/en/Azure.Resource.UseTags.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Resource.UseTags.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Resource.UseTags.md
 ms-content-id: d8480c0d-e41c-441a-9b03-0dc9c340c149
 ---
 

docs/rules/en/Azure.SQL.AllowAzureAccess.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SQL.AllowAzureAccess.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SQL.AllowAzureAccess.md
 ms-content-id: 30a551f6-54e0-4e51-b068-f9695d891a89
 ---
 
@@ -13,11 +13,13 @@ Determine if access from Azure services is required.
 
 ## DESCRIPTION
 
-Allow access to Azure services, permits any Azure service including other Azure customers, network based access to databases on the same logical SQL Server. Network access can also be allowed/ blocked on individual databases, which takes precedence over this option.
+Allow access to Azure services, permits any Azure service including other Azure customers, network based access to databases on the same logical SQL Server.
+Network access can also be allowed/ blocked on individual databases, which takes precedence over this option.
 
 If network based access is permitted, authentication is still required.
 
-Enabling access from Azure Services is useful in certain cases for on demand PaaS workloads where configuring a stable IP address is not possible. For example Azure Functions, Container Instances and Logic Apps.
+Enabling access from Azure Services is useful in certain cases for on demand PaaS workloads where configuring a stable IP address is not possible.
+For example Azure Functions, Container Instances and Logic Apps.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.SQL.Auditing.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SQL.Auditing.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SQL.Auditing.md
 ms-content-id: d6084913-9ff9-40b6-a65b-30fcd4d49251
 ---
 

docs/rules/en/Azure.SQL.FirewallIPRange.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SQL.FirewallIPRange.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SQL.FirewallIPRange.md
 ms-content-id: a25b1927-f04c-4a6a-8a3d-42d59d4722ff
 ---
 
@@ -17,4 +17,5 @@ Typically the number of IP address rules permitted through the firewall is minim
 
 ## RECOMMENDATION
 
-SQL Server has greater then ten (10) public IP addresses that are permitted network access. Some rules may not be needed or can be reduced.
+SQL Server has greater then ten (10) public IP addresses that are permitted network access.
+Some rules may not be needed or can be reduced.

docs/rules/en/Azure.SQL.FirewallRuleCount.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SQL.FirewallRuleCount.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SQL.FirewallRuleCount.md
 ms-content-id: b877a8ba-bc56-4bfe-9674-4b52b75cd13b
 ---
 

docs/rules/en/Azure.SQL.ThreatDetection.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SQL.ThreatDetection.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SQL.ThreatDetection.md
 ms-content-id: 720e560d-4ad3-41ca-93dd-69c5783b9dbe
 ---
 

docs/rules/en/Azure.SecurityCenter.Contact.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SecurityCenter.Contact.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SecurityCenter.Contact.md
 ms-content-id: 18fcf75f-a5e6-4a34-baba-74bd49502cd7
 ---
 

docs/rules/en/Azure.SecurityCenter.Provisioning.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security operations
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.SecurityCenter.Provisioning.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.SecurityCenter.Provisioning.md
 ms-content-id: 966390bc-0358-43dd-8b5f-6b0ae2b16edd
 ---
 

docs/rules/en/Azure.Storage.SecureTransferRequired.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Storage.SecureTransferRequired.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Storage.SecureTransferRequired.md
 ms-content-id: 539cb7b9-5510-4aa3-b422-41a049a10a88
 ---
 

docs/rules/en/Azure.Storage.SoftDelete.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Data recovery
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Storage.SoftDelete.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Storage.SoftDelete.md
 ms-content-id: 9927b427-e694-4485-9abf-61545e63956e
 ---
 

docs/rules/en/Azure.Storage.UseEncryption.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Storage.UseEncryption.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Storage.UseEncryption.md
 ms-content-id: 595c6ca0-1464-4e53-a692-6cf3c2f91cd5
 ---
 

docs/rules/en/Azure.Storage.UseReplication.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.Storage.UseReplication.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.Storage.UseReplication.md
 ---
 
 # Azure.Storage.UseReplication

docs/rules/en/Azure.VM.ADE.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.ADE.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.ADE.md
 ---
 
 # Use Azure Disk Encryption

docs/rules/en/Azure.VM.ASAlignment.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.ASAlignment.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.ASAlignment.md
 ms-content-id: 28583693-11e4-4a16-b864-8caa6e408162
 ---
 

docs/rules/en/Azure.VM.ASMinMembers.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.ASMinMembers.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.ASMinMembers.md
 ms-content-id: 0e9b75e5-2a63-4bea-afeb-2807e6f9d5a0
 ---
 

docs/rules/en/Azure.VM.AcceleratedNetworking.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance optimisation
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.AcceleratedNetworking.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.AcceleratedNetworking.md
 ms-content-id: c2b60867-f911-45d6-8d9a-a22bf0a7e729
 ---
 

docs/rules/en/Azure.VM.Agent.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.Agent.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.Agent.md
 ms-content-id: e4f6f6e7-593c-4507-811d-778ee8ec9ac4
 ---
 
@@ -15,7 +15,8 @@ Ensure the VM agent is provisioned automatically.
 
 The virtual machine (VM) agent is required for most functionality that interacts with the guest operating system.
 
-VM extensions help reduce management overhead by providing an entry point to bootstrap monitoring and configuration of the guest operating system. The VM agent is required to use any VM extensions.
+VM extensions help reduce management overhead by providing an entry point to bootstrap monitoring and configuration of the guest operating system.
+The VM agent is required to use any VM extensions.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.VM.BasicSku.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.BasicSku.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.BasicSku.md
 ms-content-id: 49cef14e-19f0-4a54-be14-7c27a0347b4c
 ---
 
@@ -13,10 +13,12 @@ Virtual machines (VMs) should not use Basic sizes.
 
 ## DESCRIPTION
 
-VMs can be deployed in Basic or Standard sizes. Basic VM sizes are suitable only for entry level development scenarios.
+VMs can be deployed in Basic or Standard sizes.
+Basic VM sizes are suitable only for entry level development scenarios.
 
 ## RECOMMENDATION
 
-Basic VM sizes are not suitable for production workloads or intensive development workloads. Consider migration to an alternative Standard VM size.
+Basic VM sizes are not suitable for production workloads or intensive development workloads.
+Consider migration to an alternative Standard VM size.
 
 For more information see [Sizes for Windows virtual machines in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/windows/sizes) and [Sizes for Linux virtual machines in Azure](https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sizes).

docs/rules/en/Azure.VM.DiskAttached.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Cost management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.DiskAttached.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.DiskAttached.md
 ms-content-id: 23a06a0e-7965-4d43-8e29-bb9ac6eeffcc
 ---
 
@@ -13,7 +13,8 @@ Managed disks should be attached to virtual machines.
 
 ## DESCRIPTION
 
-Unattached managed disks are charged but not in use. Unattached managed disks still consume storage and are charged on their size.
+Unattached managed disks are charged but not in use.
+Unattached managed disks still consume storage and are charged on their size.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.VM.DiskCaching.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.DiskCaching.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.DiskCaching.md
 ms-content-id: d28da16e-4639-466f-95e5-4ab6bf61aec7
 ---
 

docs/rules/en/Azure.VM.DiskSizeAlignment.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Cost management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.DiskSizeAlignment.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.DiskSizeAlignment.md
 ---
 
 # Azure.VirtualMachine.DiskSizeAlignment

docs/rules/en/Azure.VM.PromoSku.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Cost management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.PromoSku.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.PromoSku.md
 ---
 
 # Azure.VirtualMachine.PromoSku
@@ -12,12 +12,15 @@ Virtual machines (VMs) should not use expired promotional SKU.
 
 ## DESCRIPTION
 
-Some VM sizes may offer promotional rates that can be used by deploying VMs with a designated SKU. Promotional rates expire, and while this does not cause interruption to running VMs, the rate that VMs are billed at returns to the original price.
+Some VM sizes may offer promotional rates that can be used by deploying VMs with a designated SKU.
+Promotional rates expire, and while this does not cause interruption to running VMs, the rate that VMs are billed at returns to the original price.
 
-Promo SKUs are not eligible for savings from reserved instances. Expired promo SKUs may confuse billing reconciliation when the promotional period expires.
+Promo SKUs are not eligible for savings from reserved instances.
+Expired promo SKUs may confuse billing reconciliation when the promotional period expires.
 
 VMs should not use expired promo SKU.
 
 ## RECOMMENDATION
 
-Consider moving from promotional SKUs to SKUs eligible for reserved instances for VMs with an extended life cycle. Consider moving from promotional SKUs to the regular SKU once the promotional period has expired.
+Consider moving from promotional SKUs to SKUs eligible for reserved instances for VMs with an extended life cycle.
+Consider moving from promotional SKUs to the regular SKU once the promotional period has expired.

docs/rules/en/Azure.VM.PublicKey.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.PublicKey.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.PublicKey.md
 ---
 
 # Use public keys for Linux

docs/rules/en/Azure.VM.Standalone.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.Standalone.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.Standalone.md
 ---
 
 # Azure.VirtualMachine.Standalone

docs/rules/en/Azure.VM.UniqueDns.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.UniqueDns.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.UniqueDns.md
 ---
 
 # NICs with custom DNS settings
@@ -12,7 +12,8 @@ Network interfaces (NICs) should inherit DNS from virtual networks.
 
 ## DESCRIPTION
 
-By default Virtual machine (VM) NICs automatically use a DNS configuration inherited from the virtual network they connect to. Optionally, DNS servers can be overridden on a per NIC basis with a custom configuration.
+By default Virtual machine (VM) NICs automatically use a DNS configuration inherited from the virtual network they connect to.
+Optionally, DNS servers can be overridden on a per NIC basis with a custom configuration.
 
 Using network interfaces with individual DNS server settings may increase management overhead and complexity.
 

docs/rules/en/Azure.VM.Updates.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.Updates.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.Updates.md
 ms-content-id: 8781c21b-4e6a-47fe-860d-d2191f0304ae
 ---
 
@@ -13,7 +13,8 @@ Ensure automatic updates are enabled at deployment.
 
 ## DESCRIPTION
 
-Window virtual machines (VMs) have automatic updates turned on at deployment time by default. The option can be enabled/ disabled at deployment time or updated for VM scale sets.
+Window virtual machines (VMs) have automatic updates turned on at deployment time by default.
+The option can be enabled/ disabled at deployment time or updated for VM scale sets.
 
 Enabling this option does not prevent automatic updates being disabled or reconfigured within the operating system after deployment.
 

docs/rules/en/Azure.VM.UseHybridUseBenefit.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Cost management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.UseHybridUseBenefit.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.UseHybridUseBenefit.md
 ---
 
 # Use Hybrid Use Benefit

docs/rules/en/Azure.VM.UseManagedDisks.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VM.UseManagedDisks.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VM.UseManagedDisks.md
 ---
 
 # Use Managed Disks

docs/rules/en/Azure.VirtualNetwork.AppGwMinInstance.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwMinInstance.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwMinInstance.md
 ---
 
 # Use two or more Application Gateway instances

docs/rules/en/Azure.VirtualNetwork.AppGwMinSku.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Performance
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwMinSku.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwMinSku.md
 ---
 
 # Use production Application Gateway SKU

docs/rules/en/Azure.VirtualNetwork.AppGwOWASP.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwOWASP.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwOWASP.md
 ---
 
 # Azure.VirtualNetwork.AppGwOWASP

docs/rules/en/Azure.VirtualNetwork.AppGwPrevention.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwPrevention.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwPrevention.md
 ---
 
 # Azure.VirtualNetwork.AppGwPrevention

docs/rules/en/Azure.VirtualNetwork.AppGwSSLPolicy.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwSSLPolicy.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwSSLPolicy.md
 ---
 
 # Azure.VirtualNetwork.AppGwSSLPolicy

docs/rules/en/Azure.VirtualNetwork.AppGwUseWAF.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwUseWAF.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwUseWAF.md
 ---
 
 # Azure.VirtualNetwork.AppGwUseWAF

docs/rules/en/Azure.VirtualNetwork.AppGwWAFEnabled.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwWAFEnabled.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwWAFEnabled.md
 ---
 
 # Azure.VirtualNetwork.AppGwWAFEnabled

docs/rules/en/Azure.VirtualNetwork.AppGwWAFRules.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.AppGwWAFRules.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.AppGwWAFRules.md
 ---
 
 # Azure.VirtualNetwork.AppGwWAFRules
@@ -12,7 +12,8 @@ Application Gateway Web Application Firewall (WAF) should have all rules enabled
 
 ## DESCRIPTION
 
-Application Gateway instances with WAF allow OWASP detection/ prevention rules to be toggled on or off. All OWASP rules are turned on by default.
+Application Gateway instances with WAF allow OWASP detection/ prevention rules to be toggled on or off.
+All OWASP rules are turned on by default.
 
 When OWASP rules are turned off, the protection they provide is disabled.
 
@@ -20,4 +21,5 @@ When OWASP rules are turned off, the protection they provide is disabled.
 
 Consider enabling all OWASP rules within Application Gateway instances.
 
-Before disabling OWASP rules, ensure that the backend workload has alternative protections in-place. Alternatively consider updating application code to use safe web standards.
+Before disabling OWASP rules, ensure that the backend workload has alternative protections in-place.
+Alternatively consider updating application code to use safe web standards.

docs/rules/en/Azure.VirtualNetwork.LBProbe.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Resiliency
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.LBProbe.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.LBProbe.md
 ---
 
 # Use specific load balancer probe

docs/rules/en/Azure.VirtualNetwork.LateralTraversal.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.LateralTraversal.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.LateralTraversal.md
 ---
 
 # Limit lateral traversal
@@ -16,7 +16,8 @@ Network Security Groups (NSGs) allow virtual machines to be segmented from each
 
 This micro-segmentation approach provides a control to reduce lateral movement between hosts within Azure, a virtual network or an individual subnet.
 
-Typically, a subset of trusted hosts such as privileged access workstations, bastion hosts or jump boxes will be used for management. Management protocols originating from application workload hosts should be blocked.
+Typically, a subset of trusted hosts such as privileged access workstations, bastion hosts or jump boxes will be used for management.
+Management protocols originating from application workload hosts should be blocked.
 
 ## RECOMMENDATION
 

docs/rules/en/Azure.VirtualNetwork.LocalDNS.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.LocalDNS.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.LocalDNS.md
 ---
 
 # Azure.VirtualNetwork.LocalDNS
@@ -14,10 +14,12 @@ Virtual networks (VNETs) should use Azure local DNS servers.
 
 Virtual networks allow one or more custom DNS servers to be specified that are inherited by connected services such as virtual machines.
 
-When configuring custom DNS server IP addresses, these servers must be accessible for name resolution to occur. Connectivity between services may be impacted if DNS server IP addresses are temporarily or permanently unavailable.
+When configuring custom DNS server IP addresses, these servers must be accessible for name resolution to occur.
+Connectivity between services may be impacted if DNS server IP addresses are temporarily or permanently unavailable.
 
 ## RECOMMENDATION
 
 Consider deploying redundant DNS services within a connected Azure VNET.
 
-Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs. Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure.
+Where possibly consider deploying Azure Private DNS Zones, a platform-as-a-service (PaaS) DNS service for VNETs.
+Alternatively consider deploying redundant virtual machines (VMs) or network virtual appliances (NVA) to host DNS within Azure.

docs/rules/en/Azure.VirtualNetwork.NICAttached.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.NICAttached.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.NICAttached.md
 ---
 
 # Attach NIC or clean up
@@ -12,8 +12,10 @@ Network interfaces (NICs) should be attached.
 
 ## DESCRIPTION
 
-NICs are deployed as resources separate from virtual machines. NICs that are not attached to a virtual machine perform no purpose.
+NICs are deployed as resources separate from virtual machines.
+NICs that are not attached to a virtual machine perform no purpose.
 
 ## RECOMMENDATION
 
-Consider cleaning up NICs that are not required to reduce management complexity. Also consider using Resource Groups to help manage the lifecycle of related resources together.
+Consider cleaning up NICs that are not required to reduce management complexity.
+Also consider using Resource Groups to help manage the lifecycle of related resources together.

docs/rules/en/Azure.VirtualNetwork.NSGAnyInboundSource.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.NSGAnyInboundSource.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.NSGAnyInboundSource.md
 ---
 
 # Azure.VirtualNetwork.NSGAnyInboundSource

docs/rules/en/Azure.VirtualNetwork.NSGAssociated.md

@@ -1,7 +1,7 @@
 ---
 severity: Awareness
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.NSGAssociated.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.NSGAssociated.md
 ---
 
 # Associate NSGs or clean up
@@ -12,8 +12,10 @@ Network Security Groups (NSGs) should be associated.
 
 ## DESCRIPTION
 
-NSGs basic stateful firewalls that are deployed as separate resources and can be associated to network interfaces or subnets. NSGs that are not associated with a network interface or subnet perform no purpose.
+NSGs basic stateful firewalls that are deployed as separate resources and can be associated to network interfaces or subnets.
+NSGs that are not associated with a network interface or subnet perform no purpose.
 
 ## RECOMMENDATION
 
-Consider cleaning up NSGs that are not required to reduce management complexity. Also consider using Resource Groups to help manage the lifecycle of related resources together.
+Consider cleaning up NSGs that are not required to reduce management complexity.
+Also consider using Resource Groups to help manage the lifecycle of related resources together.

docs/rules/en/Azure.VirtualNetwork.NSGDenyAllInbound.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.NSGDenyAllInbound.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.NSGDenyAllInbound.md
 ---
 
 # Avoid denying all inbound traffic
@@ -16,10 +16,12 @@ Network Security Groups can be configured to block all network traffic inbound t
 
 Blocking all inbound traffic into a virtual machine will fail load balancer health probes and other required traffic.
 
-Inbound network traffic can be whitelisted by including allow rules above deny all inbound rule by specifying a lower priority number. Rules with a lower priority number will be process first.
+Inbound network traffic can be whitelisted by including allow rules above deny all inbound rule by specifying a lower priority number.
+Rules with a lower priority number will be process first.
 
 ## RECOMMENDATION
 
-Deny all inbound rules should not use priority 100. The lowest configurable priority is 100, meaning that whitelisted network traffic rules can not be placed before the deny all.
+Deny all inbound rules should not use priority 100.
+The lowest configurable priority is 100, meaning that whitelisted network traffic rules can not be placed before the deny all.
 
 Consider whitelisting inbound network traffic as required.

docs/rules/en/Azure.VirtualNetwork.PeerState.md

@@ -1,7 +1,7 @@
 ---
 severity: Important
 category: Operations management
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.PeerState.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.PeerState.md
 ---
 
 # VNET peer is not connected

docs/rules/en/Azure.VirtualNetwork.SingleDNS.md

@@ -1,7 +1,7 @@
 ---
 severity: Single point of failure
 category: Reliability
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.SingleDNS.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.SingleDNS.md
 ---
 
 # Azure.VirtualNetwork.SingleDNS

docs/rules/en/Azure.VirtualNetwork.UseNSGs.md

@@ -1,7 +1,7 @@
 ---
 severity: Critical
 category: Security configuration
-online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en-US/Azure.VirtualNetwork.UseNSGs.md
+online version: https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/docs/rules/en/Azure.VirtualNetwork.UseNSGs.md
 ---
 
 # Azure.VirtualNetwork.UseNSGs
@@ -16,4 +16,5 @@ Virtual network subnets should have network security groups (NSGs) assigned.
 
 ## RECOMMENDATION
 
-The GatewaySubnet is a special named subnet which does not support NSGs. For all other subnets define and assign a NSG.
+The GatewaySubnet is a special named subnet which does not support NSGs.
+For all other subnets define and assign a NSG.

docs/rules/en/module.md

@@ -1,81 +1,135 @@
-# Azure rules
+# Module rule reference
 
-RuleName | Description | Category
+## Rules
--------- | ----------- | --------
+
-[Azure.ACR.AdminUser](Azure.ACR.AdminUser.md) | Use Azure AD accounts instead of using the registry admin user. | Security configuration
+The following rules are included within `PSRule.Rules.Azure`.
-[Azure.ACR.MinSku](Azure.ACR.MinSku.md) | ACR should use the Premium or Standard SKU for production deployments. | Performance
+
-[Azure.AKS.MinNodeCount](Azure.AKS.MinNodeCount.md) | AKS clusters should have minimum number of nodes for failover and updates. | Reliability
+### Cost management
-[Azure.AKS.Version](Azure.AKS.Version.md) | AKS control plane and nodes pools should use a current stable release. | Operations management
+
-[Azure.AKS.PoolVersion](Azure.AKS.PoolVersion.md) | AKS node pools should match Kubernetes control plane version. | Operations management
+Name | Synopsis | Severity
-[Azure.AKS.UseRBAC](Azure.AKS.UseRBAC.md) | Deploy AKS cluster with role-based access control (RBAC) enabled. | Security configuration
+---- | -------- | --------
-[Azure.AKS.NetworkPolicy](Azure.AKS.NetworkPolicy.md) | Deploy AKS clusters with Azure Network Policies enabled. | Security configuration
+[Azure.VM.DiskAttached](Azure.VM.DiskAttached.md) | Managed disks should be attached to virtual machines. | Awareness
-[Azure.AKS.PoolScaleSet](Azure.AKS.PoolScaleSet.md) | Deploy AKS clusters with nodes pools based on VM scale sets. | Scalability
+[Azure.VM.DiskSizeAlignment](Azure.VM.DiskSizeAlignment.md) | Managed disk is smaller than SKU size. | Awareness
-[Azure.AppService.PlanInstanceCount](Azure.AppService.PlanInstanceCount.md) | Use an App Service Plan with at least two (2) instances. | Reliability
+[Azure.VM.PromoSku](Azure.VM.PromoSku.md) | Virtual machines (VMs) should not use expired promotional SKU. | Awareness
-[Azure.AppService.MinPlan](Azure.AppService.MinPlan.md) | Use at least a Standard App Service Plan. | Performance
+[Azure.VM.UseHybridUseBenefit](Azure.VM.UseHybridUseBenefit.md) | Use Hybrid Use Benefit. | Awareness
-[Azure.AppService.ARRAffinity](Azure.AppService.ARRAffinity.md) | Disable client affinity for stateless services. | Performance
+
-[Azure.AppService.UseHTTPS](Azure.AppService.UseHTTPS.md) | Azure App Service apps should only accept encrypted connections. | Security configuration
+### Data recovery
-[Azure.AppService.MinTLS](Azure.AppService.MinTLS.md) | App Service should reject TLS versions older then 1.2. | Security configuration
+
-[Azure.DataFactory.Version](Azure.DataFactory.Version.md) | Consider migrating to DataFactory v2. | Operations management
+Name | Synopsis | Severity
-[Azure.MySQL.UseSSL](Azure.MySQL.UseSSL.md) | Enforce encrypted MySQL connections. | Security configuration
+---- | -------- | --------
-[Azure.MySQL.FirewallRuleCount](Azure.MySQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Operations management
+[Azure.Storage.SoftDelete](Azure.Storage.SoftDelete.md) | Enable soft delete on Storage Accounts. | Important
-[Azure.MySQL.AllowAzureAccess](Azure.MySQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Security configuration
+
-[Azure.MySQL.FirewallIPRange](Azure.MySQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Security configuration
+### Operations management
-[Azure.PostgreSQL.UseSSL](Azure.PostgreSQL.UseSSL.md) | Enforce encrypted PostgreSQL connections. | Security configuration
+
-[Azure.PostgreSQL.FirewallRuleCount](Azure.PostgreSQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Operations management
+Name | Synopsis | Severity
-[Azure.PostgreSQL.AllowAzureAccess](Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Security configuration
+---- | -------- | --------
-[Azure.PostgreSQL.FirewallIPRange](Azure.PostgreSQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Security configuration
+[Azure.AKS.PoolVersion](Azure.AKS.PoolVersion.md) | AKS node pools should match Kubernetes control plane version. | Important
-[Azure.PublicIP.IsAttached](Azure.PublicIP.IsAttached.md) | Public IP address should be attached. | Operations management
+[Azure.AKS.Version](Azure.AKS.Version.md) | AKS control plane and nodes pools should use a current stable release. | Important
-[Azure.Redis.NonSslPort](Azure.Redis.NonSslPort.md) | Redis Cache should only accept secure connections. | Security configuration
+[Azure.DataFactory.Version](Azure.DataFactory.Version.md) | Consider migrating to DataFactory v2. | Awareness
-[Azure.Redis.MinTLS](Azure.Redis.MinTLS.md) | Redis Cache should reject TLS versions older then 1.2. | Security configuration
+[Azure.MySQL.FirewallRuleCount](Azure.MySQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Awareness
-[Azure.Resource.UseTags](Azure.Resource.UseTags.md) | Resources should be tagged. | Operations management
+[Azure.PostgreSQL.FirewallRuleCount](Azure.PostgreSQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Awareness
-[Azure.Resource.AllowedRegions](Azure.Resource.AllowedRegions.md) | Resources should be deployed to allowed regions. | Operations management
+[Azure.PublicIP.IsAttached](Azure.PublicIP.IsAttached.md) | Public IP address should be attached. | Awareness
-[Azure.SQL.FirewallRuleCount](Azure.SQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Operations management
+[Azure.Resource.AllowedRegions](Azure.Resource.AllowedRegions.md) | Resources should be deployed to allowed regions. | Awareness
-[Azure.SQL.AllowAzureAccess](Azure.SQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Security configuration
+[Azure.Resource.UseTags](Azure.Resource.UseTags.md) | Resources should be tagged. | Awareness
-[Azure.SQL.FirewallIPRange](Azure.SQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Security configuration
+[Azure.SQL.FirewallRuleCount](Azure.SQL.FirewallRuleCount.md) | Determine if there is an excessive number of firewall rules. | Awareness
-[Azure.SQL.ThreatDetection](Azure.SQL.ThreatDetection.md) | Enable Advanced Thread Protection for Azure SQL logical server. | Security configuration
+[Azure.VirtualNetwork.NICAttached](Azure.VirtualNetwork.NICAttached.md) | Network interfaces (NICs) should be attached. | Awareness
-[Azure.SQL.Auditing](Azure.SQL.Auditing.md) | Enable auditing for Azure SQL logical server. | Security configuration
+[Azure.VirtualNetwork.NSGAssociated](Azure.VirtualNetwork.NSGAssociated.md) | Network Security Groups (NSGs) should be associated. | Awareness
-[Azure.Storage.UseReplication](Azure.Storage.UseReplication.md) | Storage accounts not using GRS may be at risk. | Reliability
+[Azure.VirtualNetwork.PeerState](Azure.VirtualNetwork.PeerState.md) | VNET peering connections must be connected. | Important
-[Azure.Storage.SecureTransferRequired](Azure.Storage.SecureTransferRequired.md) | Storage accounts should only accept encrypted connections. | Security configuration
+[Azure.VM.Agent](Azure.VM.Agent.md) | Ensure the VM agent is provisioned automatically. | Important
-[Azure.Storage.UseEncryption](Azure.Storage.UseEncryption.md) | Storage Service Encryption (SSE) should be enabled. | Security configuration
+[Azure.VM.UniqueDns](Azure.VM.UniqueDns.md) | Network interfaces (NICs) should inherit DNS from virtual networks. | Awareness
-[Azure.Storage.SoftDelete](Azure.Storage.SoftDelete.md) | Enable soft delete on Storage Accounts. | Data recovery
+[Azure.VM.Updates](Azure.VM.Updates.md) | Ensure automatic updates are enabled at deployment. | Important
-[Azure.RBAC.UseGroups](Azure.RBAC.UseGroups.md) | Use groups for assigning permissions instead of individual user accounts. | Security operations
+
-[Azure.RBAC.LimitOwner](Azure.RBAC.LimitOwner.md) | Limit the number of subscription Owners. | Security operations
+### Performance
-[Azure.RBAC.LimitMGDelegation](Azure.RBAC.LimitMGDelegation.md) | Limit Role-Base Access Control (RBAC) inheritance from Management Groups. | Security operations
+
-[Azure.RBAC.CoAdministrator](Azure.RBAC.CoAdministrator.md) | Delegate access to manage Azure resources using role-based access control (RBAC). | Security operations
+Name | Synopsis | Severity
-[Azure.RBAC.UseRGDelegation](Azure.RBAC.UseRGDelegation.md) | Use RBAC assignments on resource groups instead of individual resources. | Security operations
+---- | -------- | --------
-[Azure.SecurityCenter.Contact](Azure.SecurityCenter.Contact.md) | Security Center email and phone contact details should be set. | Security operations
+[Azure.ACR.MinSku](Azure.ACR.MinSku.md) | ACR should use the Premium or Standard SKU for production deployments. | Important
-[Azure.SecurityCenter.Provisioning](Azure.SecurityCenter.Provisioning.md) | Enable auto-provisioning on to improve Azure Security Center insights. | Security operations
+[Azure.AppService.ARRAffinity](Azure.AppService.ARRAffinity.md) | Disable client affinity for stateless services. | Awareness
-[Azure.VM.UseManagedDisks](Azure.VM.UseManagedDisks.md) | Virtual machines should use managed disks. | Reliability
+[Azure.AppService.MinPlan](Azure.AppService.MinPlan.md) | Use at least a Standard App Service Plan. | Important
-[Azure.VM.Standalone](Azure.VM.Standalone.md) | VMs must use premium disks or use availability sets/ zones to meet SLA requirements. | Reliability
+[Azure.VirtualNetwork.AppGwMinSku](Azure.VirtualNetwork.AppGwMinSku.md) | Application Gateway should use a minimum instance size of Medium. | Important
-[Azure.VM.PromoSku](Azure.VM.PromoSku.md) | Virtual machines (VMs) should not use expired promotional SKU. | Cost management
+[Azure.VM.BasicSku](Azure.VM.BasicSku.md) | Virtual machines (VMs) should not use Basic sizes. | Important
-[Azure.VM.BasicSku](Azure.VM.BasicSku.md) | Virtual machines (VMs) should not use Basic sizes. | Performance
+[Azure.VM.DiskCaching](Azure.VM.DiskCaching.md) | Check disk caching is configured correctly for the workload. | Important
-[Azure.VM.DiskCaching](Azure.VM.DiskCaching.md) | Check disk caching is configured correctly for the workload. | Performance
+
-[Azure.VM.UniqueDns](Azure.VM.UniqueDns.md) | Network interfaces (NICs) should inherit DNS from virtual networks. | Operations management
+### Performance optimisation
-[Azure.VM.DiskAttached](Azure.VM.DiskAttached.md) | Managed disks should be attached to virtual machines. | Cost management
+
-[Azure.VM.DiskSizeAlignment](Azure.VM.DiskSizeAlignment.md) | Managed disk is smaller than SKU size. | Cost management
+Name | Synopsis | Severity
-[Azure.VM.UseHybridUseBenefit](Azure.VM.UseHybridUseBenefit.md) | Use Hybrid Use Benefit. | Cost management
+---- | -------- | --------
-[Azure.VM.AcceleratedNetworking](Azure.VM.AcceleratedNetworking.md) | Enabled accelerated networking for supported operating systems. | Performance optimisation
+[Azure.VM.AcceleratedNetworking](Azure.VM.AcceleratedNetworking.md) | Enabled accelerated networking for supported operating systems. | Important
-[Azure.VM.ASAlignment](Azure.VM.ASAlignment.md) | Availability sets should be aligned. | Reliability
+
-[Azure.VM.ASMinMembers](Azure.VM.ASMinMembers.md) | Availability sets should be deployed with at least two members. | Reliability
+### Reliability
-[Azure.VM.ADE](Azure.VM.ADE.md) | Use Azure Disk Encryption. | Security configuration
+
-[Azure.VM.PublicKey](Azure.VM.PublicKey.md) | Linux virtual machines should use public keys. | Security configuration
+Name | Synopsis | Severity
-[Azure.VM.Agent](Azure.VM.Agent.md) | Ensure the VM agent is provisioned automatically. | Operations management
+---- | -------- | --------
-[Azure.VM.Updates](Azure.VM.Updates.md) | Ensure automatic updates are enabled at deployment. | Operations management
+[Azure.AKS.MinNodeCount](Azure.AKS.MinNodeCount.md) | AKS clusters should have minimum number of nodes for failover and updates. | Important
-[Azure.VirtualNetwork.UseNSGs](Azure.VirtualNetwork.UseNSGs.md) | Subnets should have NSGs assigned. | Security configuration
+[Azure.AppService.PlanInstanceCount](Azure.AppService.PlanInstanceCount.md) | Use an App Service Plan with at least two (2) instances. | Single point of failure
-[Azure.VirtualNetwork.SingleDNS](Azure.VirtualNetwork.SingleDNS.md) | VNETs should have at least two DNS servers assigned. | Reliability
+[Azure.Storage.UseReplication](Azure.Storage.UseReplication.md) | Storage accounts not using GRS may be at risk. | Single point of failure
-[Azure.VirtualNetwork.LocalDNS](Azure.VirtualNetwork.LocalDNS.md) | Virtual networks (VNETs) should use Azure local DNS servers. | Reliability
+[Azure.VirtualNetwork.AppGwMinInstance](Azure.VirtualNetwork.AppGwMinInstance.md) | Application Gateways should use a minimum of two instances. | Important
-[Azure.VirtualNetwork.PeerState](Azure.VirtualNetwork.PeerState.md) | VNET peering connections must be connected. | Operations management
+[Azure.VirtualNetwork.LocalDNS](Azure.VirtualNetwork.LocalDNS.md) | Virtual networks (VNETs) should use Azure local DNS servers. | Important
-[Azure.VirtualNetwork.NSGAnyInboundSource](Azure.VirtualNetwork.NSGAnyInboundSource.md) | Network security groups should avoid any inbound rules. | Security configuration
+[Azure.VirtualNetwork.NSGDenyAllInbound](Azure.VirtualNetwork.NSGDenyAllInbound.md) | Avoid denying all inbound traffic. | Important
-[Azure.VirtualNetwork.NSGDenyAllInbound](Azure.VirtualNetwork.NSGDenyAllInbound.md) | Avoid denying all inbound traffic. | Reliability
+[Azure.VirtualNetwork.SingleDNS](Azure.VirtualNetwork.SingleDNS.md) | VNETs should have at least two DNS servers assigned. | Single point of failure
-[Azure.VirtualNetwork.LateralTraversal](Azure.VirtualNetwork.LateralTraversal.md) | Deny outbound management connections from non-management hosts. | Security configuration
+[Azure.VM.ASAlignment](Azure.VM.ASAlignment.md) | Availability sets should be aligned. | Single point of failure
-[Azure.VirtualNetwork.NSGAssociated](Azure.VirtualNetwork.NSGAssociated.md) | Network Security Groups (NSGs) should be associated. | Operations management
+[Azure.VM.ASMinMembers](Azure.VM.ASMinMembers.md) | Availability sets should be deployed with at least two members. | Single point of failure
-[Azure.VirtualNetwork.AppGwMinInstance](Azure.VirtualNetwork.AppGwMinInstance.md) | Application Gateways should use a minimum of two instances. | Reliability
+[Azure.VM.Standalone](Azure.VM.Standalone.md) | VMs must use premium disks or use availability sets/ zones to meet SLA requirements. | Single point of failure
-[Azure.VirtualNetwork.AppGwMinSku](Azure.VirtualNetwork.AppGwMinSku.md) | Application Gateway should use a minimum instance size of Medium. | Performance
+[Azure.VM.UseManagedDisks](Azure.VM.UseManagedDisks.md) | Virtual machines should use managed disks. | Single point of failure
-[Azure.VirtualNetwork.AppGwUseWAF](Azure.VirtualNetwork.AppGwUseWAF.md) | Internet accessible Application Gateways should use WAF. | Security configuration
+
-[Azure.VirtualNetwork.AppGwSSLPolicy](Azure.VirtualNetwork.AppGwSSLPolicy.md) | Application Gateway should only accept a minimum of TLS 1.2. | Security configuration
+### Resiliency
-[Azure.VirtualNetwork.AppGwPrevention](Azure.VirtualNetwork.AppGwPrevention.md) | Internet exposed Application Gateways should use prevention mode to protect backend resources. | Security configuration
+
-[Azure.VirtualNetwork.AppGwWAFEnabled](Azure.VirtualNetwork.AppGwWAFEnabled.md) | Application Gateway Web Application Firewall (WAF) must be enabled to protect backend resources. | Security configuration
+Name | Synopsis | Severity
-[Azure.VirtualNetwork.AppGwOWASP](Azure.VirtualNetwork.AppGwOWASP.md) | Application Gateway Web Application Firewall (WAF) should use OWASP 3.x rules. | Security configuration
+---- | -------- | --------
-[Azure.VirtualNetwork.AppGwWAFRules](Azure.VirtualNetwork.AppGwWAFRules.md) | Application Gateway Web Application Firewall (WAF) should have all rules enabled. | Security configuration
+[Azure.VirtualNetwork.LBProbe](Azure.VirtualNetwork.LBProbe.md) | Use a specific probe for web protocols. | Important
-[Azure.VirtualNetwork.NICAttached](Azure.VirtualNetwork.NICAttached.md) | Network interfaces (NICs) should be attached. | Operations management
+
-[Azure.VirtualNetwork.LBProbe](Azure.VirtualNetwork.LBProbe.md) | Use a specific probe for web protocols. | Resiliency
+### Scalability
+
+Name | Synopsis | Severity
+---- | -------- | --------
+[Azure.AKS.PoolScaleSet](Azure.AKS.PoolScaleSet.md) | Deploy AKS clusters with nodes pools based on VM scale sets. | Important
+
+### Security configuration
+
+Name | Synopsis | Severity
+---- | -------- | --------
+[Azure.ACR.AdminUser](Azure.ACR.AdminUser.md) | Use Azure AD accounts instead of using the registry admin user. | Critical
+[Azure.AKS.NetworkPolicy](Azure.AKS.NetworkPolicy.md) | Deploy AKS clusters with Azure Network Policies enabled. | Important
+[Azure.AKS.PodSecurityPolicy](Azure.AKS.PodSecurityPolicy.md) | Configure AKS non-production clusters to use Pod Security Policies (Preview). | Important
+[Azure.AKS.UseRBAC](Azure.AKS.UseRBAC.md) | Deploy AKS cluster with role-based access control (RBAC) enabled. | Important
+[Azure.AppService.MinTLS](Azure.AppService.MinTLS.md) | App Service should reject TLS versions older then 1.2. | Important
+[Azure.AppService.UseHTTPS](Azure.AppService.UseHTTPS.md) | Azure App Service apps should only accept encrypted connections. | Important
+[Azure.Automation.EncryptVariables](Azure.Automation.EncryptVariables.md) | Azure Automation variables should be encrypted. | Important
+[Azure.Automation.WebHookExpiry](Azure.Automation.WebHookExpiry.md) | Do not create webhooks with an expiry time greater than 1 year (default). | Awareness
+[Azure.MySQL.AllowAzureAccess](Azure.MySQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
+[Azure.MySQL.FirewallIPRange](Azure.MySQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Important
+[Azure.MySQL.UseSSL](Azure.MySQL.UseSSL.md) | Enforce encrypted MySQL connections. | Critical
+[Azure.PostgreSQL.AllowAzureAccess](Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
+[Azure.PostgreSQL.FirewallIPRange](Azure.PostgreSQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Important
+[Azure.PostgreSQL.UseSSL](Azure.PostgreSQL.UseSSL.md) | Enforce encrypted PostgreSQL connections. | Critical
+[Azure.Redis.MinTLS](Azure.Redis.MinTLS.md) | Redis Cache should reject TLS versions older then 1.2. | Critical
+[Azure.Redis.NonSslPort](Azure.Redis.NonSslPort.md) | Redis Cache should only accept secure connections. | Critical
+[Azure.SQL.AllowAzureAccess](Azure.SQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
+[Azure.SQL.Auditing](Azure.SQL.Auditing.md) | Enable auditing for Azure SQL logical server. | Important
+[Azure.SQL.FirewallIPRange](Azure.SQL.FirewallIPRange.md) | Determine if there is an excessive number of permitted IP addresses. | Important
+[Azure.SQL.ThreatDetection](Azure.SQL.ThreatDetection.md) | Enable Advanced Thread Protection for Azure SQL logical server. | Important
+[Azure.Storage.SecureTransferRequired](Azure.Storage.SecureTransferRequired.md) | Storage accounts should only accept encrypted connections. | Important
+[Azure.Storage.UseEncryption](Azure.Storage.UseEncryption.md) | Storage Service Encryption (SSE) should be enabled. | Important
+[Azure.VirtualNetwork.AppGwOWASP](Azure.VirtualNetwork.AppGwOWASP.md) | Application Gateway Web Application Firewall (WAF) should use OWASP 3.x rules. | Important
+[Azure.VirtualNetwork.AppGwPrevention](Azure.VirtualNetwork.AppGwPrevention.md) | Internet exposed Application Gateways should use prevention mode to protect backend resources. | Critical
+[Azure.VirtualNetwork.AppGwSSLPolicy](Azure.VirtualNetwork.AppGwSSLPolicy.md) | Application Gateway should only accept a minimum of TLS 1.2. | Critical
+[Azure.VirtualNetwork.AppGwUseWAF](Azure.VirtualNetwork.AppGwUseWAF.md) | Internet accessible Application Gateways should use WAF. | Critical
+[Azure.VirtualNetwork.AppGwWAFEnabled](Azure.VirtualNetwork.AppGwWAFEnabled.md) | Application Gateway Web Application Firewall (WAF) must be enabled to protect backend resources. | Critical
+[Azure.VirtualNetwork.AppGwWAFRules](Azure.VirtualNetwork.AppGwWAFRules.md) | Application Gateway Web Application Firewall (WAF) should have all rules enabled. | Important
+[Azure.VirtualNetwork.LateralTraversal](Azure.VirtualNetwork.LateralTraversal.md) | Deny outbound management connections from non-management hosts. | Important
+[Azure.VirtualNetwork.NSGAnyInboundSource](Azure.VirtualNetwork.NSGAnyInboundSource.md) | Network security groups should avoid any inbound rules. | Critical
+[Azure.VirtualNetwork.UseNSGs](Azure.VirtualNetwork.UseNSGs.md) | Subnets should have NSGs assigned. | Critical
+[Azure.VM.ADE](Azure.VM.ADE.md) | Use Azure Disk Encryption. | Important
+[Azure.VM.PublicKey](Azure.VM.PublicKey.md) | Linux virtual machines should use public keys. | Important
+
+### Security operations
+
+Name | Synopsis | Severity
+---- | -------- | --------
+[Azure.RBAC.CoAdministrator](Azure.RBAC.CoAdministrator.md) | Delegate access to manage Azure resources using role-based access control (RBAC). | Important
+[Azure.RBAC.LimitMGDelegation](Azure.RBAC.LimitMGDelegation.md) | Limit Role-Base Access Control (RBAC) inheritance from Management Groups. | Important
+[Azure.RBAC.LimitOwner](Azure.RBAC.LimitOwner.md) | Limit the number of subscription Owners. | Important
+[Azure.RBAC.UseGroups](Azure.RBAC.UseGroups.md) | Use groups for assigning permissions instead of individual user accounts. | Important
+[Azure.RBAC.UseRGDelegation](Azure.RBAC.UseRGDelegation.md) | Use RBAC assignments on resource groups instead of individual resources. | Important
+[Azure.SecurityCenter.Contact](Azure.SecurityCenter.Contact.md) | Security Center email and phone contact details should be set. | Important
+[Azure.SecurityCenter.Provisioning](Azure.SecurityCenter.Provisioning.md) | Enable auto-provisioning on to improve Azure Security Center insights. | Important

docs/scenarios/install-instructions.md

@@ -43,7 +43,8 @@ Save-Module -Name 'PSRule', 'PSRule.Rules.Azure', 'Az.Accounts', 'Az.Resources',
 
 > For pre-release versions the `-AllowPrerelease` switch must be added when calling `Install-Module` or `Save-Module`.
 >
-> To install pre-release module versions, upgrading to the latest version of _PowerShellGet_ may be required. To do this use:
+> To install pre-release module versions, upgrading to the latest version of _PowerShellGet_ may be required.
+To do this use:
 >
 > `Install-Module -Name PowerShellGet -Repository PSGallery -Scope CurrentUser -Force`
 

pipeline.build.ps1

@@ -104,7 +104,7 @@ task VersionModule ModuleDependencies, {
     $manifest = Test-ModuleManifest -Path $manifestPath;
     $requiredModules = $manifest.RequiredModules | ForEach-Object -Process {
         if ($_.Name -eq 'PSRule' -and $Configuration -eq 'Release') {
-            @{ ModuleName = 'PSRule'; ModuleVersion = '0.12.0' }
+            @{ ModuleName = 'PSRule'; ModuleVersion = '0.13.0' }
         }
         else {
             @{ ModuleName = $_.Name; ModuleVersion = $_.Version }
@@ -154,8 +154,8 @@ task PSScriptAnalyzer NuGet, {
 
 # Synopsis: Install PSRule
 task PSRule NuGet, {
-    if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion 0.12.0 -ErrorAction Ignore)) {
+    if ($Null -eq (Get-InstalledModule -Name PSRule -MinimumVersion 0.13.0 -ErrorAction Ignore)) {
-        Install-Module -Name PSRule -Repository PSGallery -MinimumVersion 0.12.0 -Scope CurrentUser -Force;
+        Install-Module -Name PSRule -Repository PSGallery -MinimumVersion 0.13.0 -Scope CurrentUser -Force;
     }
     Import-Module -Name PSRule -Verbose:$False;
 }
@@ -269,11 +269,7 @@ task Analyze Build, PSScriptAnalyzer, {
 # Synopsis: Build table of content for rules
 task BuildRuleDocs Build, PSRule, PSDocs, {
     Import-Module (Join-Path -Path $PWD -ChildPath out/modules/PSRule.Rules.Azure) -Force;
-    $Null = Invoke-PSDocument -Name Azure -OutputPath .\docs\rules\en-US\ -Path .\RuleToc.Doc.ps1;
+    $Null = Invoke-PSDocument -Name module -OutputPath .\docs\rules\en\ -Path .\RuleToc.Doc.ps1;
-    # $rules = Get-PSRule -Module 'PSRule.Rules.Azure';
-    # $rules | ForEach-Object -Process {
-    #     Invoke-PSDocument -Path .\RuleHelp.Doc.ps1 -OutputPath .\docs\rules\en-US\ -InstanceName $_.Info.Name -inputObject $_;
-    # }
 }
 
 # Synopsis: Build help
@@ -281,13 +277,15 @@ task BuildHelp BuildModule, PlatyPS, {
     # Generate MAML and about topics
     $Null = New-ExternalHelp -OutputPath out/docs/PSRule.Rules.Azure -Path '.\docs\commands\PSRule.Rules.Azure\en-US' -Force;
 
+    if (!(Test-Path out/modules/PSRule.Rules.Azure/en/)) {
+        $Null = New-Item -Path out/modules/PSRule.Rules.Azure/en/ -ItemType Directory -Force;
+    }
+
     # Copy generated help into module out path
     $Null = Copy-Item -Path out/docs/PSRule.Rules.Azure/* -Destination out/modules/PSRule.Rules.Azure/en-US/ -Recurse;
     $Null = Copy-Item -Path out/docs/PSRule.Rules.Azure/* -Destination out/modules/PSRule.Rules.Azure/en-AU/ -Recurse;
     $Null = Copy-Item -Path out/docs/PSRule.Rules.Azure/* -Destination out/modules/PSRule.Rules.Azure/en-GB/ -Recurse;
-    $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Azure/en-US/;
+    $Null = Copy-Item -Path docs/rules/en/*.md -Destination out/modules/PSRule.Rules.Azure/en/;
-    $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Azure/en-AU/;
-    $Null = Copy-Item -Path docs/rules/en-US/*.md -Destination out/modules/PSRule.Rules.Azure/en-GB/;
 }
 
 task ScaffoldHelp Build, BuildRuleDocs, {

src/PSRule.Rules.Azure/PSRule.Rules.Azure.psd1

@@ -100,7 +100,7 @@ AliasesToExport = @()
 PrivateData = @{
     PSData = @{
         # Tags applied to this module. These help with module discovery in online galleries.
-        Tags = @('Rule', 'PSRule', 'Azure')
+        Tags = @('PSRule', 'PSRule-rules', 'Rule', 'Azure', 'Cloud')
 
         # A URL to the license for this module.
         LicenseUri = 'https://github.com/BernieWhite/PSRule.Rules.Azure/blob/master/LICENSE'