diff --git a/cmd/azqr/plan.go b/cmd/azqr/plan.go
index 67128f8f..7962a754 100644
--- a/cmd/azqr/plan.go
+++ b/cmd/azqr/plan.go
@@ -5,7 +5,7 @@ package azqr
 
 import (
 	"github.com/Azure/azqr/internal/scanners"
-	"github.com/Azure/azqr/internal/scanners/plan"
+	"github.com/Azure/azqr/internal/scanners/asp"
 	"github.com/spf13/cobra"
 )
 
@@ -20,7 +20,7 @@ var planCmd = &cobra.Command{
 	Args:  cobra.NoArgs,
 	Run: func(cmd *cobra.Command, args []string) {
 		serviceScanners := []scanners.IAzureScanner{
-			&plan.AppServiceScanner{},
+			&asp.AppServiceScanner{},
 		}
 
 		scan(cmd, serviceScanners)
diff --git a/cmd/azqr/scan.go b/cmd/azqr/scan.go
index b2a549ac..21da1509 100644
--- a/cmd/azqr/scan.go
+++ b/cmd/azqr/scan.go
@@ -47,7 +47,7 @@ import (
 	"github.com/Azure/azqr/internal/scanners/logic"
 	"github.com/Azure/azqr/internal/scanners/maria"
 	"github.com/Azure/azqr/internal/scanners/mysql"
-	"github.com/Azure/azqr/internal/scanners/plan"
+	"github.com/Azure/azqr/internal/scanners/asp"
 	"github.com/Azure/azqr/internal/scanners/psql"
 	"github.com/Azure/azqr/internal/scanners/redis"
 	"github.com/Azure/azqr/internal/scanners/sb"
@@ -459,7 +459,7 @@ func GetScanners() []scanners.IAzureScanner {
 		&maria.MariaScanner{},
 		&mysql.MySQLFlexibleScanner{},
 		&mysql.MySQLScanner{},
-		&plan.AppServiceScanner{},
+		&asp.AppServiceScanner{},
 		&psql.PostgreFlexibleScanner{},
 		&psql.PostgreScanner{},
 		&redis.RedisScanner{},
diff --git a/docs/content/en/docs/Rules/_index.md b/docs/content/en/docs/Rules/_index.md
index 722d51be..5352bd83 100644
--- a/docs/content/en/docs/Rules/_index.md
+++ b/docs/content/en/docs/Rules/_index.md
@@ -146,126 +146,127 @@ Azure Quick Review uses the following rules to identify Azure resources that may
 136 | lb-006 | Operational Excellence | Naming Convention (CAF) | Load Balancer Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
 137 | lb-007 | Operational Excellence | Tags | Load Balancer should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
 138 | logic-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
-139 | logic-004 | Security | Private Endpoint | Logic App should limit access to Http Triggers | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#restrict-access-by-ip-address-range)
-140 | logic-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-141 | logic-007 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-142 | maria-001 | Reliability | Diagnostic Logs | MariaDB should have diagnostic settings enabled | Medium | [Learn]()
-143 | maria-002 | Security | Private Endpoint | MariaDB should have private endpoints enabled | High | [Learn]()
-144 | maria-003 | Operational Excellence | Naming Convention (CAF) | MariaDB server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-145 | maria-004 | Reliability | SLA | MariaDB server should have a SLA | High | [Learn]()
-146 | maria-005 | Operational Excellence | Tags | MariaDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-147 | maria-006 | Security | TLS | MariaDB should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/mariadb/howto-tls-configurations)
-148 | mysqlf-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-query-performance-insights#set-up-diagnostics)
-149 | mysqlf-002 | Reliability | Availability Zones | Azure Database for MySQL - Flexible Server should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-configure-high-availability-cli)
-150 | mysqlf-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](hhttps://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-151 | mysqlf-004 | Security | Private IP Address | Azure Database for MySQL - Flexible Server should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-manage-virtual-network-cli)
-152 | mysqlf-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-service-tiers-storage)
-153 | mysqlf-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-154 | mysqlf-007 | Operational Excellence | Tags | Azure Database for MySQL - Flexible Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-155 | mysql-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-monitoring#server-logs)
-156 | mysql-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/mysql/)
-157 | mysql-004 | Security | Private Endpoint | Azure Database for MySQL - Flexible Server should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-data-access-security-private-link)
-158 | mysql-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-pricing-tiers)
-159 | mysql-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-160 | mysql-007 | Reliability | SKU | Azure Database for MySQL - Single Server is on the retirement path | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server)
-161 | mysql-008 | Operational Excellence | Tags | Azure Database for MySQL - Single Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-162 | app-001 | Reliability | Diagnostic Logs | App Service should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#send-logs-to-azure-monitor)
-163 | app-004 | Security | Private Endpoint | App Service should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint)
-164 | app-006 | Operational Excellence | Naming Convention (CAF) | App Service Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-165 | app-007 | Security | HTTPS Only | App Service should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-166 | app-008 | Operational Excellence | Tags | App Service should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-167 | func-001 | Reliability | Diagnostic Logs | Function should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-monitor-log-analytics?tabs=csharp)
-168 | func-004 | Security | Private Endpoint | Function should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet)
-169 | func-006 | Operational Excellence | Naming Convention (CAF) | Function Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-170 | func-007 | Security | HTTPS Only | Function should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-171 | func-008 | Operational Excellence | Tags | Function should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-172 | logics-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
-173 | logics-004 | Security | Private Endpoint | Logic App should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint)
-174 | logics-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-175 | logics-007 | Security | HTTPS Only | Logic App should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
-176 | logics-008 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-177 | plan-001 | Reliability | Diagnostic Logs | Plan should have diagnostic settings enabled | Medium | [Learn]()
-178 | plan-002 | Reliability | Availability Zones | Plan should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service)
-179 | plan-003 | Reliability | SLA | Plan should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/app-service/)
-180 | plan-005 | Reliability | SKU | Plan SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans)
-181 | plan-006 | Operational Excellence | Naming Convention (CAF) | Plan Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-182 | plan-007 | Operational Excellence | Tags | Plan should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-183 | psqlf-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-and-access-logs)
-184 | psqlf-002 | Reliability | Availability Zones | PostgreSQL should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview#architecture-and-high-availability)
-185 | psqlf-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compare-single-server-flexible-server)
-186 | psqlf-004 | Security | Private IP Address | PostgreSQL should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking#private-access-vnet-integration)
-187 | psqlf-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/postgresql/flexible-server/)
-188 | psqlf-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-189 | psqlf-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-190 | psql-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-server-logs#resource-logs)
-191 | psql-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/postgresql/)
-192 | psql-004 | Security | Private Endpoint | PostgreSQL should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-data-access-and-security-private-link)
-193 | psql-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-pricing-tiers)
-194 | psql-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-195 | psql-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-196 | psql-008 | Security | SSL | PostgreSQL should enforce SSL | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security#enforcing-tls-connections)
-197 | psql-009 | Security | TLS | PostgreSQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-tls-configurations)
-198 | redis-001 | Reliability | Diagnostic Logs | Redis should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-monitor-diagnostic-settings)
-199 | redis-002 | Reliability | Availability Zones | Redis should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability)
-200 | redis-003 | Reliability | SLA | Redis should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-201 | redis-004 | Security | Private Endpoint | Redis should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-private-link)
-202 | redis-005 | Reliability | SKU | Redis SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/cache/)
-203 | redis-006 | Operational Excellence | Naming Convention (CAF) | Redis Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-204 | redis-007 | Operational Excellence | Tags | Redis should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-205 | redis-008 | Security | SSL | Redis should not enable non SSL ports | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#access-ports)
-206 | redis-009 | Security | TLS | Redis should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11)
-207 | sb-001 | Reliability | Diagnostic Logs | Service Bus should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus#collection-and-routing)
-208 | sb-002 | Reliability | Availability Zones | Service Bus should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters#availability-zones)
-209 | sb-003 | Reliability | SLA | Service Bus should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/service-bus/)
-210 | sb-004 | Security | Private Endpoint | Service Bus should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/network-security)
-211 | sb-005 | Reliability | SKU | Service Bus SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/service-bus/)
-212 | sb-006 | Operational Excellence | Naming Convention (CAF) | Service Bus Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-213 | sb-007 | Operational Excellence | Tags | Service Bus should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-214 | sb-008 | Security | Identity and Access Control | Service Bus should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas)
-215 | sigr-001 | Reliability | Diagnostic Logs | SignalR should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-diagnostic-logs)
-216 | sigr-002 | Reliability | Availability Zones | SignalR should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/availability-zones)
-217 | sigr-003 | Reliability | SLA | SignalR should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/signalr-service/)
-218 | sigr-004 | Security | Private Endpoint | SignalR should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/howto-private-endpoints)
-219 | sigr-005 | Reliability | SKU | SignalR SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/signalr-service/)
-220 | sigr-006 | Operational Excellence | Naming Convention (CAF) | SignalR Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-221 | sigr-007 | Operational Excellence | Tags | SignalR should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-222 | sql-001 | Reliability | Diagnostic Logs | SQL should have diagnostic settings enabled | Medium | [Learn]()
-223 | sql-004 | Security | Private Endpoint | SQL should have private endpoints enabled | High | [Learn]()
-224 | sql-006 | Operational Excellence | Naming Convention (CAF) | SQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-225 | sql-007 | Operational Excellence | Tags | SQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-226 | sql-008 | Security | TLS | SQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version)
-227 | sqldb-001 | Reliability | Diagnostic Logs | SQL Database should have diagnostic settings enabled | Medium | [Learn]()
-228 | sqldb-002 | Reliability | Availability Zones | SQL Database should have availability zones enabled | High | [Learn]()
-229 | sqldb-003 | Reliability | SLA | SQL Database should have a SLA | High | [Learn]()
-230 | sqldb-005 | Reliability | SKU | SQL Database SKU | High | [Learn](https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-vcore?tabs=azure-portal)
-231 | sqldb-006 | Operational Excellence | Naming Convention (CAF) | SQL Database Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-232 | sqldb-007 | Operational Excellence | Tags | SQL Database should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-233 | st-001 | Reliability | Diagnostic Logs | Storage should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage)
-234 | st-002 | Reliability | Availability Zones | Storage should have availability zones enabled | High | [Learn](https://learn.microsoft.com/EN-US/azure/reliability/migrate-storage)
-235 | st-003 | Reliability | SLA | Storage should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/storage/)
-236 | st-004 | Security | Private Endpoint | Storage should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints)
-237 | st-005 | Reliability | SKU | Storage SKU | High | [Learn](https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types)
-238 | st-006 | Operational Excellence | Naming Convention (CAF) | Storage Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-239 | st-007 | Security | HTTPS Only | Storage Account should use HTTPS only | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer)
-240 | st-008 | Operational Excellence | Tags | Storage Account should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-241 | st-009 | Security | TLS | Storage Account should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal)
-242 | vm-001 | Reliability | Diagnostic Logs | Virtual Machine should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install)
-243 | vm-002 | Reliability | Availability Zones | Virtual Machine should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
-244 | vm-003 | Reliability | SLA | Virtual Machine should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
-245 | vm-006 | Operational Excellence | Naming Convention (CAF) | Virtual Machine Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-246 | vm-007 | Operational Excellence | Tags | Virtual Machine should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-247 | vm-008 | Reliability | Reliability | Virtual Machine should use managed disks | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
-248 | vm-009 | Reliability | Reliability | Virtual Machine should host application or database data on a data disk | Low | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
-249 | vnet-001 | Reliability | Diagnostic Logs | Virtual Network should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
-250 | vnet-002 | Reliability | Availability Zones | Virtual Network should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
-251 | vnet-006 | Operational Excellence | Naming Convention (CAF) | Virtual Network Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-252 | vnet-007 | Operational Excellence | Tags | Virtual Network should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
-253 | vnet-008 | Security | Networking | Virtual Network: All Subnets should have a Network Security Group associated | High | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
-254 | vnet-009 | Reliability | Reliability | Virtual NetworK should have at least two DNS servers assigned | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
-255 | wps-001 | Reliability | Diagnostic Logs | Web Pub Sub should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
-256 | wps-002 | Reliability | Availability Zones | Web Pub Sub should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
-257 | wps-003 | Reliability | SLA | Web Pub Sub should have a SLA | High | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
-258 | wps-004 | Security | Private Endpoint | Web Pub Sub should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
-259 | wps-005 | Reliability | SKU | Web Pub Sub SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
-260 | wps-006 | Operational Excellence | Naming Convention (CAF) | Web Pub Sub Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
-261 | wps-007 | Operational Excellence | Tags | Web Pub Sub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+139 | logic-003 | Reliability | SLA | Logic App should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+140 | logic-004 | Security | Private Endpoint | Logic App should limit access to Http Triggers | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-securing-a-logic-app?tabs=azure-portal#restrict-access-by-ip-address-range)
+141 | logic-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+142 | logic-007 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+143 | maria-001 | Reliability | Diagnostic Logs | MariaDB should have diagnostic settings enabled | Medium | [Learn]()
+144 | maria-002 | Security | Private Endpoint | MariaDB should have private endpoints enabled | High | [Learn]()
+145 | maria-003 | Operational Excellence | Naming Convention (CAF) | MariaDB server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+146 | maria-004 | Reliability | SLA | MariaDB server should have a SLA | High | [Learn]()
+147 | maria-005 | Operational Excellence | Tags | MariaDB should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+148 | maria-006 | Security | TLS | MariaDB should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/mariadb/howto-tls-configurations)
+149 | mysqlf-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/tutorial-query-performance-insights#set-up-diagnostics)
+150 | mysqlf-002 | Reliability | Availability Zones | Azure Database for MySQL - Flexible Server should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-configure-high-availability-cli)
+151 | mysqlf-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](hhttps://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+152 | mysqlf-004 | Security | Private IP Address | Azure Database for MySQL - Flexible Server should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/how-to-manage-virtual-network-cli)
+153 | mysqlf-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/flexible-server/concepts-service-tiers-storage)
+154 | mysqlf-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+155 | mysqlf-007 | Operational Excellence | Tags | Azure Database for MySQL - Flexible Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+156 | mysql-001 | Reliability | Diagnostic Logs | Azure Database for MySQL - Flexible Server should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-monitoring#server-logs)
+157 | mysql-003 | Reliability | SLA | Azure Database for MySQL - Flexible Server should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/mysql/)
+158 | mysql-004 | Security | Private Endpoint | Azure Database for MySQL - Flexible Server should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-data-access-security-private-link)
+159 | mysql-005 | Reliability | SKU | Azure Database for MySQL - Flexible Server SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/concepts-pricing-tiers)
+160 | mysql-006 | Operational Excellence | Naming Convention (CAF) | Azure Database for MySQL - Flexible Server Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+161 | mysql-007 | Reliability | SKU | Azure Database for MySQL - Single Server is on the retirement path | High | [Learn](https://learn.microsoft.com/en-us/azure/mysql/single-server/whats-happening-to-mysql-single-server)
+162 | mysql-008 | Operational Excellence | Tags | Azure Database for MySQL - Single Server should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+163 | app-001 | Reliability | Diagnostic Logs | App Service should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/app-service/troubleshoot-diagnostic-logs#send-logs-to-azure-monitor)
+164 | app-004 | Security | Private Endpoint | App Service should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/networking/private-endpoint)
+165 | app-006 | Operational Excellence | Naming Convention (CAF) | App Service Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+166 | app-007 | Security | HTTPS Only | App Service should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+167 | app-008 | Operational Excellence | Tags | App Service should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+168 | asp-001 | Reliability | Diagnostic Logs | Plan should have diagnostic settings enabled | Medium | [Learn]()
+169 | asp-002 | Reliability | Availability Zones | Plan should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service)
+170 | asp-003 | Reliability | SLA | Plan should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/app-service/)
+171 | asp-005 | Reliability | SKU | Plan SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans)
+172 | asp-006 | Operational Excellence | Naming Convention (CAF) | Plan Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+173 | asp-007 | Operational Excellence | Tags | Plan should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+174 | func-001 | Reliability | Diagnostic Logs | Function should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-monitor-log-analytics?tabs=csharp)
+175 | func-004 | Security | Private Endpoint | Function should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet)
+176 | func-006 | Operational Excellence | Naming Convention (CAF) | Function Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+177 | func-007 | Security | HTTPS Only | Function should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+178 | func-008 | Operational Excellence | Tags | Function should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+179 | logics-001 | Reliability | Diagnostic Logs | Logic App should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/monitor-workflows-collect-diagnostic-data)
+180 | logics-004 | Security | Private Endpoint | Logic App should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/logic-apps/secure-single-tenant-workflow-virtual-network-private-endpoint)
+181 | logics-006 | Operational Excellence | Naming Convention (CAF) | Logic App Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+182 | logics-007 | Security | HTTPS Only | Logic App should use HTTPS only | High | [Learn](https://learn.microsoft.com/azure/app-service/configure-ssl-bindings#enforce-https)
+183 | logics-008 | Operational Excellence | Tags | Logic App should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+184 | psqlf-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/howto-configure-and-access-logs)
+185 | psqlf-002 | Reliability | Availability Zones | PostgreSQL should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/overview#architecture-and-high-availability)
+186 | psqlf-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-compare-single-server-flexible-server)
+187 | psqlf-004 | Security | Private IP Address | PostgreSQL should have private access enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/concepts-networking#private-access-vnet-integration)
+188 | psqlf-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/postgresql/flexible-server/)
+189 | psqlf-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+190 | psqlf-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+191 | psql-001 | Reliability | Diagnostic Logs | PostgreSQL should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-server-logs#resource-logs)
+192 | psql-003 | Reliability | SLA | PostgreSQL should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/postgresql/)
+193 | psql-004 | Security | Private Endpoint | PostgreSQL should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-data-access-and-security-private-link)
+194 | psql-005 | Reliability | SKU | PostgreSQL SKU | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-pricing-tiers)
+195 | psql-006 | Operational Excellence | Naming Convention (CAF) | PostgreSQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+196 | psql-007 | Operational Excellence | Tags | PostgreSQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+197 | psql-008 | Security | SSL | PostgreSQL should enforce SSL | High | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/concepts-ssl-connection-security#enforcing-tls-connections)
+198 | psql-009 | Security | TLS | PostgreSQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/postgresql/single-server/how-to-tls-configurations)
+199 | redis-001 | Reliability | Diagnostic Logs | Redis should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-monitor-diagnostic-settings)
+200 | redis-002 | Reliability | Availability Zones | Redis should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-high-availability)
+201 | redis-003 | Reliability | SLA | Redis should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+202 | redis-004 | Security | Private Endpoint | Redis should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-private-link)
+203 | redis-005 | Reliability | SKU | Redis SKU | High | [Learn](https://azure.microsoft.com/en-gb/pricing/details/cache/)
+204 | redis-006 | Operational Excellence | Naming Convention (CAF) | Redis Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+205 | redis-007 | Operational Excellence | Tags | Redis should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+206 | redis-008 | Security | SSL | Redis should not enable non SSL ports | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-configure#access-ports)
+207 | redis-009 | Security | TLS | Redis should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-cache-for-redis/cache-remove-tls-10-11)
+208 | sb-001 | Reliability | Diagnostic Logs | Service Bus should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/monitor-service-bus#collection-and-routing)
+209 | sb-002 | Reliability | Availability Zones | Service Bus should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-outages-disasters#availability-zones)
+210 | sb-003 | Reliability | SLA | Service Bus should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/service-bus/)
+211 | sb-004 | Security | Private Endpoint | Service Bus should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/network-security)
+212 | sb-005 | Reliability | SKU | Service Bus SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/service-bus/)
+213 | sb-006 | Operational Excellence | Naming Convention (CAF) | Service Bus Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+214 | sb-007 | Operational Excellence | Tags | Service Bus should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+215 | sb-008 | Security | Identity and Access Control | Service Bus should have local authentication disabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/service-bus-messaging/service-bus-sas)
+216 | sigr-001 | Reliability | Diagnostic Logs | SignalR should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/signalr-howto-diagnostic-logs)
+217 | sigr-002 | Reliability | Availability Zones | SignalR should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/availability-zones)
+218 | sigr-003 | Reliability | SLA | SignalR should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/signalr-service/)
+219 | sigr-004 | Security | Private Endpoint | SignalR should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-signalr/howto-private-endpoints)
+220 | sigr-005 | Reliability | SKU | SignalR SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/signalr-service/)
+221 | sigr-006 | Operational Excellence | Naming Convention (CAF) | SignalR Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+222 | sigr-007 | Operational Excellence | Tags | SignalR should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+223 | sql-001 | Reliability | Diagnostic Logs | SQL should have diagnostic settings enabled | Medium | [Learn]()
+224 | sql-004 | Security | Private Endpoint | SQL should have private endpoints enabled | High | [Learn]()
+225 | sql-006 | Operational Excellence | Naming Convention (CAF) | SQL Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+226 | sql-007 | Operational Excellence | Tags | SQL should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+227 | sql-008 | Security | TLS | SQL should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-sql/database/connectivity-settings?view=azuresql&tabs=azure-portal#minimal-tls-version)
+228 | sqldb-001 | Reliability | Diagnostic Logs | SQL Database should have diagnostic settings enabled | Medium | [Learn]()
+229 | sqldb-002 | Reliability | Availability Zones | SQL Database should have availability zones enabled | High | [Learn]()
+230 | sqldb-003 | Reliability | SLA | SQL Database should have a SLA | High | [Learn]()
+231 | sqldb-005 | Reliability | SKU | SQL Database SKU | High | [Learn](https://docs.microsoft.com/en-us/azure/azure-sql/database/service-tiers-vcore?tabs=azure-portal)
+232 | sqldb-006 | Operational Excellence | Naming Convention (CAF) | SQL Database Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+233 | sqldb-007 | Operational Excellence | Tags | SQL Database should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+234 | st-001 | Reliability | Diagnostic Logs | Storage should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/storage/blobs/monitor-blob-storage)
+235 | st-002 | Reliability | Availability Zones | Storage should have availability zones enabled | High | [Learn](https://learn.microsoft.com/EN-US/azure/reliability/migrate-storage)
+236 | st-003 | Reliability | SLA | Storage should have a SLA | High | [Learn](https://www.azure.cn/en-us/support/sla/storage/)
+237 | st-004 | Security | Private Endpoint | Storage should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-private-endpoints)
+238 | st-005 | Reliability | SKU | Storage SKU | High | [Learn](https://learn.microsoft.com/en-us/rest/api/storagerp/srp_sku_types)
+239 | st-006 | Operational Excellence | Naming Convention (CAF) | Storage Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+240 | st-007 | Security | HTTPS Only | Storage Account should use HTTPS only | High | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/storage-require-secure-transfer)
+241 | st-008 | Operational Excellence | Tags | Storage Account should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+242 | st-009 | Security | TLS | Storage Account should enforce TLS >= 1.2 | Low | [Learn](https://learn.microsoft.com/en-us/azure/storage/common/transport-layer-security-configure-minimum-version?tabs=portal)
+243 | vm-001 | Reliability | Diagnostic Logs | Virtual Machine should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-monitor/agents/diagnostics-extension-windows-install)
+244 | vm-002 | Reliability | Availability Zones | Virtual Machine should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-machines/availability#availability-zones)
+245 | vm-003 | Reliability | SLA | Virtual Machine should have a SLA | High | [Learn](https://www.microsoft.com/licensing/docs/view/Service-Level-Agreements-SLA-for-Online-Services?lang=1)
+246 | vm-006 | Operational Excellence | Naming Convention (CAF) | Virtual Machine Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+247 | vm-007 | Operational Excellence | Tags | Virtual Machine should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+248 | vm-008 | Reliability | Reliability | Virtual Machine should use managed disks | High | [Learn](https://learn.microsoft.com/en-us/azure/architecture/checklist/resiliency-per-service#virtual-machines)
+249 | vm-009 | Reliability | Reliability | Virtual Machine should host application or database data on a data disk | Low | [Learn](https://learn.microsoft.com/azure/virtual-machines/managed-disks-overview#data-disk)
+250 | vnet-001 | Reliability | Diagnostic Logs | Virtual Network should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/monitor-virtual-network#collection-and-routing)
+251 | vnet-002 | Reliability | Availability Zones | Virtual Network should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-overview#virtual-networks-and-availability-zones)
+252 | vnet-006 | Operational Excellence | Naming Convention (CAF) | Virtual Network Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+253 | vnet-007 | Operational Excellence | Tags | Virtual Network should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
+254 | vnet-008 | Security | Networking | Virtual Network: All Subnets should have a Network Security Group associated | High | [Learn](https://learn.microsoft.com/azure/virtual-network/concepts-and-best-practices)
+255 | vnet-009 | Reliability | Reliability | Virtual NetworK should have at least two DNS servers assigned | High | [Learn](https://learn.microsoft.com/en-us/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances?tabs=redhat#specify-dns-servers)
+256 | wps-001 | Reliability | Diagnostic Logs | Web Pub Sub should have diagnostic settings enabled | Medium | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-troubleshoot-resource-logs)
+257 | wps-002 | Reliability | Availability Zones | Web Pub Sub should have availability zones enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones)
+258 | wps-003 | Reliability | SLA | Web Pub Sub should have a SLA | High | [Learn](https://azure.microsoft.com/en-gb/support/legal/sla/web-pubsub/)
+259 | wps-004 | Security | Private Endpoint | Web Pub Sub should have private endpoints enabled | High | [Learn](https://learn.microsoft.com/en-us/azure/azure-web-pubsub/howto-secure-private-endpoints)
+260 | wps-005 | Reliability | SKU | Web Pub Sub SKU | High | [Learn](https://azure.microsoft.com/en-us/pricing/details/web-pubsub/)
+261 | wps-006 | Operational Excellence | Naming Convention (CAF) | Web Pub Sub Name should comply with naming conventions | Low | [Learn](https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations)
+262 | wps-007 | Operational Excellence | Tags | Web Pub Sub should have tags | Low | [Learn](https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/tag-resources?tabs=json)
diff --git a/internal/scanners/aks/rules.go b/internal/scanners/aks/rules.go
index 8398aff8..634db37f 100644
--- a/internal/scanners/aks/rules.go
+++ b/internal/scanners/aks/rules.go
@@ -265,7 +265,7 @@ func (a *AKSScanner) GetRules() map[string]scanners.AzureRule {
 				c := target.(*armcontainerservice.ManagedCluster)
 				defaultMaxSurge := false
 				for _, profile := range c.Properties.AgentPoolProfiles {
-					if profile.UpgradeSettings.MaxSurge == nil || (profile.UpgradeSettings.MaxSurge == ref.Of("1")) {
+					if profile.UpgradeSettings == nil || profile.UpgradeSettings.MaxSurge == nil || (profile.UpgradeSettings.MaxSurge == ref.Of("1")) {
 						defaultMaxSurge = true
 						break
 					}
diff --git a/internal/scanners/aks/rules_test.go b/internal/scanners/aks/rules_test.go
index 442a559b..4964afca 100644
--- a/internal/scanners/aks/rules_test.go
+++ b/internal/scanners/aks/rules_test.go
@@ -547,6 +547,27 @@ func TestAKSScanner_Rules(t *testing.T) {
 				result: "",
 			},
 		},
+		{
+			name: "AKSScanner Max Surge with nil UpgradeSettings",
+			fields: fields{
+				rule: "aks-016",
+				target: &armcontainerservice.ManagedCluster{
+					SKU: &armcontainerservice.ManagedClusterSKU{
+						Tier: getSKUTierPaid(),
+					},
+					Properties: &armcontainerservice.ManagedClusterProperties{
+						AgentPoolProfiles: []*armcontainerservice.ManagedClusterAgentPoolProfile{
+							{},
+						},
+					},
+				},
+				scanContext: &scanners.ScanContext{},
+			},
+			want: want{
+				broken: true,
+				result: "",
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
diff --git a/internal/scanners/plan/plan.go b/internal/scanners/asp/asp.go
similarity index 98%
rename from internal/scanners/plan/plan.go
rename to internal/scanners/asp/asp.go
index c4889579..c853972b 100644
--- a/internal/scanners/plan/plan.go
+++ b/internal/scanners/asp/asp.go
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"strings"
@@ -71,7 +71,7 @@ func (a *AppServiceScanner) Scan(resourceGroupName string, scanContext *scanners
 			// https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings
 			kind := strings.ToLower(*s.Kind)
 			switch kind {
-			case "functionapp":
+			case "functionapp,linux", "functionapp":
 				rr := engine.EvaluateRules(functionRules, s, scanContext)
 
 				result = scanners.AzureServiceResult{
diff --git a/internal/scanners/plan/rules.go b/internal/scanners/asp/rules.go
similarity index 97%
rename from internal/scanners/plan/rules.go
rename to internal/scanners/asp/rules.go
index b2b821a5..dad8cbbf 100644
--- a/internal/scanners/plan/rules.go
+++ b/internal/scanners/asp/rules.go
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"strings"
@@ -27,8 +27,8 @@ func (a *AppServiceScanner) GetRules() map[string]scanners.AzureRule {
 
 func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 	return map[string]scanners.AzureRule{
-		"plan-001": {
-			Id:          "plan-001",
+		"asp-001": {
+			Id:          "asp-001",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilityDiagnosticLogs,
 			Description: "Plan should have diagnostic settings enabled",
@@ -40,8 +40,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			},
 			Field: scanners.OverviewFieldDiagnostics,
 		},
-		"plan-002": {
-			Id:          "plan-002",
+		"asp-002": {
+			Id:          "asp-002",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilityAvailabilityZones,
 			Description: "Plan should have availability zones enabled",
@@ -54,8 +54,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/reliability/migrate-app-service",
 			Field: scanners.OverviewFieldAZ,
 		},
-		"plan-003": {
-			Id:          "plan-003",
+		"asp-003": {
+			Id:          "asp-003",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilitySLA,
 			Description: "Plan should have a SLA",
@@ -72,8 +72,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://www.azure.cn/en-us/support/sla/app-service/",
 			Field: scanners.OverviewFieldSLA,
 		},
-		"plan-005": {
-			Id:          "plan-005",
+		"asp-005": {
+			Id:          "asp-005",
 			Category:    scanners.RulesCategoryReliability,
 			Subcategory: scanners.RulesSubcategoryReliabilitySKU,
 			Description: "Plan SKU",
@@ -85,8 +85,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/app-service/overview-hosting-plans",
 			Field: scanners.OverviewFieldSKU,
 		},
-		"plan-006": {
-			Id:          "plan-006",
+		"asp-006": {
+			Id:          "asp-006",
 			Category:    scanners.RulesCategoryOperationalExcellence,
 			Subcategory: scanners.RulesSubcategoryOperationalExcellenceCAF,
 			Description: "Plan Name should comply with naming conventions",
@@ -99,8 +99,8 @@ func (a *AppServiceScanner) getPlanRules() map[string]scanners.AzureRule {
 			Url:   "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
 			Field: scanners.OverviewFieldCAF,
 		},
-		"plan-007": {
-			Id:          "plan-007",
+		"asp-007": {
+			Id:          "asp-007",
 			Category:    scanners.RulesCategoryOperationalExcellence,
 			Subcategory: scanners.RulesSubcategoryOperationalExcellenceTags,
 			Description: "Plan should have tags",
diff --git a/internal/scanners/plan/rules_test.go b/internal/scanners/asp/rules_test.go
similarity index 98%
rename from internal/scanners/plan/rules_test.go
rename to internal/scanners/asp/rules_test.go
index 476746a3..d64e3173 100644
--- a/internal/scanners/plan/rules_test.go
+++ b/internal/scanners/asp/rules_test.go
@@ -1,7 +1,7 @@
 // Copyright (c) Microsoft Corporation.
 // Licensed under the MIT License.
 
-package plan
+package asp
 
 import (
 	"reflect"
@@ -30,7 +30,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner DiagnosticSettings",
 			fields: fields{
-				rule: "plan-001",
+				rule: "asp-001",
 				target: &armappservice.Plan{
 					ID: ref.Of("test"),
 				},
@@ -48,7 +48,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner Availability Zones",
 			fields: fields{
-				rule: "plan-002",
+				rule: "asp-002",
 				target: &armappservice.Plan{
 					Properties: &armappservice.PlanProperties{
 						ZoneRedundant: ref.Of(true),
@@ -64,7 +64,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SLA None",
 			fields: fields{
-				rule: "plan-003",
+				rule: "asp-003",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Tier: ref.Of("Free"),
@@ -80,7 +80,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SLA 99.95%",
 			fields: fields{
-				rule: "plan-003",
+				rule: "asp-003",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Tier: ref.Of("ElasticPremium"),
@@ -96,7 +96,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner SKU",
 			fields: fields{
-				rule: "plan-005",
+				rule: "asp-005",
 				target: &armappservice.Plan{
 					SKU: &armappservice.SKUDescription{
 						Name: ref.Of("EP1"),
@@ -112,7 +112,7 @@ func TestAppServiceScanner_Rules(t *testing.T) {
 		{
 			name: "AppServiceScanner CAF",
 			fields: fields{
-				rule: "plan-006",
+				rule: "asp-006",
 				target: &armappservice.Plan{
 					Name: ref.Of("asp-test"),
 				},
diff --git a/internal/scanners/sql/rules.go b/internal/scanners/sql/rules.go
index 3e34e1df..8c72bcac 100644
--- a/internal/scanners/sql/rules.go
+++ b/internal/scanners/sql/rules.go
@@ -156,7 +156,7 @@ func (a *SQLScanner) getDatabaseRules() map[string]scanners.AzureRule {
 			Severity:    scanners.SeverityLow,
 			Eval: func(target interface{}, scanContext *scanners.ScanContext) (bool, string) {
 				c := target.(*armsql.Database)
-				caf := strings.HasPrefix(*c.Name, "sqldb")
+				caf := *c.Name == "master" || strings.HasPrefix(*c.Name, "sqldb")
 				return !caf, ""
 			},
 			Url:   "https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/azure-best-practices/resource-abbreviations",
diff --git a/internal/scanners/vnet/vwan.go b/internal/scanners/vnet/vnet.go
similarity index 100%
rename from internal/scanners/vnet/vwan.go
rename to internal/scanners/vnet/vnet.go