Network - 25550 - Inspection of Outbound TLS Traffic is Enabled on Azure Firewall

[Manoj-Kesana]

Inspection of Outbound TLS Traffic is Enabled on Azure Firewall

[Copilot]

Pull request overview

This PR introduces a new assessment test (Test-Assessment.25550) that verifies Azure Firewall Premium has TLS inspection properly enabled. The test checks for both global certificate authority configuration and at least one application rule with TLS inspection explicitly enabled.

Changes:

• Added PowerShell test function to evaluate Azure Firewall Premium TLS inspection configuration
• Added markdown documentation explaining the importance of TLS inspection for detecting threats in encrypted traffic

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 6 comments.

File	Description
src/powershell/tests/Test-Assessment.25550.ps1	Implements test logic to query Azure subscriptions for Firewall Premium policies, check for transportSecurity.certificateAuthority configuration, and verify application rules have terminateTLS enabled
src/powershell/tests/Test-Assessment.25550.md	Provides user-facing documentation explaining TLS inspection capabilities, security benefits, and remediation guidance with Microsoft Learn links

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The code extracts the last segment of the PolicyId resource path, which is the policy name. This is redundant since the PolicyName is already displayed in the previous column. Consider either showing the full resource ID for the "Azure Firewall policy ID" column, or removing this column entirely since it duplicates the policy name.

Suggested change

	# Extract just the policy name from the full resource ID
	$policyIdShort = ($policyInfo.PolicyId -split '/')[-1]
	$policyId = Get-SafeMarkdown -Text $policyIdShort
	$policyId = Get-SafeMarkdown -Text $policyInfo.PolicyId