BernieWhite
diff --git a/‎docs/en/rules/Azure.EventHub.DisableLocalAuth.md
+33-29 b/‎docs/en/rules/Azure.EventHub.DisableLocalAuth.md
+33-29
diff --git a/‎docs/en/rules/Azure.EventHub.MinTLS.md
+27-14 b/‎docs/en/rules/Azure.EventHub.MinTLS.md
+27-14
diff --git a/‎docs/en/rules/Azure.NSG.AnyInboundSource.md
+19-18 b/‎docs/en/rules/Azure.NSG.AnyInboundSource.md
+19-18
diff --git a/‎docs/examples-eventhub.bicep
+4-2 b/‎docs/examples-eventhub.bicep
+4-2
diff --git a/‎docs/examples-eventhub.json
+5-3 b/‎docs/examples-eventhub.json
+5-3
@@ -1,8 +1,8 @@
 ---
-reviewed: 2022-01-22
+reviewed: 2024-02-24
 severity: Important
 pillar: Security
-category: Authentication
+category: SE:05 Identity and access management
 resource: Event Hub
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.EventHub.DisableLocalAuth/
 ---
@@ -11,20 +11,20 @@ online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.EventH
 
 ## SYNOPSIS
 
-Authenticate Event Hub publishers and consumers with Azure AD identities.
+Authenticate Event Hub publishers and consumers with Entra ID identities.
 
 ## DESCRIPTION
 
-To publish or consume events from Event Hubs cryptographic keys, or Azure AD identities can be used.
+To publish or consume events from Event Hubs cryptographic keys, or Entra ID (previously Azure AD) identities can be used.
 Cryptographic keys include Shared Access Policy keys or Shared Access Signature (SAS) tokens.
-With Azure AD authentication, the identity is validated against Azure AD.
-Using Azure AD identities centralizes identity management and auditing.
+With Entra ID authentication, the identity is validated against Azure AD.
+Using Entra ID identities centralizes identity management and auditing.
 
-Once you decide to use Azure AD authentication, you can disable authentication using keys or SAS tokens.
+Once you decide to use Entra ID authentication, you can disable authentication using keys or SAS tokens.
 
 ## RECOMMENDATION
 
-Consider only using Azure AD identities to publish or consume events from Event Hub.
+Consider only using Entra ID identities to publish or consume events from Event Hub.
 Then disable authentication based on access keys or SAS tokens.
 
 ## EXAMPLES
@@ -39,22 +39,24 @@ For example:
 
 ```json
 {
-    "type": "Microsoft.EventHub/namespaces",
-    "apiVersion": "2021-11-01",
-    "name": "[parameters('name')]",
-    "location": "[parameters('location')]",
-    "identity": {
-        "type": "SystemAssigned"
-    },
-    "sku": {
-        "name": "Standard"
-    },
-    "properties": {
-        "disableLocalAuth": true,
-        "isAutoInflateEnabled": true,
-        "maximumThroughputUnits": 10,
-        "zoneRedundant": true
-    }
+  "type": "Microsoft.EventHub/namespaces",
+  "apiVersion": "2024-01-01",
+  "name": "[parameters('name')]",
+  "location": "[parameters('location')]",
+  "identity": {
+    "type": "SystemAssigned"
+  },
+  "sku": {
+    "name": "Standard"
+  },
+  "properties": {
+    "disableLocalAuth": true,
+    "minimumTlsVersion": "1.2",
+    "publicNetworkAccess": "Disabled",
+    "isAutoInflateEnabled": true,
+    "maximumThroughputUnits": 10,
+    "zoneRedundant": true
+  }
 }
 ```
 
@@ -67,7 +69,7 @@ To deploy Event Hub namespaces that pass this rule:
 For example:
 
 ```bicep
-resource ns 'Microsoft.EventHub/namespaces@2021-11-01' = {
+resource ns 'Microsoft.EventHub/namespaces@2024-01-01' = {
   name: name
   location: location
   identity: {
@@ -78,6 +80,8 @@ resource ns 'Microsoft.EventHub/namespaces@2021-11-01' = {
   }
   properties: {
     disableLocalAuth: true
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Disabled'
     isAutoInflateEnabled: true
     maximumThroughputUnits: 10
     zoneRedundant: true
@@ -87,7 +91,7 @@ resource ns 'Microsoft.EventHub/namespaces@2021-11-01' = {
 
 ## LINKS
 
-- [Use identity-based authentication](https://learn.microsoft.com/azure/well-architected/security/design-identity-authentication#use-identity-based-authentication)
-- [Authorize access to Event Hubs resources using Azure Active Directory](https://docs.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory)
-- [Disabling Local/SAS Key authentication](https://docs.microsoft.com/azure/event-hubs/authenticate-shared-access-signature#disabling-localsas-key-authentication)
-- [Azure deployment reference](https://docs.microsoft.com/azure/templates/microsoft.eventhub/namespaces)
+- [SE:05 Identity and access management](https://learn.microsoft.com/azure/well-architected/security/identity-access#use-identity-based-authentication)
+- [Authorize access to Event Hubs resources using Microsoft Entra ID](https://learn.microsoft.com/azure/event-hubs/authorize-access-azure-active-directory)
+- [Disabling Local/SAS Key authentication](https://learn.microsoft.com/azure/event-hubs/authenticate-shared-access-signature#disabling-localsas-key-authentication)
+- [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces)
@@ -1,7 +1,8 @@
 ---
+reviewed: 2024-02-24
 severity: Critical
 pillar: Security
-category: Encryption
+category: SE:07 Encryption
 resource: Event Hub
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.EventHub.MinTLS/
 ---
@@ -30,23 +31,29 @@ Configure the minimum supported TLS version to be 1.2.
 
 To deploy Event Hub namespaces that pass this rule:
 
-- Set the `properties.minimumlTlsVersion` property to `1.2`.
+- Set the `properties.minimumTlsVersion` property to `1.2`.
 
 For example:
 
 ```json
 {
   "type": "Microsoft.EventHub/namespaces",
-  "apiVersion": "2022-01-01-preview",
-  "name": "[parameters('eventHubNamespaceName')]",
+  "apiVersion": "2024-01-01",
+  "name": "[parameters('name')]",
   "location": "[parameters('location')]",
+  "identity": {
+    "type": "SystemAssigned"
+  },
   "sku": {
-    "name": "[parameters('eventHubSku')]",
-    "tier": "[parameters('eventHubSku')]",
-    "capacity": 1,
+    "name": "Standard"
   },
   "properties": {
+    "disableLocalAuth": true,
     "minimumTlsVersion": "1.2",
+    "publicNetworkAccess": "Disabled",
+    "isAutoInflateEnabled": true,
+    "maximumThroughputUnits": 10,
+    "zoneRedundant": true
   }
 }
 ```
@@ -55,28 +62,34 @@ For example:
 
 To deploy Event Hub namespaces that pass this rule:
 
-- Set the `properties.minimumlTlsVersion` property to `1.2`.
+- Set the `properties.minimumTlsVersion` property to `1.2`.
 
 For example:
 
 ```bicep
-resource eventHubNamespace 'Microsoft.EventHub/namespaces@2022-01-01-preview' = {
-  name: eventHubNamespaceName
+resource ns 'Microsoft.EventHub/namespaces@2024-01-01' = {
+  name: name
   location: location
+  identity: {
+    type: 'SystemAssigned'
+  }
   sku: {
-    name: eventHubSku
-    tier: eventHubSku
-    capacity: 1
+    name: 'Standard'
   }
   properties: {
+    disableLocalAuth: true
     minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Disabled'
+    isAutoInflateEnabled: true
+    maximumThroughputUnits: 10
+    zoneRedundant: true
   }
 }
 ```
 
 ## LINKS
 
-- [Data encryption in Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-storage-encryption#data-in-transit)
+- [SE:07 Encryption](https://learn.microsoft.com/azure/well-architected/security/encryption)
 - [Enforce a minimum required version of Transport Layer Security (TLS) for requests to an Event Hubs namespace](https://learn.microsoft.com/azure/event-hubs/transport-layer-security-enforce-minimum-version)
 - [Preparing for TLS 1.2 in Microsoft Azure](https://azure.microsoft.com/updates/azuretls12/)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.eventhub/namespaces)
@@ -1,7 +1,8 @@
 ---
+reviewed: 2024-02-24
 severity: Critical
 pillar: Security
-category: Application endpoints
+category: SE:06 Network controls
 resource: Network Security Group
 online version: https://azure.github.io/PSRule.Rules.Azure/en/rules/Azure.NSG.AnyInboundSource/
 ---
@@ -38,15 +39,15 @@ If inbound access from Internet-based sources is intended, consider using the se
 
 To deploy Network Security Groups that pass this rule:
 
-- Set the `sourceAddressPrefix` or `sourceAddressPrefixes` to a value other then `*` for inbound allow rules.
+- Set the `sourceAddressPrefix` or `sourceAddressPrefixes` property to a value other then `*` for inbound allow rules.
 
 For example:
 
 ```json
 {
   "type": "Microsoft.Network/networkSecurityGroups",
-  "apiVersion": "2022-01-01",
-  "name": "[parameters('nsgName')]",
+  "apiVersion": "2023-09-01",
+  "name": "[parameters('name')]",
   "location": "[parameters('location')]",
   "properties": {
     "securityRules": [
@@ -120,8 +121,8 @@ For example:
 ```json
 {
   "type": "Microsoft.Network/applicationSecurityGroups",
-  "apiVersion": "2022-01-01",
-  "name": "[parameters('asgName')]",
+  "apiVersion": "2023-09-01",
+  "name": "[parameters('name')]",
   "location": "[parameters('location')]",
   "properties": {}
 }
@@ -131,13 +132,13 @@ For example:
 
 To deploy Network Security Groups that pass this rule:
 
-- Set the `sourceAddressPrefix` or `sourceAddressPrefixes` to a value other then `*` for inbound allow rules.
+- Set the `sourceAddressPrefix` or `sourceAddressPrefixes` property to a value other then `*` for inbound allow rules.
 
 For example:
 
 ```bicep
-resource nsg 'Microsoft.Network/networkSecurityGroups@2022-01-01' = {
-  name: nsgName
+resource nsg 'Microsoft.Network/networkSecurityGroups@2023-09-01' = {
+  name: name
   location: location
   properties: {
     securityRules: [
@@ -208,20 +209,20 @@ resource nsg 'Microsoft.Network/networkSecurityGroups@2022-01-01' = {
 To create an Application Security Group, use the `Microsoft.Network/applicationSecurityGroups` resource.
 For example:
 
-```Bicep
-resource asg 'Microsoft.Network/applicationSecurityGroups@2022-01-01' = {
-  name: asgName
-  location:location
+```bicep
+resource asg 'Microsoft.Network/applicationSecurityGroups@2023-09-01' = {
+  name: name
+  location: location
   properties: {}
 }
 ```
 
 ## LINKS
 
-- [Best practices for endpoint security on Azure](https://learn.microsoft.com/azure/architecture/framework/security/design-network-endpoints)
+- [SE:06 Network controls](https://learn.microsoft.com/azure/well-architected/security/networking)
+- [Network Security Groups](https://learn.microsoft.com/azure/virtual-network/network-security-groups-overview)
 - [Service Tags Overview](https://learn.microsoft.com/azure/virtual-network/service-tags-overview)
-- [Network Security Groups](https://docs.microsoft.com/azure/virtual-network/security-overview)
-- [Logically segment subnets](https://docs.microsoft.com/azure/security/fundamentals/network-best-practices#logically-segment-subnets)
-- [What is Azure Application Gateway?](https://docs.microsoft.com/azure/application-gateway/overview)
-- [Azure DDoS Protection Standard overview](https://docs.microsoft.com/azure/virtual-network/ddos-protection-overview)
+- [Logically segment subnets](https://learn.microsoft.com/azure/security/fundamentals/network-best-practices#logically-segment-subnets)
+- [What is Azure Application Gateway?](https://learn.microsoft.com/azure/application-gateway/overview)
+- [What is Azure DDoS Protection?](https://learn.microsoft.com/azure/ddos-protection/ddos-protection-overview)
 - [Azure deployment reference](https://learn.microsoft.com/azure/templates/microsoft.network/networksecuritygroups/securityrules)
@@ -9,8 +9,8 @@ param name string
 @description('The location resources will be deployed.')
 param location string = resourceGroup().location
 
-// An example Event Hub namespace
-resource ns 'Microsoft.EventHub/namespaces@2021-11-01' = {
+// An example Event Hub namespace.
+resource ns 'Microsoft.EventHub/namespaces@2024-01-01' = {
   name: name
   location: location
   identity: {
@@ -21,6 +21,8 @@ resource ns 'Microsoft.EventHub/namespaces@2021-11-01' = {
   }
   properties: {
     disableLocalAuth: true
+    minimumTlsVersion: '1.2'
+    publicNetworkAccess: 'Disabled'
     isAutoInflateEnabled: true
     maximumThroughputUnits: 10
     zoneRedundant: true
 
@@ -4,8 +4,8 @@
   "metadata": {
     "_generator": {
       "name": "bicep",
-      "version": "0.4.1124.51302",
-      "templateHash": "8147439201000013969"
+      "version": "0.25.53.49325",
+      "templateHash": "955114084331896299"
     }
   },
   "parameters": {
@@ -26,7 +26,7 @@
   "resources": [
     {
       "type": "Microsoft.EventHub/namespaces",
-      "apiVersion": "2021-11-01",
+      "apiVersion": "2024-01-01",
       "name": "[parameters('name')]",
       "location": "[parameters('location')]",
       "identity": {
@@ -37,6 +37,8 @@
       },
       "properties": {
         "disableLocalAuth": true,
+        "minimumTlsVersion": "1.2",
+        "publicNetworkAccess": "Disabled",
         "isAutoInflateEnabled": true,
         "maximumThroughputUnits": 10,
         "zoneRedundant": true