BernieWhite
diff --git a/‎BaselineToc.Doc.ps1
+6-2 b/‎BaselineToc.Doc.ps1
+6-2
diff --git a/‎docs/CHANGELOG-v1.md
+10 b/‎docs/CHANGELOG-v1.md
+10
diff --git a/‎docs/en/baselines/Azure.All.md
+2-2 b/‎docs/en/baselines/Azure.All.md
+2-2
diff --git a/‎docs/en/baselines/Azure.Default.md
+2-2 b/‎docs/en/baselines/Azure.Default.md
+2-2
diff --git a/‎docs/en/baselines/Azure.GA_2020_06.md
+5-1 b/‎docs/en/baselines/Azure.GA_2020_06.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2020_09.md
+5-1 b/‎docs/en/baselines/Azure.GA_2020_09.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2020_12.md
+5-1 b/‎docs/en/baselines/Azure.GA_2020_12.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2021_03.md
+5-1 b/‎docs/en/baselines/Azure.GA_2021_03.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2021_06.md
+5-1 b/‎docs/en/baselines/Azure.GA_2021_06.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2021_09.md
+5-1 b/‎docs/en/baselines/Azure.GA_2021_09.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2021_12.md
+5-1 b/‎docs/en/baselines/Azure.GA_2021_12.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2022_03.md
+5-1 b/‎docs/en/baselines/Azure.GA_2022_03.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2022_06.md
+5-1 b/‎docs/en/baselines/Azure.GA_2022_06.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2022_09.md
+5-1 b/‎docs/en/baselines/Azure.GA_2022_09.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2022_12.md
+5-1 b/‎docs/en/baselines/Azure.GA_2022_12.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2023_03.md
+5-1 b/‎docs/en/baselines/Azure.GA_2023_03.md
+5-1
diff --git a/‎docs/en/baselines/Azure.GA_2023_06.md
+6-2 b/‎docs/en/baselines/Azure.GA_2023_06.md
+6-2
diff --git a/‎docs/en/baselines/Azure.GA_2023_09.md
+6-2 b/‎docs/en/baselines/Azure.GA_2023_09.md
+6-2
diff --git a/‎docs/en/baselines/Azure.GA_2023_12.md
+2-2 b/‎docs/en/baselines/Azure.GA_2023_12.md
+2-2
diff --git a/‎docs/en/baselines/Azure.MCSB.v1.md
+8-2 b/‎docs/en/baselines/Azure.MCSB.v1.md
+8-2
@@ -14,6 +14,8 @@ Document 'baseline' -If { $PSDocs.TargetObject.Name -ne 'Azure.MCSB.v1' } {
 
     Title $baselineName;
 
+    Metadata $PSDocs.TargetObject.metadata.annotations
+
     if ($obsolete) {
         '<!-- OBSOLETE -->'
     }
@@ -26,7 +28,7 @@ Document 'baseline' -If { $PSDocs.TargetObject.Name -ne 'Azure.MCSB.v1' } {
     Write-Verbose -Message "[Baseline] -- Found $ruleCount rules.";
 
     Section 'Rules' -If { $ruleCount -gt 0 } {
-        "The following rules are included within ``$baselineName``. This baseline includes a total of $ruleCount rules.";
+        "The following rules are included within the ``$baselineName`` baseline. This baseline includes a total of $ruleCount rules.";
         $rules | Table -Property @{ Name = 'Name'; Expression = {
             "[$($_.Name)](../rules/$($_.Name).md)"
         }}, Synopsis, @{ Name = 'Severity'; Expression = {
@@ -46,6 +48,8 @@ Document 'Azure.MCSB.Baseline' -If { $PSDocs.TargetObject.Name -eq 'Azure.MCSB.v
 
     Title $baselineName;
 
+    Metadata $PSDocs.TargetObject.metadata.annotations
+
     if ($experimental) {
         '<!-- EXPERIMENTAL -->'
     }
@@ -62,7 +66,7 @@ Document 'Azure.MCSB.Baseline' -If { $PSDocs.TargetObject.Name -eq 'Azure.MCSB.v
     Write-Verbose -Message "[Baseline] -- Found $ruleCount rules.";
 
     Section 'Controls' -If { $ruleCount -gt 0 } {
-        "The following rules are included within ``$baselineName``. This baseline includes a total of $ruleCount rules.";
+        "The following rules are included within the ``$baselineName`` baseline. This baseline includes a total of $ruleCount rules.";
         $rules | Table -Property @{ Name = 'Name'; Expression = {
             "[$($_.Name)](../rules/$($_.Name).md)"
         }}, Synopsis, @{ Name = 'Severity'; Expression = {
 
@@ -34,6 +34,16 @@ See [upgrade notes][1] for helpful information when upgrading from previous vers
 
 What's changed since v1.34.2:
 
+- New features:
+  - Added WAF pillar specific baselines by @BernieWhite.
+    [#1633](https://github.com/Azure/PSRule.Rules.Azure/issues/1633)
+    - Use pillar specific baselines to target a specific area of the Azure Well-Architected Framework.
+    - The following baselines have been added:
+      - `Azure.Pillar.CostOptimization`
+      - `Azure.Pillar.OperationalExcellence`
+      - `Azure.Pillar.PerformanceEfficiency`
+      - `Azure.Pillar.Reliability`
+      - `Azure.Pillar.Security`
 - General improvements:
   - Documentation improvements by @BernieWhite.
     [#2570](https://github.com/Azure/PSRule.Rules.Azure/issues/2570)
 
@@ -4,7 +4,7 @@ Includes all Azure rules.
 
 ## Rules
 
-The following rules are included within `Azure.All`. This baseline includes a total of 411 rules.
+The following rules are included within the `Azure.All` baseline. This baseline includes a total of 411 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -259,7 +259,7 @@ Name | Synopsis | Severity
 [Azure.Policy.Descriptors](../rules/Azure.Policy.Descriptors.md) | Policy and initiative definitions should use a display name, description, and category. | Awareness
 [Azure.Policy.ExemptionDescriptors](../rules/Azure.Policy.ExemptionDescriptors.md) | Policy exemptions should use a display name and description. | Awareness
 [Azure.Policy.WaiverExpiry](../rules/Azure.Policy.WaiverExpiry.md) | Configure policy waiver exemptions to expire. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.AllowAzureAccess](../rules/Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
 [Azure.PostgreSQL.DefenderCloud](../rules/Azure.PostgreSQL.DefenderCloud.md) | Enable Microsoft Defender for Cloud for Azure Database for PostgreSQL. | Important
 
@@ -4,7 +4,7 @@ Default baseline for Azure rules.
 
 ## Rules
 
-The following rules are included within `Azure.Default`. This baseline includes a total of 402 rules.
+The following rules are included within the `Azure.Default` baseline. This baseline includes a total of 402 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -252,7 +252,7 @@ Name | Synopsis | Severity
 [Azure.Policy.Descriptors](../rules/Azure.Policy.Descriptors.md) | Policy and initiative definitions should use a display name, description, and category. | Awareness
 [Azure.Policy.ExemptionDescriptors](../rules/Azure.Policy.ExemptionDescriptors.md) | Policy exemptions should use a display name and description. | Awareness
 [Azure.Policy.WaiverExpiry](../rules/Azure.Policy.WaiverExpiry.md) | Configure policy waiver exemptions to expire. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.AllowAzureAccess](../rules/Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
 [Azure.PostgreSQL.DefenderCloud](../rules/Azure.PostgreSQL.DefenderCloud.md) | Enable Microsoft Defender for Cloud for Azure Database for PostgreSQL. | Important
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2020_06
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released June 2020 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2020_06`. This baseline includes a total of 136 rules.
+The following rules are included within the `Azure.GA_2020_06` baseline. This baseline includes a total of 136 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2020_09
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released September 2020 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2020_09`. This baseline includes a total of 152 rules.
+The following rules are included within the `Azure.GA_2020_09` baseline. This baseline includes a total of 152 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2020_12
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released December 2020 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2020_12`. This baseline includes a total of 176 rules.
+The following rules are included within the `Azure.GA_2020_12` baseline. This baseline includes a total of 176 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2021_03
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released March 2021 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2021_03`. This baseline includes a total of 191 rules.
+The following rules are included within the `Azure.GA_2021_03` baseline. This baseline includes a total of 191 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2021_06
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released June 2021 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2021_06`. This baseline includes a total of 205 rules.
+The following rules are included within the `Azure.GA_2021_06` baseline. This baseline includes a total of 205 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2021_09
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released September 2021 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2021_09`. This baseline includes a total of 224 rules.
+The following rules are included within the `Azure.GA_2021_09` baseline. This baseline includes a total of 224 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2021_12
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released December 2021 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2021_12`. This baseline includes a total of 250 rules.
+The following rules are included within the `Azure.GA_2021_12` baseline. This baseline includes a total of 250 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2022_03
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released March 2022 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2022_03`. This baseline includes a total of 266 rules.
+The following rules are included within the `Azure.GA_2022_03` baseline. This baseline includes a total of 266 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2022_06
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released June 2022 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2022_06`. This baseline includes a total of 270 rules.
+The following rules are included within the `Azure.GA_2022_06` baseline. This baseline includes a total of 270 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2022_09
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released September 2022 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2022_09`. This baseline includes a total of 301 rules.
+The following rules are included within the `Azure.GA_2022_09` baseline. This baseline includes a total of 301 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2022_12
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released December 2022 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2022_12`. This baseline includes a total of 339 rules.
+The following rules are included within the `Azure.GA_2022_12` baseline. This baseline includes a total of 339 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2023_03
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released March 2023 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2023_03`. This baseline includes a total of 359 rules.
+The following rules are included within the `Azure.GA_2023_03` baseline. This baseline includes a total of 359 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2023_06
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released June 2023 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2023_06`. This baseline includes a total of 374 rules.
+The following rules are included within the `Azure.GA_2023_06` baseline. This baseline includes a total of 374 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -229,7 +233,7 @@ Name | Synopsis | Severity
 [Azure.Policy.Descriptors](../rules/Azure.Policy.Descriptors.md) | Policy and initiative definitions should use a display name, description, and category. | Awareness
 [Azure.Policy.ExemptionDescriptors](../rules/Azure.Policy.ExemptionDescriptors.md) | Policy exemptions should use a display name and description. | Awareness
 [Azure.Policy.WaiverExpiry](../rules/Azure.Policy.WaiverExpiry.md) | Configure policy waiver exemptions to expire. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.AllowAzureAccess](../rules/Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
 [Azure.PostgreSQL.DefenderCloud](../rules/Azure.PostgreSQL.DefenderCloud.md) | Enable Microsoft Defender for Cloud for Azure Database for PostgreSQL. | Important
 
@@ -1,3 +1,7 @@
+---
+obsolete: true
+---
+
 # Azure.GA_2023_09
 
 <!-- OBSOLETE -->
@@ -6,7 +10,7 @@ Include rules released September 2023 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2023_09`. This baseline includes a total of 385 rules.
+The following rules are included within the `Azure.GA_2023_09` baseline. This baseline includes a total of 385 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -238,7 +242,7 @@ Name | Synopsis | Severity
 [Azure.Policy.Descriptors](../rules/Azure.Policy.Descriptors.md) | Policy and initiative definitions should use a display name, description, and category. | Awareness
 [Azure.Policy.ExemptionDescriptors](../rules/Azure.Policy.ExemptionDescriptors.md) | Policy exemptions should use a display name and description. | Awareness
 [Azure.Policy.WaiverExpiry](../rules/Azure.Policy.WaiverExpiry.md) | Configure policy waiver exemptions to expire. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.AllowAzureAccess](../rules/Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
 [Azure.PostgreSQL.DefenderCloud](../rules/Azure.PostgreSQL.DefenderCloud.md) | Enable Microsoft Defender for Cloud for Azure Database for PostgreSQL. | Important
 
@@ -4,7 +4,7 @@ Include rules released December 2023 or prior for Azure GA features.
 
 ## Rules
 
-The following rules are included within `Azure.GA_2023_12`. This baseline includes a total of 394 rules.
+The following rules are included within the `Azure.GA_2023_12` baseline. This baseline includes a total of 394 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -245,7 +245,7 @@ Name | Synopsis | Severity
 [Azure.Policy.Descriptors](../rules/Azure.Policy.Descriptors.md) | Policy and initiative definitions should use a display name, description, and category. | Awareness
 [Azure.Policy.ExemptionDescriptors](../rules/Azure.Policy.ExemptionDescriptors.md) | Policy exemptions should use a display name and description. | Awareness
 [Azure.Policy.WaiverExpiry](../rules/Azure.Policy.WaiverExpiry.md) | Configure policy waiver exemptions to expire. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.AllowAzureAccess](../rules/Azure.PostgreSQL.AllowAzureAccess.md) | Determine if access from Azure services is required. | Important
 [Azure.PostgreSQL.DefenderCloud](../rules/Azure.PostgreSQL.DefenderCloud.md) | Enable Microsoft Defender for Cloud for Azure Database for PostgreSQL. | Important
 
@@ -1,3 +1,9 @@
+---
+taxonomy: Azure.MCSB.v1
+export: true
+experimental: true
+---
+
 # Azure.MCSB.v1
 
 <!-- EXPERIMENTAL -->
@@ -6,7 +12,7 @@ Microsoft Cloud Security Benchmark v1.
 
 ## Controls
 
-The following rules are included within `Azure.MCSB.v1`. This baseline includes a total of 131 rules.
+The following rules are included within the `Azure.MCSB.v1` baseline. This baseline includes a total of 131 rules.
 
 Name | Synopsis | Severity
 ---- | -------- | --------
@@ -104,7 +110,7 @@ Name | Synopsis | Severity
 [Azure.MySQL.MinTLS](../rules/Azure.MySQL.MinTLS.md) | MySQL DB servers should reject TLS versions older than 1.2. | Critical
 [Azure.MySQL.UseSSL](../rules/Azure.MySQL.UseSSL.md) | Enforce encrypted MySQL connections. | Critical
 [Azure.NSG.Associated](../rules/Azure.NSG.Associated.md) | Network Security Groups (NSGs) should be associated to a subnet or network interface. | Awareness
-[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Azure Active Directory (AAD) authentication with Azure Database for PostgreSQL databases. | Critical
+[Azure.PostgreSQL.AAD](../rules/Azure.PostgreSQL.AAD.md) | Use Entra ID authentication with Azure Database for PostgreSQL databases. | Critical
 [Azure.PostgreSQL.AADOnly](../rules/Azure.PostgreSQL.AADOnly.md) | Ensure Azure AD-only authentication is enabled with Azure Database for PostgreSQL databases. | Important
 [Azure.PostgreSQL.MinTLS](../rules/Azure.PostgreSQL.MinTLS.md) | PostgreSQL DB servers should reject TLS versions older than 1.2. | Critical
 [Azure.PostgreSQL.UseSSL](../rules/Azure.PostgreSQL.UseSSL.md) | Enforce encrypted PostgreSQL connections. | Critical