✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "object-storage-tls-policy" for control "CCC.Core.CN01" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Account TLS Policy Check: ⊘ "{result}" is true (skipped)

✗ I attempt policy check "object-storage-unencrypted-policy" for control "CCC.Core.CN01" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Unencrypted Traffic Block Check: ⊘ "{result}" is true (skipped)

✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-encryption" for control "CCC.Core.CN02" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-delete-protection" for control "CCC.Core.CN03" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ I attempt policy check "admin-logging" for control "CCC.Core.CN04" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "data-write-logging" for control "CCC.Core.CN04" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Diagnostic Logging Write Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "data-read-logging" for control "CCC.Core.CN04" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Diagnostic Logging Read Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I attempt policy check "object-storage-block-public-write-access" for control "CCC.Core.CN05" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-cross-tenant-block" for control "CCC.Core.CN05" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-block-public-read" for control "CCC.Core.CN05" assessment requirement "AR04" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-region" for control "CCC.Core.CN06" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "enumeration-monitoring-policy" for control "CCC.Core.CN07" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Enumeration Monitoring Policy Check: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "enumeration-logging-policy" for control "CCC.Core.CN07" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Enumeration Logging Policy Check: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I attempt policy check "object-storage-replication" for control "CCC.Core.CN08" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I attempt policy check "object-storage-replication-status" for control "CCC.Core.CN08" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "object-storage-access-logging" for control "CCC.Core.CN09" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Account Diagnostic Logging Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-replication-destination" for control "CCC.Core.CN10" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I attempt policy check "no-public-access" for control "CCC.ObjStor.CN01" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I call "{storage}" with "CreateObject" using arguments "{ResourceName}", "test-object={Timestamp}.txt", and "test content" ✓ "{result}" is not an error ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ "{result}" is not an error ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ "{result}" is not an error ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR04" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "uniform-bucket-level-access" for control "CCC.ObjStor.CN02" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Uniform Access Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:06.8631348Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: ab09e371-d8db-4951-abad-bc2c234a2e00 Correlation ID: b567dbef-fa9d-4a57-aa5a-004ad8939956 Timestamp: 2026-04-08 18:35:06Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "bucket-soft-delete" for control "CCC.ObjStor.CN03" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Soft Delete Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:08.7540070Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 741de93f-4a6c-4004-8d16-6b5b8c62a200 Correlation ID: 42c75dce-6be7-403c-be9d-a250b992c870 Timestamp: 2026-04-08 18:35:08Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "bucket-retention-lock" for control "CCC.ObjStor.CN03" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Immutability Policy Lock Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:10.1984253Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: a8e4659a-f962-44fa-85a6-12ac926c0000 Correlation ID: f6d6b4ad-3960-4595-afbf-891df83978e0 Timestamp: 2026-04-08 18:35:10Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-default-retention" for control "CCC.ObjStor.CN04" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Default Immutability Policy Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:39:15.6727884Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: a9f0a44e-2c38-4568-b592-9743e1e81100 Correlation ID: dd794153-e0c7-4854-b75c-94e4f01c83e3 Timestamp: 2026-04-08 18:39:15Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-retention-enforcement" for control "CCC.ObjStor.CN04" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Object Retention Enforcement Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:47:22.4276460Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: bd229009-8104-4142-9d16-22b83e160e00 Correlation ID: b2e22624-ae73-4104-9bfe-b3552df72033 Timestamp: 2026-04-08 18:47:22Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "object-storage-versioning" for control "CCC.ObjStor.CN05" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Versioning Configuration: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:47:23.7701422Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: c5501534-9fb7-433d-b264-b1108dee5300 Correlation ID: 5ca64cb6-d458-4410-97e4-09325628e601 Timestamp: 2026-04-08 18:47:23Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "object-storage-tls-policy" for control "CCC.Core.CN01" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Account TLS Policy Check: ⊘ "{result}" is true (skipped)

✗ I attempt policy check "object-storage-unencrypted-policy" for control "CCC.Core.CN01" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Unencrypted Traffic Block Check: ⊘ "{result}" is true (skipped)

✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-encryption" for control "CCC.Core.CN02" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-delete-protection" for control "CCC.Core.CN03" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ I attempt policy check "admin-logging" for control "CCC.Core.CN04" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "data-write-logging" for control "CCC.Core.CN04" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Diagnostic Logging Write Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "data-read-logging" for control "CCC.Core.CN04" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Diagnostic Logging Read Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I attempt policy check "object-storage-block-public-write-access" for control "CCC.Core.CN05" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-cross-tenant-block" for control "CCC.Core.CN05" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-block-public-read" for control "CCC.Core.CN05" assessment requirement "AR04" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-region" for control "CCC.Core.CN06" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "enumeration-monitoring-policy" for control "CCC.Core.CN07" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Enumeration Monitoring Policy Check: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "enumeration-logging-policy" for control "CCC.Core.CN07" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Enumeration Logging Policy Check: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I attempt policy check "object-storage-replication" for control "CCC.Core.CN08" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I attempt policy check "object-storage-replication-status" for control "CCC.Core.CN08" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✗ I attempt policy check "object-storage-access-logging" for control "CCC.Core.CN09" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage Account Diagnostic Logging Configuration: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I attempt policy check "object-storage-replication-destination" for control "CCC.Core.CN10" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I attempt policy check "no-public-access" for control "CCC.ObjStor.CN01" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" ✓ "{result}" is true

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ I call "{storage}" with "CreateObject" using arguments "{ResourceName}", "test-object={Timestamp}.txt", and "test content" ✓ "{result}" is not an error ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR03" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ "{result}" is not an error ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ "{result}" is not an error ✗ I attempt policy check "object-storage-no-public-principals" for control "CCC.ObjStor.CN01" assessment requirement "AR04" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Storage RBAC in Use: ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "uniform-bucket-level-access" for control "CCC.ObjStor.CN02" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Uniform Access Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:06.8631348Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: ab09e371-d8db-4951-abad-bc2c234a2e00 Correlation ID: b567dbef-fa9d-4a57-aa5a-004ad8939956 Timestamp: 2026-04-08 18:35:06Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "bucket-soft-delete" for control "CCC.ObjStor.CN03" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Soft Delete Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:08.7540070Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: 741de93f-4a6c-4004-8d16-6b5b8c62a200 Correlation ID: 42c75dce-6be7-403c-be9d-a250b992c870 Timestamp: 2026-04-08 18:35:08Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "bucket-retention-lock" for control "CCC.ObjStor.CN03" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Immutability Policy Lock Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:35:10.1984253Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: a8e4659a-f962-44fa-85a6-12ac926c0000 Correlation ID: f6d6b4ad-3960-4595-afbf-891df83978e0 Timestamp: 2026-04-08 18:35:10Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-default-retention" for control "CCC.ObjStor.CN04" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Default Immutability Policy Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:39:15.6727884Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: a9f0a44e-2c38-4568-b592-9743e1e81100 Correlation ID: dd794153-e0c7-4854-b75c-94e4f01c83e3 Timestamp: 2026-04-08 18:39:15Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ I call "{api}" with "GetServiceAPI" using argument "iam" ✓ I refer to "{result}" as "iamService" ✗ I attempt policy check "object-retention-enforcement" for control "CCC.ObjStor.CN04" assessment requirement "AR02" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Object Retention Enforcement Check: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:47:22.4276460Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: bd229009-8104-4142-9d16-22b83e160e00 Correlation ID: b2e22624-ae73-4104-9bfe-b3552df72033 Timestamp: 2026-04-08 18:47:22Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✗ I attempt policy check "object-storage-versioning" for control "CCC.ObjStor.CN05" assessment requirement "AR01" for service "{ServiceType}" on resource "{ResourceName}" and provider "{Provider}" - Error: policy check failed: Azure Blob Versioning Configuration: query execution failed: exit status 1 Output: ERROR: AADSTS700024: Client assertion is not within its valid time range. Current time: 2026-04-08T18:47:23.7701422Z, assertion valid from 2026-04-08T17:37:53.0000000Z, expiry time of assertion 2026-04-08T17:42:53.0000000Z. Review the documentation at https://learn.microsoft.com/entra/identity-platform/certificate-credentials . Trace ID: c5501534-9fb7-433d-b264-b1108dee5300 Correlation ID: 5ca64cb6-d458-4410-97e4-09325628e601 Timestamp: 2026-04-08 18:47:23Z Run the command below to authenticate interactively; additional arguments may be added as needed: az logout az login ⊘ "{result}" is true (skipped)

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required

✓ a cloud api for "{Instance}" in "api" ✓ I call "{api}" with "GetServiceAPI" using argument "object-storage" ✓ I refer to "{result}" as "storage" ✓ no-op required