{"results":[{"id":"acr-admin-account-disabled-by-default","text":"The ACR admin account is disabled by default, has two independently regenerable passwords, and is not recommended for production or multi-user scenarios.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-admin-account-disabled-by-default-two-passwords","text":"ACR admin account is disabled by default, provides full push/pull access, has two independently regenerable passwords, and is not recommended for production or multi-user scenarios.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-admin-password-regen-60-seconds","text":"ACR admin account password regeneration takes approximately 60 seconds to replicate.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-admin-password-regeneration-60-seconds","text":"Password regeneration for ACR admin accounts takes approximately 60 seconds to replicate.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-all-transfers-https-tls","text":"All ACR image transfers use HTTPS with TLS encryption.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-api-rate-limits-per-replica","text":"ACR API rate limits (throttling) apply independently per geo-replica, not globally across the registry.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-auth-entra-service-principal-admin","text":"ACR authentication options are Azure identity, Microsoft Entra service principal, or admin account; all image transfers use HTTPS with TLS.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-auth-token-valid-3-hours","text":"The access token from `az acr login` is valid for 3 hours and must be renewed.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-authentication-entra-service-principal-admin","text":"ACR authentication options are Azure identity, Microsoft Entra service principal, or admin account.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-best-practice-same-region-as-deployments","text":"Best practice is to create an ACR registry in the same Azure region as deployment targets for network-close storage and reduced latency.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-content-trust-premium-only","text":"Content trust (image tag signing) in ACR is a Premium-only feature.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-dedicated-resource-group-recommended","text":"ACR registries should be placed in a dedicated resource group to avoid accidental deletion when cleaning up container host resources.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-disabled-replica-still-syncs-and-costs","text":"Disabling `--region-endpoint-enabled` on an ACR geo-replica excludes it from global routing but data still syncs and storage costs still accrue.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-docker-command-env-var-alternative-tools","text":"The `DOCKER_COMMAND` environment variable can be set to switch `az acr login` to alternative container tools like podman.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-docker-command-env-var-podman","text":"The `DOCKER_COMMAND` environment variable can be set to switch `az acr login` to use alternative container tools like `podman`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-expose-token-username-all-zeros","text":"When using `az acr login --expose-token`, the username for `docker login` is the all-zeros GUID `00000000-0000-0000-0000-000000000000`.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-five-authentication-methods","text":"ACR supports five authentication methods: individual Microsoft Entra identity, service principal, managed identity, admin user, and non-Microsoft Entra token-based permissions.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-geo-api-rate-limits-per-replica","text":"ACR API rate limits (read/write throttling) apply independently to each geo-replica.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-geo-home-region-outage-blocks-property-changes","text":"During an ACR home region outage, push/pull still works via other geo-replicas, but registry property modifications are blocked until the home region recovers.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null},{"id":"acr-geo-replica-zone-redundancy-auto-enabled","text":"Zone redundancy is automatically enabled for ACR geo-replicas in regions that support it.","truth_value":"IN","justification_count":0,"dependent_count":0,"challenges":[],"last_reviewed":null,"review_result":null}],"count":146,"limit":20,"offset":0}