Merge pull request #2672 from CESANU/docs-editor/recommendations-reference-data-1774770384

Update recommendations-reference-data.md

Author: prmerger-automator[bot]

articles/defender-for-cloud/recommendations-reference-data.md

@@ -1925,6 +1925,28 @@ Even with key owner precautions, keys can be easily leaked by less than optimum
 
 **Severity**: High
 
+### Geo-redundant backups should be enabled for PostgreSQL Servers
+
+**Description**:   
+__What is geo-redundant backup?__ Geo-redundant backup replicates server backups to a paired Azure region, providing resilience against regional failures.
+
+__Why is it a security concern?__ If geo-redundant backups are disabled, a regional outage could result in data loss and extended downtime, impacting availability and compliance.
+
+__How could attackers exploit it or how could it lead to data breaches?__ While not directly exploitable, lack of geo-redundancy increases the impact of disasters or targeted attacks on a single region.
+
+**Severity**: Low
+
+### require_secure_transport should be set to “on” for Azure Database for PostgreSQL Servers
+
+**Description**:   
+__What is require_secure_transport?__ require_secure_transport is a server-level parameter that enforces the use of SSL/TLS for all client connections to PostgreSQL. When set to on, clients must connect using encrypted channels.
+
+__Why is it a security concern?__ If this setting is disabled (off), clients may connect over unencrypted channels, exposing sensitive data such as credentials, queries, and results to interception or manipulation.
+
+__How could attackers exploit it or how could it lead to data breaches?__ An attacker on the network could perform a man-in-the-middle attack, intercepting or altering data exchanged between the client and server if encryption is not enforced.
+
+**Severity**: High
+
 ## Related content
 
 - [Learn about security recommendations](security-policy-concept.md)