turbot/azure_compliance

Control: Unattached Compute disks should be encrypted with ADE/CMK

Description

This policy identifies the disks which are unattached and are encrypted with default encryption instead of ADE/CMK. Azure encrypts disks by default Server-Side Encryption (SSE) with platform-managed keys [SSE with PMK]. It is recommended to use either SSE with Azure Disk Encryption [SSE with PMK+ADE] or Customer Managed Key [SSE with CMK] which improves on platform-managed keys by giving you control of the encryption keys to meet your compliance need.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.compute_disk_unattached_encrypted_with_cmk

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.compute_disk_unattached_encrypted_with_cmk --share

SQL

This control uses a named query:

compute_disk_unattached_encrypted_with_cmk

Tags