Source | Azure Portal | |||||||||||||||||||||
Display name | [Deprecated]: SQL servers should use customer-managed keys to encrypt data at rest | |||||||||||||||||||||
Id | 0d134df8-db83-46fb-ad72-fe0c9428c8dd | |||||||||||||||||||||
Version | 2.0.1-deprecated Details on versioning |
|||||||||||||||||||||
Versioning |
Versions supported for Versioning: 1 2.0.1 (2.0.1-deprecated) Built-in Versioning [Preview] |
|||||||||||||||||||||
Category | SQL Microsoft Learn |
|||||||||||||||||||||
Description | This policy is deprecated. Please use /providers/Microsoft.Authorization/policyDefinitions/0a370ff3-6cab-4e85-8995-295fd854c5b8 instead. | |||||||||||||||||||||
Cloud environments | AzureCloud = true AzureUSGovernment = unknown AzureChinaCloud = unknown |
|||||||||||||||||||||
Available in AzUSGov | Unknown, no evidence if Policy definition is/not available in AzureUSGovernment | |||||||||||||||||||||
Assessment(s) |
Assessments count: 1 Assessment Id: 1a93e945-3675-aef6-075d-c661498e1046 DisplayName: [Enable if required] SQL servers should use customer-managed keys to encrypt data at rest Description: Using customer-managed keys for encrypting data at rest provides increased transparency, control, and security. This is not assessed by default and should only be applied when required by compliance or restrictive policy requirements. If not enabled, the data will be encrypted using platform-managed keys. This is particularly relevant for organizations with related compliance requirements. To implement this, update the 'Effect' parameter in the Security Policy for the applicable scope. Remediation description: To configure your own encryption key for SQL Server Transparent Data encryption: 1. Select the SQL server. 2. On the Transparent data encryption page, select Customer-managed key. 3. For Key selection method, choose Select a key or Enter a key identifier if you have one. 4. If you chose Select a key, configure the desired Key vault and Key. For more information, see this article: https://docs.microsoft.com/azure/sql-database/transparent-data-encryption-byok-azure-sql Categories: Data Severity: Low preview: True |
|||||||||||||||||||||
Mode | Indexed | |||||||||||||||||||||
Type | BuiltIn | |||||||||||||||||||||
Preview | False | |||||||||||||||||||||
Deprecated | True | |||||||||||||||||||||
Reference |
Reference to 1 related Policy definition (taken from description) SQL servers should use customer-managed keys to encrypt data at rest (0a370ff3-6cab-4e85-8995-295fd854c5b8) |
|||||||||||||||||||||
Effect | Default AuditIfNotExists Allowed AuditIfNotExists, Disabled |
|||||||||||||||||||||
RBAC role(s) | none | |||||||||||||||||||||
Rule aliases | THEN-ExistenceCondition (2)
|
|||||||||||||||||||||
Rule resource types | IF (1) |
|||||||||||||||||||||
Compliance | Not a Compliance control | |||||||||||||||||||||
Initiatives usage | none | |||||||||||||||||||||
History |
|
|||||||||||||||||||||
JSON compare |
compare mode:
version left:
version right:
|
|||||||||||||||||||||
JSON |
|