AzPolicyAdvertizer

last sync: 2025-Jul-07 17:23:16 UTC

Storage Account - Customer Managed Keys Blob and File Storage DENY

Community Policy definition

Source Repository Community-Policy GitHub
JSON Community-Policy GitHub
Deploy policy 127e4a87-dcbb-40d9-92d3-0082e73542de (1.0.0) to Azure
Display name Storage Account - Customer Managed Keys Blob and File Storage DENY
Id 127e4a87-dcbb-40d9-92d3-0082e73542de
Version 1.0.0
Details on versioning
Category Storage
Microsoft Learn
Description This Azure Policy denies the deployment of an Azure Storage Account when the 'Encryption type' setting is not set to 'Customer-managed keys'.
Mode All
Type Custom Community
Effect Default
Audit
Allowed
Deny, Audit, Disabled
RBAC role(s) none
Rule aliases IF (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Storage/storageAccounts/encryption.keySource Microsoft.Storage storageAccounts properties.encryption.keySource True False
Rule resource types IF (1)
Microsoft.Storage/storageAccounts
JSON
EPAC
Deploy policy 127e4a87-dcbb-40d9-92d3-0082e73542de (1.0.0) to Azure