last sync: 2020-Aug-05 13:05:29 UTC

Azure Policy

Automation account variables should be encrypted

Policy DisplayName Automation account variables should be encrypted
Policy Id 3657f5a0-770e-44a3-b44e-9431ba1e9735
Policy Category Automation
Policy Description It is important to enable encryption of Automation account variable assets when storing sensitive data
Policy Mode All
Policy Type BuiltIn
Policy in Preview FALSE
Policy Deprecated FALSE
Policy Effect Default: Audit
Allowed: (Audit,Deny,Disabled)
Roles used none
Policy Changes no changes
Used in Policy Initiative(s)
Initiative DisplayName Initiative Id
Enable Monitoring in Azure Security Center 1f3afdf9-d0c9-4c3d-847f-89da613e70a8
UK OFFICIAL and UK NHS 3937f550-eedd-4639-9c5e-294358be442e
[Preview]: SWIFT CSP-CSCF v2020 3e0c67fc-8c7c-406c-89bd-6b6bdc986a22
[Preview]: Azure Security Benchmark 42a694ed-f65e-42b2-aa9e-8052e9740a92
PCI v3.2.1:2018 496eeda9-8f2f-4d5e-8dfd-204f0a92ed41
ISO 27001:2013 89c6cddc-1c73-4ac1-b19c-54d1a15a42f2
Policy Rule
{
  "properties": {
    "displayName": "Automation account variables should be encrypted",
    "policyType": "BuiltIn",
    "mode": "All",
    "description": "It is important to enable encryption of Automation account variable assets when storing sensitive data",
    "metadata": {
      "version": "1.1.0",
      "category": "Automation"
    },
    "parameters": {
      "effect": {
        "type": "String",
        "metadata": {
          "displayName": "Effect",
          "description": "The effect determines what happens when the policy rule is evaluated to match"
        },
        "allowedValues": [
          "Audit",
          "Deny",
          "Disabled"
        ],
        "defaultValue": "Audit"
      }
    },
    "policyRule": {
      "if": {
        "allOf": [
          {
            "field": "type",
            "equals": "Microsoft.Automation/automationAccounts/variables"
          },
          {
            "field": "Microsoft.Automation/automationAccounts/variables/isEncrypted",
            "notEquals": "true"
          }
        ]
      },
      "then": {
      "effect": "[parameters('effect')]"
      }
    }
  },
  "id": "/providers/Microsoft.Authorization/policyDefinitions/3657f5a0-770e-44a3-b44e-9431ba1e9735",
  "type": "Microsoft.Authorization/policyDefinitions",
  "name": "3657f5a0-770e-44a3-b44e-9431ba1e9735"
}